Secret scanning alerts for non-provider patterns and passwords are retrievable with the REST API

August 6, 2024

Secret scanning alerts for non-provider patterns and generic passwords can now be retrieved using the REST API.

With the “List secret scanning alerts” endpoint for an enterprise, organization, or repository, you can use the query parameter secret_type to request alerts for non-provider patterns or passwords. To retrieve alerts for non-provider patterns, use the “Token” value in this table. To retrieve alerts for passwords, use the value password.

The secret_type parameter can be used to return several secret types, separated by commas: e.g. api.github.com/orgs/ORG/secret-scanning/alerts?secret_type=rsa_private_key,password.

Alerts for non-provider patterns and passwords are not returned by default with the “List secret scanning alerts” endpoint; they must be specifically requested.

Learn more about secret scanning or join the discussion in our dedicated Github community post.

Improving GitHub Copilot Completions in VS Code for C++ Developers

August 1, 2024

copilot

GitHub Copilot code completions are autocomplete-stye suggestions that appear inline as you code. Until today, they have used context from your active file and other tabs open in the editor to inform the suggestion that is returned. However, we know that more contextually relevant input leads to better suggestions. Our team has made changes to the C/C++ extension and the GitHub Copilot extension in VS Code to ensure that other relevant C++ context — like available types and methods — are also provided to Copilot completions.

When you use the latest version of the C/C++ extension and the GitHub Copilot extension together in VS Code, directly-referenced header files will be automatically considered when gathering additional context for Copilot completions, even if they’re not open in the editor. This helps to reduce hallucinations and provide more relevant suggestions.

To get started, make sure you’re using the GitHub Copilot extension version 1.205 or later and have an active GitHub Copilot subscription. You’ll also need the C/C++ extension version 1.21 or later with IntelliSense configured correctly. Our team is committed to C++ Copilot support in both Visual Studio and VS Code, and similar support is coming to Visual Studio in Visual Studio 2022 version 17.12.

See more details in the C++ team blog here.

See more See more

Enterprise Managed User account emails are no longer automatically verified

August 1, 2024

March 20, 2025 update

To clarify the exact impact of this change, we’ve updated the title and the wording we used in this changelog. Previously it was titled “Enterprise Managed User accounts now require email verification”.

Enterprise Managed Users (EMUs) no longer have their emails automatically verified. We made this change to prevent unauthorized access and accidental data leaks from third-party GitHub Apps and OAuth applications that may have taken a dependency on the email as the primary identifier.

Existing EMU account email addresses do not have to take this step unless the email address matches one on another GitHub.com account. Enterprises with EMU accounts that have conflicts have received a notification from GitHub listing accounts that have an email address that also exists on another github.com account. Certain third-party applications may not work correctly until they have reverified their email address.

Having an unverified email address does not affect most actions you can take on GitHub, however we strongly recommend email verification to enhance account security. For new EMU accounts created after August 1st, 2024, the enterprise’s shortcode will be temporarily attached to their email prefix until verification is complete or their administrator updates the email address.

To verify an email address, follow the steps outlined in our documentation. EMU account email addresses are defined by your identity provider, and cannot be changed directly within GitHub. You will need to work with your IdP administrator to change your email address if necessary.

Some users may find that 3rd party GitHub Apps and OAuth apps may not handle the placeholder email correctly, resulting in missing data in these apps. In rare cases, Enterprise Owners may also find that their email provider does not support the “plus addressing” scheme in use. Developers can review our best practices for OAuth and GitHub App implementation, including the use of the id field when storing user reference data so that email address changes are not disruptive to a user’s apps experience.

See more See more

View all changes