GitHub Enterprise Server 3.5 is now generally available
GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security.
GitHub Enterprise Server 3.5 focuses on adding more security features to keep your code secure, along with updates to our developer experience and additional automation features.
This latest version brings more than 60 new features, with an emphasis on new capabilities for GitHub Advanced Security.
Download the latest version now.
What’s included in GitHub Enterprise Server 3.5
GitHub Container Registry now available in public beta
Since releasing the Container registry to GitHub Packages last year, developers are using the registry to publish and manage thousands of containers and consume these containers millions of times on a daily basis.
Starting with GitHub Enterprise Server 3.5, customers will have access to the GitHub Container registry, which admins can enable from the management console. With this release, customers can now:
- Configure fine-grained permissions control for containers in their organization.
- Configure “Internal” visibility settings for containers within organizations in addition to “Private” and “Public.”
- Share data at the organization level, thereby decreasing bandwidth and storage requirements.
- Achieve tighter integrations with their Actions workflow and securely access containers from workflows via the GITHUB_TOKEN.
- Anonymously access public containers, thereby allowing customers to be able to access public containers without providing any credentials.
- Store and manage Open Container Initiative (OCI) images.
Dependabot now generally available
Now, all customers hosting their own GitHub Enterprise Server instance will be able to take advantage of all that Dependabot has to offer. This has been a long time in the making and fulfills one of our most common feature requests from GitHub Enterprise Server customers. For those unfamiliar, Dependabot consists of three services:
- Dependabot alerts: alert you the moment vulnerabilities in your dependencies are detected
- Dependabot security updates: upgrades a dependency to patched version when a vulnerability is detected by opening a pull request to your repo
- Dependabot version updates: opens pull requests to keep all your dependencies up to date, decreasing your exposure to vulnerabilities and chance of getting stuck on an outdated version
For more information and to set up Dependabot on your GitHub Enterprise Server instance, see enabling Dependabot for your enterprise and enabling the dependency graph for your enterprise.
GitHub Actions
Reusable Workflows now generally available
Reusable workflows, formally known as “templates,” is the key component of centrally managed workflows. This feature enables you to reuse an entire workflow as if it were an action. Instead of copying and pasting workflow definitions across repositories, you can reference an existing workflow with a single line of configuration.
Cache Support now generally available
GitHub Actions enables customers to cache intermediate outputs and dependencies for their workflows, which is an effective way to make jobs faster.
Restrict self-hosted runner groups to specific workflows
In addition to restricting which repositories can access specific enterprise and organization runner groups, administrators can further control access by selecting specific workflow files and versions. Combining this feature with reusable workflow can help you create more secure standard workflows in your organization.
Self-hosted runners can now disable automatic updates
You now have more control over when your self-hosted runners perform software updates. If you specify the --disableupdate
flag to the runner then it will not try to perform an automatic software update if a newer version of the runner is available. This allows you to update the self-hosted runner on your own schedule, and is especially convenient if your self-hosted runner is in a container.
For Enterprise Administrators
IP allow list for maintenance
We are introducing a new option for maintenance settings to keep GitHub Enterprise Server in a healthy state to serve production traffic after any operational changes while in maintenance mode. This modification enables administrators to only allow a set of certain IP addresses access to the appliance.
GitHub Enterprise Server Statistics
Customers can now gather 41 GitHub Enterprise Server metrics to understand how they are using the platform. These metrics will give insights into how the users are utilizing the product, clarity on how teams operate, and gain maximum value from all aspects of GitHub Enterprise Server.
Security
Audit Log now includes git events
Three new events, git.clone, git.fetch, and git.push,
will be incorporated alongside existing audit log events and available for search via the UI, export via JSON/CSV, and search via the API and streaming. Customers will be able to more fully observe UI and CLI activity on their account through the audit log. This will help customers to better meet administration, compliance, and security response needs.
What’s included in GitHub Advanced Security
Prevent secret leaks with secret scanning push protection now in public beta
GitHub Advanced Security customers can now block pushes that include secrets. Push protection scans for highly identifiable secrets with a false positive rate of less than 1%. Developers can review the identified secrets and remove them or, if needed, bypass the block. For more information, see “Protecting pushes with secret scanning.”
Quantify your security risk with security overview org-level view (Generally Available) and enterprise-level view (Public Beta)
GitHub Advanced Security customers now have access to a security overview at both the organization and enterprise level. The security overview aggregates security results, with both repo-centric and alert-centric views for secret scanning, Dependabot, and code scanning.
Secret scanning supports organization-level and repository-level dry runs now in public beta
A poorly authored custom pattern can create thousands of results across an organization or repository. To solve this, GitHub Advanced Security customers can now dry-run scans before publishing them. Dry runs can be used at the organization-level and repository-level, and are in public beta.
CodeQL detects more security issues, supports new language versions
GitHub Advanced Security customers can now benefit from a range of improvements to CodeQL, including support for new languages, improved detection for a large number of CWEs, and performance improvements. More details.
To learn more about all the new features in GitHub Enterprise Server 3.5, read the release notes or download it today. Are you using the latest GitHub Enterprise Server version? Use the Upgrade Assistant to find the upgrade path from your current version of GitHub Enterprise Server to your desired version.
Tags:
Written by
Related posts
GitHub and JFrog partner to unify code and binaries for DevSecOps
This partnership between GitHub and JFrog enables developers to manage code and binaries more efficiently on two of the most widely used developer platforms in the world.
2024 GitHub Accelerator: Meet the 11 projects shaping open source AI
Announcing the second cohort, delivering value to projects, and driving a new frontier.
Introducing GitHub Copilot Extensions: Unlocking unlimited possibilities with our ecosystem of partners
The world of Copilot is getting bigger, improving the developer experience by keeping developers in the flow longer and allowing them to do more in natural language.