GitHub Advanced Security customers can now see an overview of Dependabot alerts at the enterprise level. This page provides a repo-centric view of application security risks, as well as an alert-centric view of all secret scanning and now Dependabot alerts. The views are in beta and will be followed in the coming months by alert-centric views for code scanning.
Learn more about security overview
Learn more about GitHub Advanced Security
GitHub Advanced Security customers can now view an overview of security alerts at the enterprise level. The new "Security" tab at the enterprise level provides a repo-centric view of application security risks, as well as an alert-centric view of all secret scanning alerts. Both views are in beta, and will be followed in the coming months by alert-centric views for code scanning and Dependabot alerts.
Learn more about security overview
Learn more about GitHub Advanced Security
Organizations can now grant teams permission to manage security alerts and settings on all their repositories. The "security manager" role can be applied to any team and grants the team's members the following permissions:
Issues submitted to open source projects often lack important information. Markdown issue templates can help by providing text that contributors can remove and replace with their own input – but sometimes contributors can miss details or get confused.
New, YAML configured issue forms enable maintainers to build structured forms with required fields and easy-to-follow steps so that they can capture every important detail.
Issue forms are now available in beta for all publicly accessible repositories.
Today we are announcing new beta features within GitHub Issues, with better ways to plan, track, and manage projects.
Read more on the GitHub Issues page or in the FAQ.
Available in limited public beta
Built like a spreadsheet, project tables give you a live canvas to filter, sort, and group issues and pull requests. Tailor them to your needs with custom fields and saved views. Sign up for the beta now.
Available in public beta
When lists of tasks are created in markdown and referenced in another issue, this will now create a dynamic relationship that helps you break down your work and track it to completion. Convert text into issues quickly after brainstorming ideas with your team, and stay up to date on progress now that tracked issues are automatically checked off when closed.
Join our feedback community and let us know how we can improve.
The new security overview for organizations and teams – which provides a high-level view of the application security risks a GitHub organization is exposed to – is now in beta for all GitHub Advanced Security customers on GitHub Enterprise Cloud.
With the new security overview GitHub Advanced Security customers now have a single place to see the application security risks detected by code scanning, Dependabot, and secret scanning. The security overview shows both these known security risks as well as where you have unknown risks because security features haven’t been configured.
Learn more about security overview
Learn more about GitHub Advanced Security
Dependency review, in beta, helps you review dependency changes in your pull requests. But how do you find your package manifests amongst all the other files? Now you can filter the files in pull requests to see just the package manifests:
What if you don’t have a pull request at all? Now you can review dependency changes between any two commits, such as:
Learn more about reviewing dependency changes in pull requests.
Dependabot can now access dependencies from authenticated private registries, such as GitHub Packages, Azure Artifacts, and Artifactory. These private registries are similar to their public equivalents, but they require authentication and are only available to members of your team or company. With this release, Dependabot version updates can help keep inner source as up-to-date as open source.
To enable this feature, add a registries section to your dependabot.yml, reference your new registries in the relevant updates, and add any secrets to Dependabot’s secret store. For example, here’s how to use GitHub Packages with Dependabot:
registries:
npm-ghp-octocat:
type: npm-registry
url: https://npm.pkg.github.com
token: ${{secrets.GITHUB_PERSONAL_ACCESS_TOKEN}} # make sure to store this in your Dependabot secrets!
updates:
package-ecosystem: npm
directory: "/"
registries:
- npm-ghp-octocat
schedule:
interval: dailyThis complements your ability to give Dependabot version updates access to private repositories, which is common for ecosystems like go modules and npm.