Code security enablement settings on the list organization repositories REST API

You can now view (GET) the security feature enablement status for all repositories in your organization using the "list organization repositories" endpoint in the REST API for the following security features:

  • GitHub Advanced Security
  • Secret scanning
  • Push protection

Previously, you had to retrieve a list of repos and call the "get a repository" endpoint for each repository ID to accomplish this task.

This change is intended to make it easier to audit enablement status for compliance purposes and for those customers who build external dashboards.

Learn more about the "List organization repositories" REST API and send us your feedback

Learn more about GitHub Advanced Security

Access the Audit Log REST API using scoped tokens

Enterprise and organizations administrators can now create personal access tokens (classic) and OAuth apps with the read:audit_log scope to access the Audit Log REST API.

Why is this important? Stolen and compromised credentials are the number one cause of data breaches across the industry. To mitigate the risk of compromised credentials, GitHub recommends adhering to the principle of least privilege which promotes "giving a user account or process only those privileges which are essential to perform its intended function." The new scope will enable access to the audit log endpoints, without requiring full administrative privileges.

This feature is generally available for GitHub Enterprise Cloud customers, and will be released to GitHub Enterprise Server in version 3.8. To learn more, read our documentation on using the audit log API for your enterprise.

See more

Tencent Weixin now partners with GitHub to notify users if their credentials are exposed in a public repository

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Tencent Weixin to scan for their tokens and help secure our mutual users on all public repositories and private repositories with GitHub Advanced Security. Tencent Weixin tokens allow users to verify the Weixin Official Accounts and Mini Programs developers, obtain sensitive information on business applications and can be used to verify merchant identities.

GitHub will forward access tokens found in public repositories to Tencent Weixin, who will notify affected users. Tencent Weixin encourages users to delete leaked API tokens on GitHub and to create a new token. More information about Tencent Weixin tokens can be found here.

Learn more about secret scanning
Partner with GitHub on secret scanning

See more
View all changes