With delegated alert dismissal for secret scaning alerts, you can require a review process before alerts are dismissed. This helps you better manage your security risk as well as meet…
Issue types can now be managed using the REST API, expanding the ability to automate and incorporate them in your workflows. Check out our documentation on issue types for more…
Push protection for secret scanning blocks any push that contains a secret. By default, this block can be bypassed, which results in a secret scanning alert in the repository. Delegated…
Today, Actions larger runner REST APIs are now generally available. These new APIs empower you to programmatically create larger runners, assign them to a runner group, configure network settings for…
As a GitHub Enterprise Cloud organization owner, you and your designated users can now use API insights to visualize REST API activity for your entire organization or specific apps and…
New REST API endpoints for code scanning allow you to request the generation of Copilot Autofix for code scanning alerts. These endpoints also provide the Autofix generation status, along with…
Following our “Evolving GitHub Issues” announcement we’ve continued to improve the experience based on your feedback, including closing an issue as a duplicate, a REST API for sub-issues, and expanding…
As part of our ongoing efforts to improve flexibility and control for managing the security manager role, we are retiring the security manager API and replacing it with the more…
A new REST API endpoint lists the secret scanning scan history for a repository, giving you visibility into when different types of secret scanning scans have occurred in your repository.…
Based on customer feedback, we have updated how the created_at timestamp works in the Copilot seat details portion of responses from the following REST API endpoints: /organization/{org}/billing/copilot/seats /enterprises/{enterprise}/billing/copilot/seats /organization/{org}/members/{username}/copilot The…
Secret scanning alerts resulting from an approved push protection bypass request will now show relevant details in the alert information surfaced in the REST API, webhooks, and audit logs. This…
As a GitHub Enterprise Cloud organization owner, you and your designated users can now use API insights to visualize REST API activity for your entire organization or specific apps and…
GitHub Advanced Security customers using secret scanning can now use the REST API to enable or disable support for non-provider patterns at the enterprise level. This enables you to manage…
Push protection blocks you from pushing secrets to a repository and generates an alert whenever you bypass the block. Push protection is now supported for the following REST API endpoints:…
Secret scanning alerts for non-provider patterns and generic passwords can now be retrieved using the REST API. With the “List secret scanning alerts” endpoint for an enterprise, organization, or repository,…
GitHub Advanced Security customers using secret scanning can now use the REST API to enable or disable support for non-provider patterns at the repository level. Non-provider patterns scans for token…
Enterprise Owners on GitHub Enterprise Cloud (GHEC) can join a private beta allowing them to configure audit log streaming via the REST API. This private beta grants access to new…
Code security configurations will be made generally available (GA) on July 10th, 2024. At that point, we will sunset the organization-level code security settings UI experience along with the API…
GitHub Importer is a tool that quickly imports source code repositories, including commits and revision history, to GitHub.com. As part of this release, GitHub Importer has implemented a new method…
You can now use the REST API to check if a repository has private vulnerability reporting enabled. Learn more about: – Evaluating a repository’s security settings – Repository security advisories…
GitHub Advanced Security users can now use the REST API to enable or disable secret scanning validity checks for a repository, organization, or enterprise. Validity checks retrieve a status for…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
