Secret scanning fine-grained permissions for bypasses
You can now grant fine-grained permissions to review and manage push protection bypass requests within your organization. Anyone with this permission will have the ability to approve and manage the...
View ArticleUnkey is now a GitHub secret scanning partner
For Unkey users, GitHub secret scanning now scans for Unkey tokens to help secure your public repositories. Unkey’s Root API Key enables users to create and manage Unkey resources including APIs, API...
View ArticleClik here to view.
Copilot Chat in GitHub.com is now contextually aware of GitHub Advanced...
You can now use Copilot Chat in GitHub.com to search across GitHub to find and learn more about GitHub Advanced Security Alerts from code scanning, secret scanning, and Dependabot. This change helps...
View ArticleManage secret scanning bypass requests at the organization level
GitHub Advanced Security customers that have enabled delegated bypass rules for push protection can now manage and review their bypass requests at the organization level. The list is located within the...
View ArticleSecret scanning indicates known public leaks and duplicate alerts for private...
To help you triage and remediate secret leaks more effectively, GitHub secret scanning now indicates if a secret detected in your repository has also leaked publicly with a public leak label on the...
View ArticleEnable secret scanning for non-provider patterns for enterprises with the...
GitHub Advanced Security customers using secret scanning can now use the REST API to enable or disable support for non-provider patterns at the enterprise level. This enables you to manage your...
View ArticleSecret scanning: on-demand revocation for GitHub PATs (Public Beta)
You can now report compromised GitHub personal access tokens to GitHub, directly from a secret scanning alert. When you let GitHub know that the secret has been compromised, GitHub will treat the token...
View ArticleSecret scanning alert lists renamed to “Default” and “Experimental”
The secret scanning alert lists are now named “Default” and “Experimental,” better reflecting the alert categories and making it easier for you to tell experimental alerts from default alerts. The...
View ArticleSecret scanning non-provider patterns are generally available
Secret scanning support for non-provider patterns is now generally available for all GitHub Advanced Security customers. Non-provider patterns are generic detectors that help you uncover secrets...
View ArticleUpcoming replacement of enterprise code security enablement UI and APIs
In the coming months, the current interface for managing code security settings for an enterprise will be deprecated and replaced with new and improved code security configurations that will provide...
View ArticleCopilot secret scanning for generic passwords is generally available
Copilot secret scanning is now generally available. Copilot secret scanning, which detects generic passwords using AI, offers greater precision for unstructured credentials that can cause security...
View ArticleSecret scanning: improvements for alerts with known public leaks and...
You can now view exact locations of known public leaks for a secret scanning alert, as well as any repositories with duplicate alerts across your enterprise. Public leak and duplicate alert labels are...
View ArticleClik here to view.
Bypass controls for push protection are generally available
Secret scanning bypass privileges for push protection are now generally available. These controls allow you to choose who is allowed to bypass push protection, and introduce a review and approval cycle...
View ArticleSecret scanning support for public leak and multi-repository indicators in...
Public leak and multi-repository indicators are now included in webhook and audit log event payloads for secret scanning alerts. What are public leak and multi-repo labels? To help you triage and...
View ArticleSecret scanning supports delegated bypass for push protection on file uploads...
Secret scanning now supports delegated bypass controls for repository file uploads from the browser. If delegated bypass is configured for an organization or repository, anyone without bypass...
View ArticlePush protection bypass request details are included in the REST API,...
Secret scanning alerts resulting from an approved push protection bypass request will now show relevant details in the alert information surfaced in the REST API, webhooks, and audit logs. This allows...
View ArticleSecret scanning: ability to add an optional comment when reopening alerts
To remediate and triage alerts more effectively, you can now add an optional comment when reopening a secret scanning alert. Comments will appear in the alert timeline. Previously, you could only add a...
View ArticleAccess a repository’s secret scanning scan history with the REST API
A new REST API endpoint lists the secret scanning scan history for a repository, giving you visibility into when different types of secret scanning scans have occurred in your repository. This...
View ArticleClik here to view.
Reviewers can add a comment on push protection bypass requests for secret...
Reviewers can now add comments to push protection bypass requests in secret scanning. These comments help provide context, explaining the reasoning behind approving or denying a request. Requesters...
View ArticleNotice of breaking changes: Security manager REST API will be retired and...
As part of our ongoing efforts to improve flexibility and control for managing the security manager role, we are retiring the security manager API and replacing it with the more robust organization...
View Article