GitHub Advanced Security customers can now view bypasses of secret scanning's push protection in the enterprise and organization audit logs. The GitHub REST API and webhooks now also contain bypass information.
Dependency graph has a REST API for submitting dependencies detected at build time
Dependency graph now supports submissions through the dependency submission API (beta). This enables you to add dependencies, such as those resolved when software is compiled or built, to the dependency graph. Submitted dependencies will appear in a repository’s dependency graph and any associated vulnerabilities will trigger Dependabot alerts.
Releasing alongside the dependency submission API are the:
- Go Dependency Submission GitHub Action, which detects and submits Go dependencies to your dependency graph
- Dependency Submission Toolkit, which can be used to write workflows to submit dependencies to a repository
GitHub Advanced Security customers can now perform dry runs of their custom patterns when editing a pattern. Dry runs allow admins to understand a pattern's impact across an organization and to hone the pattern before publishing and generating alerts.
Admins can compose a new pattern or edit a published pattern then 'Save and dry run' to retrieve results from their selected repositories. Scan results will appear on screen as they're detected, but admins can leave the page and later come back to their saved pattern's dry run results.
For more information: