GitHub Enterprise Server 3.3 enhances CI/CD and adds a new security manager role
This latest release sees the introduction of a new role, a new webhook for GitHub Actions, and a bright edge to dark mode.
The GitHub Enterprise Server 3.3 release candidate brings some much anticipated improvements to CI/CD and security. This latest release sees the introduction of a new role, a new webhook for GitHub Actions, and a bright edge to dark mode. CodeQL, part of GitHub Advanced Security, continues to expand support for more libraries and frameworks. CodeQL can now detect even more potential sources of untrusted user data, steps through which that data flows, and potentially dangerous sinks where the data could end up.
Remember, release candidates are a way for you to try the latest features at the earliest time, and they help us gather feedback early to ensure the release works in your environment. They should be tested on non-production environments.
Download the release candidate now or read more about the release candidate process.
Clean lines and and an edge that shines
In the last release of GitHub Enterprise Server, we introduced the much-awaited dark and dimmed themes, and we continue to work on providing options to help you treat your eyes with kindness while keeping them on the task at hand–introducing high contrast dark theme
!
For more information on changing your theme, see “Managing your theme settings.”
One, then gone…
Sometimes, we need each job to be run on a new, clean environment. Managing the cycling, registration, and de-registration of runners and automatically scaling runners is now easier with support for ephemeral (single job) runners and a new workflow_job
webhook.
Empowering Security Teams with a new role and new permissions
Security is a cross-cutting concern, and professionals responsible for keeping organizations safe need the right access applied consistently and easily across organizations and repositories. The new security manager role
addresses these needs allowing the specified teams’ members to manage security alerts and settings across your organization, as well as read permission for all repositories in the organization.
- Read access on all repositories in the organization.
- Write access on all security alerts in the organization.
- Access to the organization-level security tab.
- Write access on security settings at the organization level.
- Write access on security settings at the repository level.
For more information, see “Managing security managers in your organization.”
The security conscious will also welcome the addition of the option to set an expiration date for personal access tokens, new and existing. User renewals will be requested by email and can easily be regenerated with the same properties as the original. When using a personal access token with the GitHub API, a new GitHub-Authentication-Token-Expiration
header is included in the response, which indicates the token’s expiration date. For more information, see “Creating a personal access token” or check out the release notes for other security related changes
Try it out today
To learn more about GitHub Enterprise Server 3.3, read the release notes and download it now.
Release candidates should be installed on non-production environments. GitHub Support is here to help with any problems, and hear your feedback.
Not using GitHub Enterprise Server already? Start a free trial to innovate faster with the platform developers know and love.
Tags:
Written by
Related posts
GitHub Actions, Arm64, and the future of automotive software development
Learn how GitHub’s Enterprise Cloud, GitHub Actions, and Arm’s latest Automotive Enhanced processors, work together to usher in a new era of efficient, scalable, and flexible automotive software creation.
The architecture of SAST tools: An explainer for developers
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.
Frenemies to friends: Developers and security tools
When socializing a new security tool, it IS possible to build a bottom-up security culture where engineering has a seat at the table. Let’s explore some effective strategies witnessed by the GitHub technical sales team to make this shift successful.