Dependabot alerts can be enabled at the repository, organization, and enterprise levels in GHES 3.9

With GHES 3.9, you and your organization can better manage your Dependabot alerts thanks to more granular enablement controls. You can now enable Dependabot alerts at the repository, organization, and enterprise level, rather than having to enable Dependabot alerts across an entire enterprise at once.

This release also adds support for “automatically enable for new repositories” at the organization and enterprise levels.

Enterprise admins still need to opt in to Dependabot alerts via GitHub Connect, which approves outbound calls for advisories to sync.

Learn more about changes for GHES 3.9 for Dependabot.

Code scanning with CodeQL supports Swift 5.8

After we released Swift in beta on the 1st June, we are now adding support for long awaited Swift 5.8.1 and Xcode 14.3.1. This release also brings better support for Swift 5.x on Linux, which now supports versions up to and including 5.8.1.

Swift 5.8.1 support is available starting with CodeQL version 2.13.5. Code scanning users on GitHub.com will automatically benefit from the latest CodeQL version, while those on GitHub Enterprise Server can update using these guidelines. Security researchers can set up the CodeQL CLI and VS Code extension by following these instructions.

While our Swift analysis support remains in public beta we welcome your input. If you have any feedback or questions about the Swift beta, consider joining our community in the #codeql-swift-beta channel in the GitHub Security Lab Slack.

See more

New rate limit is coming for the audit log API endpoints

GitHub provides Enterprise customers with the ability to programmatically retrieve enterprise and organization audit log events in near real-time using the audit log API. A high-quality audit log is an essential tool used by enterprises to ensure compliance, maintain security, investigate issues, and promote accountability. To support these objectives, the audit log API needs to be highly reliable, consistently available, and extremely scalable.

Recognizing the audit log API's importance as a data source to enterprises, each audit log API endpoint will impose a rate limit of 15 queries per minute per enterprise or org starting August 1st, 2023. Based on a thorough analysis of event generation data, we are confident that the new rate limit will continue to support customers in accessing near real-time data via the audit log API. Additionally, query cost is a crucial consideration, and in the future, the audit log may impose further rate limiting for high-cost queries that place significant strain on our data stores.

What can you do to prepare for these changes? First, programs or integrations querying the audit log API should be adjusted to query at a maximum frequency of 15 queries per minute. Additionally, applications querying the audit log API should be updated to be capable of honoring HTTP 429 responses, enabling them to dynamically adjust to the back-pressure exerted by our systems. Alternatively, Enterprises seeking access to near real-time data should consider streaming your enterprise audit log.

See more
View all changes