Reviewers can add a comment on push protection bypass requests for secret scanning

Reviewers can now add comments to push protection bypass requests in secret scanning. These comments help provide context, explaining the reasoning behind approving or denying a request. Requesters gain clarity on why their request was denied, and other reviewers can better understand why a request was approved or denied.

The comment is included in the response email sent to the requester, as well as in the timeline of the resulting alert, the API, the audit log, and webhook responses.

screenshot of an alert that has bypassed push protection, with a reviewer comment in the timeline

Learn more about how to secure your repositories with secret scanning and push protection bypass controls.

Enhanced CodeQL pull request alerts report

The metrics overview for CodeQL pull request alerts now includes enhanced tracking and reporting mechanisms, resulting in greater accuracy and more CodeQL pull request alerts and Copilot Autofixes displayed on the dashboard.

These changes retroactively affect the dashboard numbers, allowing you to effectively monitor your organization’s security posture.

With these insights, you can proactively identify and address security risks before they reach your default branch. The metrics overview for CodeQL pull request alerts helps you understand how effectively CodeQL prevents vulnerabilities in your organization. You can use these metrics to easily identify the repositories where action is needed to mitigate security risks.

The change is now generally available on GitHub Enterprise Cloud.

Learn more about security overview and code scanning.

See more

GitHub Copilot Extensions now understand context in your environment

context passing example

GitHub Copilot Extensions can now access local context in your editor and github.com to provide you with richer and more tailored responses.

As a developer, you can benefit from context passing when interacting with extensions. Passing context to extensions will continue to maintain security through permission controls set by your administrators and content exclusion rules.

Available contexts by development environment

Environment client.file client.selection github.repository github.current-url Additional contexts
Visual Studio Code ✔️ ✔️ ✔️ X Repository owner and branch
Visual Studio ✔️ ✔️ ✔️ X Repository owner and branch
github.com X X ✔️ ✔️ Repository information and other GitHub resources
GitHub Mobile X X X ✔️ X
JetBrains IDEs X X X X X

Local context is not passed to extensions by default.

Requirements for developers

  • Access to GitHub Copilot Extensions
  • Admin authorization to install on organization-owned repos

Requirements for builders

  • Explicit requests to receive editor context, configured in your GitHub app settings
  • Update your APIs to handle new reference types and account for certain references only being available in certain contexts

Connect with our community in our Discussion Forum, or relay your feedback here.

See more
View all changes