GitHub has made the latest version of GitHub Enterprise Server generally available, complete with more than 60 new features focused on improving code security.
GitHub Enterprise Server 3.5 is available to download now and also delivers new automation features, as well as updates to the developer experience, it said.
Dependabot is a feature that can be found across GitHub products and its implementation for GitHub Enterprise Server customers has been made generally available.
The automated feature will provide alerts when security vulnerabilities in project dependencies are discovered, patch a dependency when a vulnerability is detected by opening a pull request to the repository (repo), and decrease exposure to vulnerabilities by opening pull requests to keep all project dependencies up to date.
GitHub Advanced Security customers will also receive new controls such as secret scanning to block pushes that contain secrets - things that determine user privileges, like tokens and private keys.
A public beta feature for GitHub Advanced Security customers also allows for dry runs of secret scans to be executed before publishing the repository.
Scan results from Dependabot and secret scanning can also now be viewed at both the organisation level (generally available) and the enterprise level (public beta).
RELATED RESOURCE
The COO's pocket guide to enterprise-wide intelligent automation
Automating more cross-enterprise and expert work for a better value stream for customers
Administrators also have additional controls at their disposal such as a new IP allow list. The option will allow admins to only allow a specific set of IP addresses to access a given appliance, allowing the server to handle any production traffic after any operational changes were made while in maintenance mode.
A total of 41 GitHub Enterprise Server metrics can also now be gathered to give admission greater insight into users are using the platform and how teams operate.
GitHub Container Registry was introduced in 2020 and added to GitHub Packages last year. It has now been added to GitHub Enterprise Server and brings the same features to customers that give greater traceability of each organisation’s software supply chain.
The container registry can be enabled from the management console and brings new capabilities such as permissions control for containers, configurable internal visibility settings, decrease bandwidth and storage requirements but sharing data at the organisation level, and more.
Lastly, many new features have been added to GitHub Actions - the platform’s continuous integration and continuous delivery (CI/CD) framework.
Reusable workflows and caches support have now been made generally available, while other developments for delf-hosted runners have also been added.
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
GitHub is awash with leaked AI company secrets – API keys, tokens, and credentials were all found out in the openNews Wiz research suggests AI leaders need to clean up their act when it comes to secrets leaking
-
Organizations urged to act fast after GitHub Action supply chain attackNews More than 20,000 organizations may be at risk following a supply chain attack affecting tj-actions/changed-files GitHub Action.
-
Nearly a million devices were infected in a huge GitHub malvertising campaignNews Microsoft has alerted users to a malvertising campaign leveraging GitHub to infect nearly 1 million devices around the world.
-
'GitVenom' campaign uses dodgy GitHub repositories to spread malwareNews Security researchers have issued an alert over a campaign using GitHub repositories to distribute malware, with users lured in by fake projects.
-
Malicious GitHub repositories target users with malwareNews Criminals are exploiting GitHub's reputation to install Lumma Stealer disguised as game hacks and cracked software
-
A leaked GitHub access token could have led to a catastrophic supply chain attackNews The GitHub access token with administrator level privileges could have been used to great effect by threat actors
-
Hackers have found yet another way to trick devs into downloading malware from GitHubNews Threat actors have developed a new way to covertly embed malicious files into legitimate repositories on both GitHub and GitLab using the comment section
