Update and configure code security enablement settings via the organization REST API

At the organization level, you can now view (GET) and update (PATCH) enablement status as well as configure the setting to automatically enable new repositories for the following GitHub security products:

  • Dependency graph
  • Dependabot alerts
  • Dependabot security updates

If you are a GitHub Advanced Security customer, you can also view and update the same settings for:

  • Secret scanning
  • Push protection

In addition, GitHub Advanced Security customers can view and update the enablement status for GitHub Advanced Security at the organization level.

Learn more about the organization REST API and send us your feedback

Learn more about GitHub Advanced Security

Previously, we announced a change to how <num> parameters work for autolink references, switching from numeric to alphanumeric IDs. We heard from a number of customers who still need numeric identifiers. Now when creating an autolink reference, you can use an alphanumeric or numeric identifier.

Screenshot of Autolink references

Autolinks are available in repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub's products.

Learn more about autolinks at Configure autolinks in the GitHub documentation. We appreciate feedback on this and other topics in GitHub's public feedback discussions.

See more

The GitHub Packages npm registry now runs on a new architecture, unlocking great new capabilities:

Publishing packages at organization level with GitHub Packages

Previously, npm packages published to GitHub packages were closely coupled to their repositories. Now packages can be published at an organization level. They can still be linked to a repository at any time, if needed.

Learn more about connecting a repository to a package.

Fine grained permissions for npm packages published to GitHub Packages

You can now configure Actions and Codespaces repository access on the package’s settings page, or invite other users to access the package. Additionally, npm packages published to GitHub packages can still be configured to automatically inherit all permissions from a linked repositories.

Learn more about configuring a package’s access control.

Internal visibility

In addition to public and private, a package’s visibility can now also be set to internal. It is then visible for all members of the GitHub organization.


These new features are now available to all users on github.com.

Read more about working with the GitHub npm registry

We appreciate your feedback on these new changes in GitHub’s public community discussions!

See more