Secret scanning alerts for non-provider patterns and passwords are retrievable with the REST API

Secret scanning alerts for non-provider patterns and generic passwords can now be retrieved using the REST API.

With the “List secret scanning alerts” endpoint for an enterprise, organization, or repository, you can use the query parameter secret_type to request alerts for non-provider patterns or passwords. To retrieve alerts for non-provider patterns, use the “Token” value in this table. To retrieve alerts for passwords, use the value password.

The secret_type parameter can be used to return several secret types, separated by commas: e.g. api.github.com/orgs/ORG/secret-scanning/alerts?secret_type=rsa_private_key,password.

Alerts for non-provider patterns and passwords are not returned by default with the “List secret scanning alerts” endpoint; they must be specifically requested.

Improving GitHub Copilot Completions in VS Code for C++ Developers

GitHub Copilot code completions are autocomplete-stye suggestions that appear inline as you code. Until today, they have used context from your active file and other tabs open in the editor to inform the suggestion that is returned. However, we know that more contextually relevant input leads to better suggestions. Our team has made changes to the C/C++ extension and the GitHub Copilot extension in VS Code to ensure that other relevant C++ context — like available types and methods — are also provided to Copilot completions.

When you use the latest version of the C/C++ extension and the GitHub Copilot extension together in VS Code, directly-referenced header files will be automatically considered when gathering additional context for Copilot completions, even if they’re not open in the editor. This helps to reduce hallucinations and provide more relevant suggestions.

To get started, make sure you’re using the GitHub Copilot extension version 1.205 or later and have an active GitHub Copilot subscription. You’ll also need the C/C++ extension version 1.21 or later with IntelliSense configured correctly. Our team is committed to C++ Copilot support in both Visual Studio and VS Code, and similar support is coming to Visual Studio in Visual Studio 2022 version 17.12.

See more details in the C++ team blog here.

See more

Enterprise Managed User accounts now require email verification

Enterprise managed users (EMUs) must now prove ownership of their email addresses. Existing EMU account email addresses do not have to take this step unless the email address matches one on another GitHub.com account.

Enterprises with EMU accounts that have conflicts have received notification from GitHub regarding specific accounts that have an email address which also exists on another github.com account. Certain 3rd party applications may not work correctly until they have reverified their email address.

New EMU accounts will have their enterprise’s shortcode appended to their email address’s prefix until it is verified, or their administrator changes the email address to another value.

To verify an email address, follow the steps outlined in our documentation. EMU account email addresses are defined by your identity provider, and cannot be changed directly within GitHub. You will need to work with your IdP administrator to change your email address if necessary.

Some users may find that 3rd party GitHub Apps and OAuth apps may not handle the placeholder email correctly, resulting in missing data in these apps. In rare cases, Enterprise Owners may also find that their email provider does not support the “plus addressing” scheme in use. Developers can review our best practices for OAuth and GitHub App implementation, including the use of the id field when storing user reference data so that email address changes are not disruptive to a user’s apps experience.

See more
View all changes