04/2024

Say goodbye to unwanted files cluttering your repos, like *.jar or *.so. And limit who can make updates to sensitive files like your Actions workflows with the public beta of…

The CodeQL for Visual Studio Code documentation is now on docs.github.com. This migrates the content from https://codeql.github.com/docs/codeql-for-visual-studio-code and provides a consistent, single-site experience with improved text, descriptions, images, and navigation.…

GitHub Importer is a tool that quickly imports source code repositories, including commits and revision history, to GitHub.com. As part of this release, GitHub Importer has implemented a new method…

You can now add organisation-level CodeQL model packs to improve code scanning coverage for your GitHub organization. This ensures that custom libraries and frameworks are recognised by CodeQL. In most…

GitHub Enterprise Importer (GEI) has implemented a new process for migrating git source data, significantly improving GEI’s reliability when migrating large repositories up to 10 GB with complex git histories.…

Secret scanning has recently expanded coverage to GitHub discussions and pull requests. GitHub is now performing a backfill scan, which will detect any historically existing secrets found in GitHub discussions…

From the 15th of May 2024 we will no longer support multiple labels on larger GitHub Hosted Runners. In February 2023 we announced that customers could no longer add or…

Starting January 30th, 2025, GitHub Actions customers will no longer be able to use v3 of actions/upload-artifact or actions/download-artifact. Customers should update workflows to begin using v4 of the artifact…

The StartRepositoryMigration GraphQL API endpoint will now require the sourceRepositoryUrl as an input field. While this is a breaking change to the StartRepositoryMigration GraphQL API schema, including this parameter was…

GitHub secret scanning now supports validity checks for Google Cloud Platform (GCP) account credentials and Slack webhooks. This improvement involves changes to how account credentials for GCP are detected and…

Enterprise owners of GitHub Enterprise Cloud with Enterprise Managed Users (EMUs) can now participate in a private beta introducing GitHub’s native IP allow list configuration to cover user namespaces. This…

CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.17.0 has been released and has now been rolled out to code scanning users on GitHub.com. Important…

Docker Compose v1 has been deprecated as of July 2023. All customers utilizing Compose v1 on GitHub-hosted runners are encouraged to migrate to Compose v2. Per GitHub’s support policy we…

Use CodeQL threat model settings for C# (beta) to adapt CodeQL’s code scanning analysis to detect the most relevant security vulnerabilities in your code. CodeQL’s default threat model works for…

We’ve got some exciting news to share! We’ve been closely listening to your feedback, and one common challenge many of you faced was reviewing, and submitting your pull request reviews…