GitHub Enterprise Server (GHES) 3.17 enhances deployment efficiency, monitoring capabilities, code security, and policy management. Here are a few highlights in the 3.17 release:

  • GitHub Advanced Security (GHAS) is now available as two standalone security products: GitHub Secret Protection and GitHub Code Security. Existing GitHub Advanced Security customers with subscription-based plans can choose to transition when they renew. Customers with pay-as-you-go, metered-based plans can transition at any time. Please reach out to your GitHub or Microsoft sales account team for details. See the secret protection and code security changelog and our unbundling docs for more information.

  • System for Cross-domain Identity Management (SCIM), a popularly requested enterprise identity management feature, is now generally available! SCIM is a leading standard for user lifecycle management in SaaS applications. Enterprise administrators can configure SCIM for their GHES instance, which supports automatic provisioning of new user accounts and groups through our SCIM API. For more details, see SCIM.

  • An enterprise account is now supported as an owner of GitHub Apps. When an enterprise-owned app is updated to request new permissions, the update is automatically accepted by all the organizations where it’s installed. Previously, GitHub Apps could only be owned by organizations and users, and they could be set to either private or public. For more details, see Enterprise owned GitHub apps.

  • Fine-grained PATs are now generally available. With this release, you can use token lifetime policies at the enterprise account level to control the expiration times of the PATs created by your users. The enterprise policy applies to all user accounts on the instance, but organizations can set more restrictive policies as needed.

  • Developers can now use Dependabot to automatically keep their Docker Compose dependencies and bun dependencies up to date. For projects that use Docker Compose or bun as a package manager, Dependabot version updates can now ensure dependencies stay current with the latest releases. For more details, see dependabot and docker compose and dependabot and bun.

  • We’ve updated the contributors and code frequency repository insight views to improve navigation, allow hiding a series by interacting with the chart legend, and enable viewing and downloading the data as a CSV or PNG. For more details see repository insight views.

  • CodeQL version 2.20.5 has been released and includes a host of coverage improvements, including extended support for C# 13 and new detection capabilities for Java and GitHub Actions workflow files. For more details, see CodeQL version 2.20.5.

  • Ruleset history, import, and export are now generally available. Import and export make it easy to share and reuse rulesets. History allows administrators to easily track and rollback changes in the ruleset UI and API. For more details, see ruleset management.

  • You can now restrict pushes into your private and internal repositories and their forks with push rules. Push rules are a new type of ruleset that allow you to restrict updates to sensitive files, such as actions workflows. They help enforce code hygiene by keeping unwanted objects out of your repositories. In addition, organization owners can now allow repository property values to be set when repositories are created. This ensures appropriate rules are enforced from the moment of creation and improves discoverability of new repositories. For more details, see push rules.

  • GitHub Enterprise Server Backup Service is now available within the appliance. Today, customers use backup-utils, an open-source system you install on a separate host, which takes backup snapshots of GHES data at regular intervals over a secure SSH network connection. With the new backup service, there is no need to run a separate host for backing up data. The backup service is in public preview. For more information, see GitHub Enterprise Server backup service.

Release candidates are a way for you to try the latest features early. They also help us gather feedback to ensure the release works in your environment. Read more about the release candidate process. To learn more about GHES 3.17, check out the release notes, or download the 3.17 release candidate now.

If you have any feedback or questions about the release candidate, please contact our support team.