Onfido is now a GitHub secret scanning partner

GitHub secret scanning protects users by searching repositories for known types of secrets such as tokens and private keys. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Onfido to scan for their tokens to help secure our mutual users in public repositories. Onfido tokens allow developers to interact with Onfido's API in order to integrate secure and reliable identity verification solutions into their applications and services, helping to enhance user onboarding processes and protect against fraud. GitHub will forward any exposed tokens found in public repositories to Onfido, who will then notify the customer about the leaked token. Read more information about Onfido API tokens.

GitHub Advanced Security customers can also scan for and block Onfido tokens in their private repositories.

Arm-based hosted runners are coming to GitHub Actions!

Unlock the power of Arm in Actions

By leveraging the power and efficiency of the Arm® architecture, GitHub is offering a new solution that will accelerate software development in GitHub. These new capabilities empower GitHub users to shift-left software development on the Arm architecture across the embedded edge, IoT and cloud infrastructure while providing significant power, performance and sustainability improvements to all users. Developers can now take advantage of Arm hardware hosted by GitHub to build and deploy their release assets anywhere Arm’s architecture is used.

Seamlessly integrated into GitHub Actions, these runners are powered by Arm-based Ampere® Altra® processors. Preloaded with a base image that contains a foundational set of development tools to build upon, these runners are extremely versatile and can handle any embedded software project from key markets such as automotive, IoT and industrial. The benefits do not stop at the embedded edge, as non-embedded, cloud native and everything in between will benefit by reducing their carbon footprint and getting more done within existing budgets.

These runners will be entering private beta in January 2024.

“With Arm-based GitHub-hosted runners, software developers can move faster while taking full advantage of the efficient Arm architecture, from cloud to edge,” said Bhumik Patel, director of software ecosystem development, Infrastructure Line of Business, Arm. “Our partnership with GitHub allows developers to optimize their Arm-based software development workflows and leverage GitHub’s ubiquitous deployment capability to more efficiently deliver code wherever they deploy – all while reducing costs and time to market.”

Interested?
Click here to join the waitlist for the private beta.

See more

The GitHub Advanced Security billing REST API and CSV download now includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your business. Here is an example response from the GitHub Advanced Security billing REST API:

      "advanced_security_committers_breakdown": [
        {
          "user_login": "octokitten",
          "last_pushed_date": "2023-10-26",
          "last_pushed_email": "octokitten@email.com"
        }

Read more about the GHAS billing API here and the GHAS billing CSV download here.

This is available now on GitHub.com and will ship to GitHub Enterprise Server 3.12

See more