beta

Subscribe to all “beta” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Security overview’s new risk and coverage views provide greater visibility into your security posture and risk analysis.

Each new view offers a refreshed design with several key improvements, including insights and dynamic filtering.

Coverage view

The coverage view gives visibility into enablement across all repositories. On the coverage view, you can:

  • See counts and percentages of repositories with GitHub security features enabled or disabled, which update when you apply filters
  • Track enablement for additional security features, including secret scanning push protection, Dependabot security updates, and code scanning pull request alerts.

security-tab-coverage-page

Risk view

The coverage view is complimented by a new risk view that gives visibility into all alerts across these repositories.
On the risk view, you can:

  • See counts and percentages of repositories with security vulnerabilities, which also update when you apply filters
  • See open alerts segmented by severity for both Dependabot and code scanning.

security-tab-risk-page

Both views are now available as a public beta. In the coming weeks, we will deprecate the overview in favor of these two new views.

Learn more about the new risk and coverage views and send us your feedback

See more

GitHub now supports the use of GitHub Codespaces with JetBrains IDEs via the JetBrains Gateway. After downloading the JetBrains Gateway and installing the GitHub Codespaces plugin, users will be able to connect to their codespaces with the JetBrains IDE of their choice.

jb-gateway

Once connected, users can leverage the full power of JetBrains' IDEs in the cloud: fast, accurate code completion; integrated run and debug configurations; and unparalleled code navigation tools. Rather than needing to install each IDE on a developer machine, using GitHub Codespaces with JetBrains IDEs enables the use of any JetBrains IDEs in the cloud.

jetbrains-image

The beta supports connectivity to a codespace, private port forwarding, and a fully featured code editing experience in the following IDEs:

  • IntelliJ IDEA
  • PyCharm
  • WebStorm
  • GoLand
  • RubyMine
  • PHPStorm

Additional IDE support, codespace management tools (e.g. creation, deletion, changing the machine type), and better support for Development Container creation will be added as the beta progresses.

In order to connect to a codespace via the JetBrains Gateway, users will need the following:

Check out the documentation to learn more and get started.
For feedback or questions, create an issue in this repository and we will get back to you.

See more

GitHub is excited to announce support for using GitHub Codespaces with JupyterLab. JupyterLab is the next-generation user interface for Project Jupyter offering all the familiar building blocks of the classic Jupyter Notebook (notebook, terminal, text editor, file browser, rich outputs, etc.) in a flexible and powerful user interface.

JupyterLab in a Codespace

Using GitHub Codespaces with JupyterLab combines the delightful notebook editing, data exploration, and narrative building experiences of JupyterLab with the power, standardization, and simplicity of a codespace.

You can open any codespace in JupyterLab via the repository page or the GitHub CLI:

open in JupyterLab examples

You can also set JupyterLab as your preferred editor, enabling single click access to codespaces via JupyterLab:

set JupyterLab as default editor

JupyterLab support is even more powerful when combined with GPU-powered codespaces. Though GPU access is not yet generally available, you can request early access here.

Click here to learn more about GitHub Codespaces support for Machine Learning and AI, or jump straight into our template repository and try it out!

See more

GitHub Advanced Security customers can now see an overview of code scanning alerts at the enterprise level. This page provides a repo-centric view of application security risks, as well as an alert-centric view of all secret scanning, Dependabot and now code scanning alerts. This view is beta and will be followed in the coming weeks with an enterprise level REST API to retrieve code scanning alerts.

Code scanning alerts at the enterprise level

Learn more about security overview
Learn more about GitHub Advanced Security

See more

GitHub Advanced Security customers can now see an overview of Dependabot alerts at the enterprise level. This page provides a repo-centric view of application security risks, as well as an alert-centric view of all secret scanning and now Dependabot alerts. The views are in beta and will be followed in the coming months by alert-centric views for code scanning.

Dependabot alerts at the enterprise level

Learn more about security overview
Learn more about GitHub Advanced Security

See more

GitHub Advanced Security customers can now view an overview of security alerts at the enterprise level. The new "Security" tab at the enterprise level provides a repo-centric view of application security risks, as well as an alert-centric view of all secret scanning alerts. Both views are in beta, and will be followed in the coming months by alert-centric views for code scanning and Dependabot alerts.

Security overview at the enterprise level

Learn more about security overview
Learn more about GitHub Advanced Security

See more

Organizations can now grant teams permission to manage security alerts and settings on all their repositories. The "security manager" role can be applied to any team and grants the team's members the following permissions:

  • Read access on all repositories in the organization
  • Write access on all security alerts in the organization
  • Access to the organization-level security tab
  • Write access on security settings at the organization level
  • Write access on security settings at the repository level

Security manager configuration

Learn more about the security manager role

See more

Issues submitted to open source projects often lack important information. Markdown issue templates can help by providing text that contributors can remove and replace with their own input – but sometimes contributors can miss details or get confused.

New, YAML configured issue forms enable maintainers to build structured forms with required fields and easy-to-follow steps so that they can capture every important detail.

User submits an issue via issue forms.

Issue forms are now available in beta for all publicly accessible repositories.

Learn more about issue forms and send us your feedback.

See more

GitHub Issues banner image

Today we are announcing new beta features within GitHub Issues, with better ways to plan, track, and manage projects.

Read more on the GitHub Issues page or in the FAQ.

✨ NEW – Project planning for developers

Available in limited public beta

Built like a spreadsheet, project tables give you a live canvas to filter, sort, and group issues and pull requests. Tailor them to your needs with custom fields and saved views. Sign up for the beta now.

  • Prioritize your work across repositories with a new spreadsheet-like table
  • Extend issues with custom fields with support for text, number, date and single-select types
  • Change custom field values right from the issues sidebar
  • Filter, sort, and group by any field
  • Instantly switch between project tables and boards
  • Save your view options to share with your team
  • Build custom workflows with a GraphQL API to access project issues and metadata
  • Use cmd + k to bring up a command palette that lets you filter, sort, group, and manage views

✨ NEW – Break issues into actionable tasks

Available in public beta

When lists of tasks are created in markdown and referenced in another issue, this will now create a dynamic relationship that helps you break down your work and track it to completion. Convert text into issues quickly after brainstorming ideas with your team, and stay up to date on progress now that tracked issues are automatically checked off when closed.

  • Create task lists of issues and pull requests
  • Quickly convert text into issues
  • Track status of tasks with progress indicators
  • See which issues another issue is being tracked in
  • Automatically update the status of a task when the tracked issue is closed

View the progress of your issues and see how work is related with task lists

📣 Got feedback?

Join our feedback community and let us know how we can improve.

See more

The new security overview for organizations and teams – which provides a high-level view of the application security risks a GitHub organization is exposed to – is now in beta for all GitHub Advanced Security customers on GitHub Enterprise Cloud.

Security overview

With the new security overview GitHub Advanced Security customers now have a single place to see the application security risks detected by code scanning, Dependabot, and secret scanning. The security overview shows both these known security risks as well as where you have unknown risks because security features haven’t been configured.

Learn more about security overview
Learn more about GitHub Advanced Security

See more

Dependency review, in beta, helps you review dependency changes in your pull requests. But how do you find your package manifests amongst all the other files? Now you can filter the files in pull requests to see just the package manifests:

Screenshot of pull request manifest filter

What if you don’t have a pull request at all? Now you can review dependency changes between any two commits, such as:

  • During the creation of a pull request,
  • When comparing two branches, tags, or specific commits, and
  • When viewing the history of a package manifest.

GIF of dependency review on commit diff

Learn more about reviewing dependency changes in pull requests.

See more

Dependabot can now access dependencies from authenticated private registries, such as GitHub Packages, Azure Artifacts, and Artifactory. These private registries are similar to their public equivalents, but they require authentication and are only available to members of your team or company. With this release, Dependabot version updates can help keep inner source as up-to-date as open source.

To enable this feature, add a registries section to your dependabot.yml, reference your new registries in the relevant updates, and add any secrets to Dependabot’s secret store. For example, here’s how to use GitHub Packages with Dependabot:

registries:
  npm-ghp-octocat:
    type: npm-registry
    url: https://npm.pkg.github.com
    token: ${{secrets.GITHUB_PERSONAL_ACCESS_TOKEN}} # make sure to store this in your Dependabot secrets!

updates:
    package-ecosystem: npm
    directory: "/"
    registries: 
      - npm-ghp-octocat
    schedule:
      interval: daily

This complements your ability to give Dependabot version updates access to private repositories, which is common for ecosystems like go modules and npm.

Learn more about Dependabot version updates

To see what’s next for Dependabot, visit the public roadmap

See more