Secret scanning expands detection to include non-provider patterns (beta)

Secret scanning will now detect the following non-provider patterns:

  • HTTP basic authentication header
  • HTTP bearer authentication header
  • MongoDB connection string
  • MySQL connection string
  • Postgres connection string
  • OpenSSH private key
  • PGP private key
  • RSA private key

Detection of these patterns must be enabled within a repository or organization’s security settings by checking the box next to “Scan for non-provider patterns.” Resulting secrets will appear in a new, separate tab on the secret scanning alert list called “Other.”

screenshot of secret scanning alerts showing a tab called Other with alerts for five non-provider patterns

Detection of non-provider patterns is currently in beta and is available for enterprises with a GitHub Advanced Security license only. Additional patterns will be added throughout the beta.

Subversion brownouts

As announced earlier this year, GitHub is removing support for the Subversion protocol. Before permanent removal, we're running two brownouts where we will temporarily disable Subversion support.

Those brownouts are scheduled for:

  • An 8 hour period on November 13, 2023, from 14:00 – 22:00 UTC / 7:00am – 3:00pm Pacific
  • A 24 hour period beginning December 5, 2023 at 10:00 UTC / 2:00am Pacific and ending at the same time on December 6

As a reminder, Subversion support will be permanently removed on January 8, 2024.

See more

GitHub.com now remembers multiple accounts in your browser. You can find the account switcher in your profile picture context menu, letting you more easily switch between user accounts without re-entering your credentials.

image

The account switcher helps developers alternate between Enterprise Managed User accounts provided by an employer and personal accounts for use with personal projects and open source contributions. It also helps administrators manage service accounts they use for automation and integration purposes.

Because these accounts often have significantly different privileges, there's never any mixing of user permissions between saved accounts. When you visit a page that your current account can't access, you'll see a prompt to switch accounts if you have more than one signed in.

When you switch accounts, you won't need to sign in again or perform 2FA unless the account session has expired. Session expiration occurs after two weeks without activity. SAML/OIDC SSO authorization is also saved for sessions, but often expires every 1 or 24 hours, and may need to be done again before you can access your organization resources.

To learn more, see "Switching between accounts".

See more