beta

Subscribe to all “beta” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

GitHub Advanced Security customers can now see an overview of code scanning alerts at the enterprise level. This page provides a repo-centric view of application security risks, as well as an alert-centric view of all secret scanning, Dependabot and now code scanning alerts. This view is beta and will be followed in the coming weeks with an enterprise level REST API to retrieve code scanning alerts.

Code scanning alerts at the enterprise level

Learn more about security overview
Learn more about GitHub Advanced Security

See more

GitHub Advanced Security customers can now see an overview of Dependabot alerts at the enterprise level. This page provides a repo-centric view of application security risks, as well as an alert-centric view of all secret scanning and now Dependabot alerts. The views are in beta and will be followed in the coming months by alert-centric views for code scanning.

Dependabot alerts at the enterprise level

Learn more about security overview
Learn more about GitHub Advanced Security

See more

GitHub Advanced Security customers can now view an overview of security alerts at the enterprise level. The new "Security" tab at the enterprise level provides a repo-centric view of application security risks, as well as an alert-centric view of all secret scanning alerts. Both views are in beta, and will be followed in the coming months by alert-centric views for code scanning and Dependabot alerts.

Security overview at the enterprise level

Learn more about security overview
Learn more about GitHub Advanced Security

See more

Organizations can now grant teams permission to manage security alerts and settings on all their repositories. The "security manager" role can be applied to any team and grants the team's members the following permissions:

  • Read access on all repositories in the organization
  • Write access on all security alerts in the organization
  • Access to the organization-level security tab
  • Write access on security settings at the organization level
  • Write access on security settings at the repository level

Security manager configuration

Learn more about the security manager role

See more

Issues submitted to open source projects often lack important information. Markdown issue templates can help by providing text that contributors can remove and replace with their own input – but sometimes contributors can miss details or get confused.

New, YAML configured issue forms enable maintainers to build structured forms with required fields and easy-to-follow steps so that they can capture every important detail.

User submits an issue via issue forms.

Issue forms are now available in beta for all publicly accessible repositories.

Learn more about issue forms and send us your feedback.

See more

GitHub Issues banner image

Today we are announcing new beta features within GitHub Issues, with better ways to plan, track, and manage projects.

Read more on the GitHub Issues page or in the FAQ.

✨ NEW – Project planning for developers

Available in limited public beta

Built like a spreadsheet, project tables give you a live canvas to filter, sort, and group issues and pull requests. Tailor them to your needs with custom fields and saved views. Sign up for the beta now.

  • Prioritize your work across repositories with a new spreadsheet-like table
  • Extend issues with custom fields with support for text, number, date and single-select types
  • Change custom field values right from the issues sidebar
  • Filter, sort, and group by any field
  • Instantly switch between project tables and boards
  • Save your view options to share with your team
  • Build custom workflows with a GraphQL API to access project issues and metadata
  • Use cmd + k to bring up a command palette that lets you filter, sort, group, and manage views

✨ NEW – Break issues into actionable tasks

Available in public beta

When lists of tasks are created in markdown and referenced in another issue, this will now create a dynamic relationship that helps you break down your work and track it to completion. Convert text into issues quickly after brainstorming ideas with your team, and stay up to date on progress now that tracked issues are automatically checked off when closed.

  • Create task lists of issues and pull requests
  • Quickly convert text into issues
  • Track status of tasks with progress indicators
  • See which issues another issue is being tracked in
  • Automatically update the status of a task when the tracked issue is closed

View the progress of your issues and see how work is related with task lists

📣 Got feedback?

Join our feedback community and let us know how we can improve.

See more

The new security overview for organizations and teams – which provides a high-level view of the application security risks a GitHub organization is exposed to – is now in beta for all GitHub Advanced Security customers on GitHub Enterprise Cloud.

Security overview

With the new security overview GitHub Advanced Security customers now have a single place to see the application security risks detected by code scanning, Dependabot, and secret scanning. The security overview shows both these known security risks as well as where you have unknown risks because security features haven’t been configured.

Learn more about security overview
Learn more about GitHub Advanced Security

See more

Dependency review, in beta, helps you review dependency changes in your pull requests. But how do you find your package manifests amongst all the other files? Now you can filter the files in pull requests to see just the package manifests:

Screenshot of pull request manifest filter

What if you don’t have a pull request at all? Now you can review dependency changes between any two commits, such as:

  • During the creation of a pull request,
  • When comparing two branches, tags, or specific commits, and
  • When viewing the history of a package manifest.

GIF of dependency review on commit diff

Learn more about reviewing dependency changes in pull requests.

See more

Dependabot can now access dependencies from authenticated private registries, such as GitHub Packages, Azure Artifacts, and Artifactory. These private registries are similar to their public equivalents, but they require authentication and are only available to members of your team or company. With this release, Dependabot version updates can help keep inner source as up-to-date as open source.

To enable this feature, add a registries section to your dependabot.yml, reference your new registries in the relevant updates, and add any secrets to Dependabot’s secret store. For example, here’s how to use GitHub Packages with Dependabot:

registries:
  npm-ghp-octocat:
    type: npm-registry
    url: https://npm.pkg.github.com
    token: ${{secrets.GITHUB_PERSONAL_ACCESS_TOKEN}} # make sure to store this in your Dependabot secrets!

updates:
    package-ecosystem: npm
    directory: "/"
    registries: 
      - npm-ghp-octocat
    schedule:
      interval: daily

This complements your ability to give Dependabot version updates access to private repositories, which is common for ecosystems like go modules and npm.

Learn more about Dependabot version updates

To see what’s next for Dependabot, visit the public roadmap

See more