GitHub Enterprise Server 3.5 is now generally available
source link: https://github.blog/2022-05-31-github-enterprise-server-3-5-is-now-generally-available/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GitHub Enterprise Server 3.5 focuses on adding more security features to keep your code secure, along with updates to our developer experience and additional automation features.
This latest version brings more than 60 new features, with an emphasis on new capabilities for GitHub Advanced Security.
Download the latest version now.
What’s included in GitHub Enterprise Server 3.5
GitHub Container Registry now available in public beta
Since releasing the Container registry to GitHub Packages last year, developers are using the registry to publish and manage thousands of containers and consume these containers millions of times on a daily basis.
Starting with GitHub Enterprise Server 3.5, customers will have access to the GitHub Container registry, which admins can enable from the management console. With this release, customers can now:
- Configure fine-grained permissions control for containers in their organization.
- Configure “Internal” visibility settings for containers within organizations in addition to “Private” and “Public.”
- Share data at the organization level, thereby decreasing bandwidth and storage requirements.
- Achieve tighter integrations with their Actions workflow and securely access containers from workflows via the GITHUB_TOKEN.
- Anonymously access public containers, thereby allowing customers to be able to access public containers without providing any credentials.
- Store and manage Open Container Initiative (OCI) images.
Dependabot now generally available
Now, all customers hosting their own GitHub Enterprise Server instance will be able to take advantage of all that Dependabot has to offer. This has been a long time in the making and fulfills one of our most common feature requests from GitHub Enterprise Server customers. For those unfamiliar, Dependabot consists of three services:
- Dependabot alerts: alert you the moment vulnerabilities in your dependencies are detected
- Dependabot security updates: upgrades a dependency to patched version when a vulnerability is detected by opening a pull request to your repo
- Dependabot version updates: opens pull requests to keep all your dependencies up to date, decreasing your exposure to vulnerabilities and chance of getting stuck on an outdated version
For more information and to set up Dependabot on your GitHub Enterprise Server instance, see enabling Dependabot for your enterprise and enabling the dependency graph for your enterprise.
GitHub Actions
Reusable Workflows now generally available
Reusable workflows, formally known as “templates,” is the key component of centrally managed workflows. This feature enables you to reuse an entire workflow as if it were an action. Instead of copying and pasting workflow definitions across repositories, you can reference an existing workflow with a single line of configuration.
Cache Support now generally available
GitHub Actions enables customers to cache intermediate outputs and dependencies for their workflows, which is an effective way to make jobs faster.
Restrict self-hosted runner groups to specific workflows
In addition to restricting which repositories can access specific enterprise and organization runner groups, administrators can further control access by selecting specific workflow files and versions. Combining this feature with reusable workflow can help you create more secure standard workflows in your organization.
Self-hosted runners can now disable automatic updates
You now have more control over when your self-hosted runners perform software updates. If you specify the --disableupdate
flag to the runner then it will not try to perform an automatic software update if a newer version of the runner is available. This allows you to update the self-hosted runner on your own schedule, and is especially convenient if your self-hosted runner is in a container.
For Enterprise Administrators
IP allow list for maintenance
We are introducing a new option for maintenance settings to keep GitHub Enterprise Server in a healthy state to serve production traffic after any operational changes while in maintenance mode. This modification enables administrators to only allow a set of certain IP addresses access to the appliance.
GitHub Enterprise Server Statistics
Customers can now gather 41 GitHub Enterprise Server metrics to understand how they are using the platform. These metrics will give insights into how the users are utilizing the product, clarity on how teams operate, and gain maximum value from all aspects of GitHub Enterprise Server.
Security
Audit Log now includes git events
Three new events, git.clone, git.fetch, and git.push,
will be incorporated alongside existing audit log events and available for search via the UI, export via JSON/CSV, and search via the API and streaming. Customers will be able to more fully observe UI and CLI activity on their account through the audit log. This will help customers to better meet administration, compliance, and security response needs.
What’s included in GitHub Advanced Security
Prevent secret leaks with secret scanning push protection now in public beta
GitHub Advanced Security customers can now block pushes that include secrets. Push protection scans for highly identifiable secrets with a false positive rate of less than 1%. Developers can review the identified secrets and remove them or, if needed, bypass the block. For more information, see “Protecting pushes with secret scanning.”
Quantify your security risk with security overview org-level view (Generally Available) and enterprise-level view (Public Beta)
GitHub Advanced Security customers now have access to a security overview at both the organization and enterprise level. The security overview aggregates security results, with both repo-centric and alert-centric views for secret scanning, Dependabot, and code scanning.
Secret scanning supports organization-level and repository-level dry runs now in public beta
A poorly authored custom pattern can create thousands of results across an organization or repository. To solve this, GitHub Advanced Security customers can now dry-run scans before publishing them. Dry runs can be used at the organization-level and repository-level, and are in public beta.
CodeQL detects more security issues, supports new language versions
GitHub Advanced Security customers can now benefit from a range of improvements to CodeQL, including support for new languages, improved detection for a large number of CWEs, and performance improvements. More details.
To learn more about all the new features in GitHub Enterprise Server 3.5, read the release notes or download it today. Are you using the latest GitHub Enterprise Server version? Use the Upgrade Assistant to find the upgrade path from your current version of GitHub Enterprise Server to your desired version.
More on Dependabot
How we use Dependabot to secure GitHub
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.
Today’s most common security vulnerabilities explained
We're taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.
5 simple things every developer can do to ship more secure code
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
More on GitHub Actions
Connecting to a private network from GitHub-hosted Actions runners
Several ways for GitHub-hosted Actions runners to connect to resources on your private network.
Supercharging GitHub Actions with Job Summaries
You can now output and group custom Markdown content on the Actions run summary page.
5 simple things every developer can do to ship more secure code
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
Recommend
-
15
GitHub Enterpr...
-
2
Red Hat Enterprise Linux 8.4, which was pre-announced on April 27 at Red Hat Summit, is now generally available. We encourage
-
7
...
-
5
September 28, 2021 ...
-
5
Enterprise managed users are now generally available for GitHub Enterprise Cloud The future of software development is in the cloud. At GitHub, we are focusing on making the transition to cloud an e...
-
3
-
4
GitHub Copilot is now generally available, starts at $10/month...
-
1
SQL Server 2022 is now generally available November 16, 2022 7 min read Part of the
-
3
GitHub Enterprise Server 3.10 is now generally availableCustomers using GHES can now ensure secure development is a top priority with enhanced security and compliance controls for their reposi...
-
2
GitHub Enterprise Server 3.11 is now generally availableCustomers using GitHub Enterprise Server can gain more insight and understanding into the security of their code. ...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK