enterprise

Subscribe to all “enterprise” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Improvements to GitHub Advanced Security billing pages

We've shipped improvements to the billing pages for GitHub Advanced Security so it is easier for you to see how many licenses you are using.

  • You can now see how enterprises and organizations are using licenses in the summary tiles.
  • You can download a CSV report for each item in the billing table so it is easier to report on license usage.
  • For enterprises, the table is sorted by the number of unique committers in each organization, so it is easy to see where GitHub Advanced Security licenses are used.
  • If an organization chooses to disable GitHub Advanced Security on a repository, the confirmation popup now informs you how this would impact your overall licenses usage.

Enterprise and Organisation GitHub Advanced Security usage

This is available on the GitHub Advanced Security section on the enterprise's billing settings page enterprise-name/settings/billing and the organization's code security and analysis settings page organization-name/settings/security_analysis.

This has shipped to GitHub.com and will be available in GitHub Enterprise Server 3.9. Learn more about the GitHub Advanced Security billing.

See more

GitHub Copilot is now available for invoiced GitHub Enterprise customers

Starting today, GitHub Copilot is officially available to invoiced GitHub Enterprise customers with our new Copilot for Business offering which joins Copilot for Individuals.
This new add-on means enterprise users can now leverage GitHub Copilot’s powerful AI to write code and even entire functions with a simple editor extension.
Copilot for Business will also provide additional capabilities including license management, centralized policy controls, and industry-leading privacy. Each license will cost $19 USD/month and will be billed directly to existing Enterprise accounts.

Learn more in the GitHub’s blog.

See more

Extending Checks Retention Policies to GHES

Previously, data generated from Checks were not managed by a retention policy and would therefore grow unbounded. A recent change was made to GitHub.com that archives checks data after 400 days and deletes records 30 days after they are archived.

This change will be extended to GitHub Enterprise Server (GHES) version 3.8 with additional features that will allow administrators to:

  • Enable/disable checks retention
  • Set a custom retention threshold
  • Set a custom hard-delete threshold

This pertains to all Checks data, including those that are generated from GitHub Actions and the Statuses API.

For questions, visit the GitHub community or get started with Checks API today.

See more

Organization-level security risk and coverage pages replace overview page

The organization-level security overview page has been replaced by the risk and coverage views as previously announced and is no longer available. The risk view is designed to help you assess security exposure, and the coverage view is intended to help you manage security feature enablement.

GitHub Enterprise customers can use the new security overview experience today by clicking on an organization's "Security" tab.

Learn more about the new risk and coverage views and send us your feedback

See more

Code scanning organization-level REST API is available for public repositories

GitHub organizations can now use the code scanning organization-level API endpoint to retrieve code scanning alerts on public repositories; this no longer requires a GitHub Advanced Security license. This new endpoint supplements the existing repository-level endpoint.

Learn more about the code scanning organization-level REST API.

See more

New and improved Enterprise Reports now Generally Available

The recently enhanced GitHub Enterprise "consumed licenses" report and new "enterprise members" report are now generally available. These reports provide more insight into who has access to an enterprise, what level of access, and whether a license is consumed:

  • Consumed License Report: A breakdown of license usage for your GitHub Enterprise and any synced GitHub Enterprise Server instances;
  • Enterprise Members Report: An extensive list of licensed and non-licensed members associated with your Enterprise Cloud environment, including members synced from a GitHub Enterprise Server instance.

To learn more about these reports and how to access them, read our documents about viewing license usage for GitHub Enterprise and exporting membership information about your enterprise.

See more

Filter code scanning API results by alert severity

You can now filter results from the code scanning REST API based on alert severity. Use the parameter severity to return only code scanning alerts with a specific severity. This is available at the repository and organization level.

This feature is available on GitHub.com, and will also be included in GitHub Enterprise Server (GHES) version 3.8.

Read more about the code scanning API

See more

Feature enablement from the organization-level security coverage page

You can now enable and disable the following GitHub security features for a single repository from the organization-level security coverage view:

  • Dependency graph
  • Dependabot alerts
  • Dependabot security updates

If you are a GitHub Advanced Security customer, you can also enable and disable the following features for a single repository:

  • GitHub Advanced Security
  • Secret scanning
  • Push protection

In the future, you'll be able to enable and disable multiple repositories from the coverage view.

enablement panel on coverage view

Learn more about the new coverage view and send us your feedback

Learn more about GitHub Advanced Security

See more

OIDC for Azure AD Enterprise Managed Users is now GA

OpenID Connect (OIDC) for authenticating enterprise managed users is now generally available for enterprises using Azure AD.

OIDC allows GitHub to use your identity provider's IP allow list policies to control where PAT and SSH keys can be used to access GitHub from, with granular control down to individuals. Enterprise customers using OIDC can now select whether to use their identity provider's IP allow list policies, or GitHub's built-in allow list feature.

image

image

To learn more about OIDC and enterprise managed users, see "Enterprise Managed Users" and "Migrating from SAML to OIDC for Enterprise Managed Users". To learn more about Azure AD's IP allow list functionality, see "Location based Conditional access"

See more

Introducing GitHub Actions Importer

We’ve launched a public preview of GitHub Actions Importer, which helps you forecast, plan, and automate migrations from your current CI/CD tool to GitHub Actions.

Doing individual migrations is relatively easy in isolation. However, for those that have a large and established CI/CD footprint, having tooling available to assist with migrations is key to their ability to adopt Actions at scale. In the time that we’ve been developing and using GitHub Actions Importer in its private preview form, we’ve encountered numerous customers that have thousands of pipelines—even in excess of 15K—in their legacy environments that need to be migrated. GitHub Actions Importer is designed to help when manual migration is not feasible, such as when users have a large number of teams that depend on hundreds or thousands of workflows.

Sign up here to request access to the public preview. Once you've been added, you will receive an email at the address registered on your GitHub account with instructions for getting started.

To learn more, see Automating migrations with GitHub Actions Importer and the announcement post on the GitHub blog.

See more

Organization Invitation Improvements

Whether you invite a user to an organization via the API or via our user interface, we are bringing enhancements to make this experience better. From today, you can:

  • search for a user via a verified email address both within the API and on an organization’s “People” pages;
  • utilize the API to assign more than one enterprise member at a time to additional organizations within your enterprise;
  • view additional user information provided within the enterprise and organization “People” invitation pages.

To learn more, read about inviting users in an organization.

See more

Displaying authentication token data in your Enterprise audit log is generally available

GitHub Enterprise and organization owners will have improved visibility into authentication activity with the addition of authentication token data to audit logs events. Stolen and compromised credentials are the number one cause of data breaches across the industry, and now enterprise and organization owners can query their audit logs for activity associated with a specific authentication token. They will be better equipped to detect and trace activity associated with corrupt authentication tokens. This feature is generally available for GitHub Enterprise Cloud customers, and will be released to GitHub Enterprise server as part of GHES 3.8.

To learn more, read our documentation on identifying audit log events performed by an access token.

See more

GitHub Enterprise Server 3.7 is now generally available

GitHub Enterprise Server 3.7 is now generally available. This release continues our trend of bringing new features to GitHub Enterprise Server (GHES) in record numbers. Beyond the numbers, the features in GHES 3.7 not only enable developers to build world class software every day, but also provide administrators with the tools needed to reliably run GitHub at scale.

We're making more than 70 features available, including:

  • Reusable workflows and new support for Google Cloud Storage, making it easier to build with GitHub Actions at scale.
  • Security Overview dashboard to give all security teams a single view of code risk.
  • An improved management console to keep your instance more secure than ever with automated user onboarding and offboarding.
  • New forking and repository policies, so adopting innersource best practices is easier, all while balancing auditability and project maintenance in the long term.
  • Code scanning alerts are now more collaborative and part of the flow for GitHub Advanced Security customers.

To learn more about GitHub Enterprise Server 3.7, read the release notes, and download it now.

See more

Permissions filtering for organization fine-grained PATs

Organization administrators can now filter fine-grained personal access tokens (PATs) by their permissions in the organization settings UI. Both pending token requests and active tokens can be filtered by permission, such as issues_write and members_read.

image

After setting a filter, only tokens with that permission will be shown in the table.

To learn more about fine-grained PATs, see "Reviewing fine-grained personal access tokens" and "Managing requests for fine-grained personal access tokens".

See more
View more changes