Enable secret scanning for non-provider patterns for enterprises with the REST API

GitHub Advanced Security customers using secret scanning can now use the REST API to enable or disable support for non-provider patterns at the enterprise level. This enables you to manage your enterprise settings programatically.

The following endpoints have been updated:
Get code security and analysis features for an enterprise: check if non-provider patterns are enabled for the enterprise
Update code security and analysis features for an enterprise: enable or disable non-provider patterns for all new repositories in an enterprise
Enable or disable a security feature: enable or disable non-provider patterns for all existing repositories in an enterprise

Non-provider patterns scans for token types from generic providers, like private keys, auth headers, and connection strings.

Learn more about secret scanning and non-provider patterns.

Secret scanning indicates known public leaks and duplicate alerts for private exposures (public beta)

To help you triage and remediate secret leaks more effectively, GitHub secret scanning now indicates if a secret detected in your repository has also leaked publicly with a public leak label on the alert. The alert also indicates if the secret was exposed in other repositories across your organization or enterprise with a multi-repo label.

These labels provide additional understanding into the distribution of an exposed secret, while also making it easier to assess an alert’s risk and urgency. For example, a secret which has a known associated exposure in a public location has a higher likelihood of exploitation. Detection of public leaks is only currently supported for provider-based patterns.

The multi-repo label makes it easier to de-duplicate alerts and is supported for all secret types, including custom patterns. Both indicators apply only for newly created alerts.

In the future, GitHub will surface locations of the known public leak, as well as repository names with duplicate alerts. This metadata will also be surfaced via the REST API and webhooks.

Learn more

Learn more about how to secure your repositories with secret scanning. Let us know what you think by participating in a GitHub community discussion or signing up for a 60 minute feedback session.

See more

New commit details page (public beta)

A new version of the commit details page is now available in public beta!

This new page, which is enabled by default, lets you quickly understand and navigate the changes in a commit with improvements to filtering, commenting, and keyboard navigation.

Screen shot of the new commit details page that shows the metadata about the commit, a file tree showing the 3 files changed by the commit, diff snippets for each of the changed files, and a floating comment

What’s new 🎉

Here are a few of the noteworthy changes:

  • Floating comments: Code comments float over the diff when selected. To select, click on the commenter’s avatar to the right of the line.
  • Comment counts: To help you identify files with comments, the number of comments for a file now appears in the file tree.
  • Keyboard navigation within diffs: You can now navigate around changed lines in the diff using the up and down keys on your keyboard. A new context menu also makes it easier to comment, copy, and select.
  • Quick view switching: Switching between unified and split views no longer reloads the page.
  • Filter by file extension: Easily filter changed files by file extension in the diff to see the content most relevant to you.
  • Filtered out diffs hidden: When filtering the file tree, diffs are filtered as well, allowing you to reduce distraction and see the files you care about most.

Next steps 📣

To give feedback, ask questions, or report a bug join us in the feedback discussion.

To opt out of the preview, go the Feature Preview dialog on your profile, select New Commit Details Page, and click Disable.

To learn more about viewing commits, see About commits.

See more
View all changes