Secret scanning fine-grained permissions for bypasses

You can now grant fine-grained permissions to review and manage push protection bypass requests within your organization.

Anyone with this permission will have the ability to approve and manage the list of bypass requests. You can still also grant these permissions by adding roles or teams to the “Bypass list” in your code security and analysis settings.

Next month, GitHub will be removing custom role support from the bypass list along with this change. To avoid disruption, existing custom roles that were added as bypass reviewers previously will be granted the fine grained permissions to review and manage bypass requests.

Delegated bypasses for secret scanning push protection allow organizations and repositories to control who can push commits that contain secrets. Developers can request approval from authorized users to push a blocked secret.

Learn more

Learn more about how to secure your repositories with secret scanning. Let us know what you think by participating in the dedicated GitHub community discussion or signing up for a 60 minute feedback session.

What’s New in GitHub Sponsors

View all your organization’s Sponsors activity in one place.

It’s now easier for organizations to view GitHub Sponsors related activities in one place. From the Sponsors dashboard you can view your current and past sponsorships, create bulk sponsorships, and view your dependencies. You can search for a specific project or export all of your dependencies to easily find maintainers to sponsor.

Learn more about the Sponsors dashboard.

Share Sponsorships on Social Media

Maintainers and sponsors can share and celebrate sponsorships on social media with a click of a button. Maintainers can connect with their sponsors and share their goals.

Learn more about sharing on social.

See more

Copilot Chat in GitHub.com now can search across GitHub entities

Image

With this change, you can now use natural language within Copilot Chat in GitHub.com to search across GitHub to find commits, issues, pull requests, repositories, and topics.

Try it yourself:
What are the most recent issues assigned to me?
What repos are related to [insert topic]?
What is the most recent PR from @user?

We’ve also made some changes under the hood to make Copilot more efficient with how it stores conversation histories. This means that Copilot can now remember more of the history of your conversation which should result in more informed and reliable responses ✨.

Join the discussion within GitHub Community.

See more
View all changes