Expanded flexibility and control for managing the security manager role

For organization owners, managing the security manager role is now easier and more flexible. These updates empower you to tailor security responsibilities and streamline role assignments to fit your needs:

  1. Assign the security manager role to individual users: The security manager role can now be assigned directly to individual users, in addition to teams. This added flexibility ensures security responsibilities are allocated precisely where needed.
  2. Streamlined role management in organization settings: Security manager assignment and configuration is now part of Settings > Organization roles at the organization level. This relocation centralizes and simplifies role management, making it intuitive to oversee security managers alongside other organizational roles.

Security manager assignment modal on the Organization roles - Role assignments page

Building on recent improvements

The addition of custom organization roles with repository permissions takes flexibility to the next level. With these updates, you can customize security roles to balance the right level of responsibility and access for your team. Here’s how you can leverage these features to meet your specific requirements:

  1. Craft a security manager role with fewer permissions: The addition of repository permissions to custom organization roles means you can build custom security roles with a subset of security manager permissions, such as:
    • View secret scanning
    • Dismiss secret scanning
    • View code scanning
    • Dismiss code scanning
    • Delete code scanning analyses
    • View Dependabot alerts
    • Dismiss Dependabot alerts

    This lets you assign security responsibilities without granting the full access of a security manager role.

  2. Expand the security manager role with additional permissions: Using custom organization roles, you can enhance the security manager role by adding additional organization-level or repository-specific permissions. For example, you can grant audit log access or other highly requested capabilities to create a tailored role that fits your team’s specific needs.

User with security manager role and custom auditor role assigned

These updates are now generally available on GitHub Enterprise Cloud and will be included in GitHub Enterprise Server 3.16.

Learn more about the security manager role, custom organization roles and send us your feedback

CSV export for enterprise-level security overview

You can now export security data for offline analysis, reporting, and archival purposes on the enterprise-level security overview pages. This includes:

  • Enterprise-level overview dashboard: Export alert-level data for all your scanning tools—including third-party scanning tools.
  • Enterprise-level risk page: Export repository-level data with aggregated counts of security alerts per repository for code scanning, Dependabot, and secret scanning.
  • Enterprise-level coverage page: Export repository-level data showing the enablement state for all Dependabot, code scanning, and secret scanning features.

New Export CSV button highlighted on the overview dashboard on the Security tab at the enterprise level

Just like at the organization level, exports will respect all filters you’ve applied to the page, making it easy to for you to tailor downloads to your specific needs. Whether you’re focused on enterprise-wide insights or repository-level details, the data is now at your fingertips.

You can download all data where you have an appropriate level of access.

Learn more about security overview and send us your feedback

See more

What’s New in Mobile, November Update

The image has a dark background, and two gradient-filled squares positioned off-canvas from the top-right. The foreground text says "What's New in GitHub Mobile" followed by a description of the November Update.

This update includes several key improvements: Copilot Chat on Mobile now includes beta supports for Copilot Extensions, iOS users can enjoy three new app icons in celebration of Universe, and Android users can pin their favorite repositories to the home screen.

With Copilot Extensions on Mobile, developers can extend Copilot’s capabilities on the go, integrating third-party tools, automating tasks, and receiving personalized code suggestions.

Image

iOS

What’s new

  • GitHub Copilot Extensions are in beta.
  • In celebration of Universe this year, we added 3 new app icons: Copilot, Nova Mona, and Quack. Head to Settings to choose your favorite.

Bug fixes

  • The more button in Copilot chat shows the three most recent conversations.
  • See contributors of a repository in the Explore tab with keyboards.
  • Select multiple code lines to add a review comment with keyboards.
  • Voiceover announces file status when jumping to a file while reviewing a pull request.
  • Entering the required inputs of a dispatched workflow correctly enables the Run Workflow button.
  • The settings button on iPad maintains its aspect ratio when the username is long.
  • Links to relative images within Markdown which include query parameters render the image without error.

Android

What’s new

  • GitHub Copilot Extensions are in beta.
  • Pin your favorite repositories directly to your device’s home screen.

Bug fixes

  • Checkboxes in the Files Changed screen now show the correct state when scrolling.
  • Relative images within Markdown files are now rendering correctly in all cases.
  • Longer Discussions now indicate page loading.
  • Improving accessibility for Feed headers.
  • More accurate TalkBack descriptions in trending repositories.
  • Color contrast improvements for Pull Request merge options.
See more
View all changes