Secret scanning REST API now surfaces locations

GitHub Advanced Security customers can now use the GitHub REST API to retrieve commit details of secrets detected in private repository scans. Now available on cloud, the new endpoint will surface details of a secret's first detection within a file, including the secret's location and commit SHA.

Learn more about the secret scanning REST API
Learn more about private repository scanning with Advanced Security

You can now control which GitHub App a required status check is provided by. If status is then provided by a different app or by a user via a commit status, merging will be prevented. This ensures all changes are validated by the intended app.

Screenshot of a repository's required status check settings, specifying which GitHub App is required for each status check

Existing required status checks will continue to accept status from any app, but can be updated to only accept status from a specific app (see Editing a branch protection rule). Newly-added required status checks will default to the app that most recently reported the status, but you can choose a different app or allow any app to provide the status.

For more information see our documentation about protected branches.

See more

Team sync support for Okta is now generally available for GitHub Enterprise Cloud customers.

Team sync allows GitHub.com organizations to sync an identity provider's groups’ members to teams in GitHub. With this release, we are adding support for Okta as an identity provider alongside Azure Active Directory.

To use it, your organization needs Okta configured as an external identity provider at the organization level and SCIM enabled. Learn more about Okta team sync.

See more