Enterprise audit logs can be streamed to two endpoints (private beta)

You can now stream your Enterprise’s audit log to two of GitHub’s supported streaming endpoints.

This update allows you as an Enterprise owner to easily employ your choice of tools for log storage and analysis. When managing your Enterprise, you may need to employ multiple tools to ensure compliance and maintain a strong security posture. This can involve different teams, requiring different levels of access, employing different technology to accomplish their objectives in supporting your Enterprise’s security and compliance requirements. By streaming your audit logs to two endpoints, you can employ multiple log storage and analysis tools without the need for a complex log routing architecture or deal with increased latency.

Interested in signing up? Please reach out to your GitHub account manager or contact our sales team to have this feature enabled for your Enterprise. Once enabled, you can follow our documents setting up audit log streaming to set up a second stream.

GitHub Actions: arm64 Linux and Windows runners are now generally available

Arm64 Linux and Windows GitHub-hosted runners for Actions are now generally available. This new addition to our suite of hosted runners provides power, performance & sustainability improvements for all your Actions jobs. Arm64 runners are available to customers on our Team and Enterprise Cloud plans.

“We switched to the GitHub arm64 runners from a custom, self-managed setup on AWS Graviton instances. Switching to GitHub runners has saved us over 75% on our monthly fees and removed all the management overhead, which is particularly important given we’re a seed stage startup. The ARM runners have significantly improved build times from over 30 minutes on x86 runners to around 4 minutes on ARM. This allows us to iterate on pull requests much faster, and run the build process for ARM and x86 in parallel as part of the same GitHub Actions workflow, simplifying the process of getting code to production for our development team.” -David Mytton, Founder, Arcjet

Head over to the GitHub blog to read more about the benefits of arm64 runners and how to get started.

See more

Add repository permissions to custom organization roles

You can now add repository permissions to custom organization roles, granting a specific level of access to all the repositories in your organization.

This builds on the release of organization-wide permission grants in GitHub’s pre-defined organization roles. These updates enable admins to easily scale access management across large teams and organizations.

Creating a custom organization role using the new repository permissions. The role is based on the Write base role, and adds 3 permissions - delete issues, request solo merge, and update repo properties

Using repository permissions in organization roles

Organization roles do not have to contain organization permissions (i.e. read_org_audit_log) in order to include a repository role and permissions (i.e. close_issue). This lets you create your own versions of the pre-defined organization base roles like Write or Triage, assigning those roles to everyone in your organization to ensure a set standard of access that matches your requirements.

A popular use case is to create elevated roles for your on-call rotation. For instance, a role based on Write with the “Jump the merge queue” and “Request a solo merge” repository permissions added so that your on-call team can get that fixed quickly. Using the APIs you can automate assignment of this role to your current on-call, granting them those elevated permissions as a break-glass or shift-based privilege.

Managing repository access

Both the UI for organization role creation and the REST API have been updated to support repository permissions.

In addition, we’ve updated the repository access management page to distinguish between access granted by the repository owner to a user or team versus organization-wide grants made by the organization owner. This helps explain how a user got access to a specific repository.

The new repository collaborators view, showing the organization based access.

For more information, see GitHub’s documentation as well as the REST API methods for automating role creation and assignment.

See more
View all changes