Site icon API Security Blog

GitHub Enterprise Server 3.5 is now generally available

GitHub Enterprise Server 3.5 focuses on adding more security features to keep your code secure, along with updates to our developer experience and additional automation features.

This latest version brings more than 60 new features, with an emphasis on new capabilities for [GitHub Advanced Security]().

[Download the latest version now]().

## What’s included in GitHub Enterprise Server 3.5

### GitHub Container Registry now available in public beta

Since releasing the Container registry to GitHub Packages last year, developers are using the registry to publish and manage thousands of containers and consume these containers millions of times on a daily basis.

Starting with GitHub Enterprise Server 3.5, customers will have access to the GitHub Container registry, which admins can enable from the [management console](). With this release, customers can now:

* Configure [fine-grained permissions control]() for containers in their organization.
* Configure [“Internal” visibility settings]() for containers within organizations in addition to “Private” and “Public.”
* Share data at the organization level, thereby decreasing bandwidth and storage requirements.
* Achieve tighter [integrations with their Actions workflow]() and securely access containers from workflows via the GITHUB_TOKEN.
* [Anonymously access public containers](), thereby allowing customers to be able to access public containers without providing any credentials.
* Store and manage [Open Container Initiative (OCI) ]()images.

### Dependabot now generally available

Now, all customers hosting their own GitHub Enterprise Server instance will be able to take advantage of all that Dependabot has to offer. This has been a long time in the making and fulfills one of our most common feature requests from GitHub Enterprise Server customers. For those unfamiliar, Dependabot consists of three services:

* **Dependabot alerts**: alert you the moment vulnerabilities in your dependencies are detected
* **Dependabot security updates**: upgrades a dependency to patched version when a vulnerability is detected by opening a pull request to your repo
* **Dependabot version updates**: opens pull requests to keep _all_ your dependencies up to date, decreasing your exposure to vulnerabilities and chance of getting stuck on an outdated version

For more information and to set up Dependabot on your GitHub Enterprise Server instance, see [enabling Dependabot for your enterprise]() and [enabling the dependency graph for your enterprise]().

### GitHub Actions

#### Reusable Workflows now generally available

Reusable workflows, formally known as “templates,” is the key component of centrally managed workflows. This feature enables you to reuse an entire workflow as if it were an action. Instead of copying and pasting workflow definitions across repositories, you can reference an existing workflow with a single line of configuration.

#### Cache Support now generally available

GitHub Actions enables customers to cache intermediate outputs and dependencies for their workflows, which is an effective way to make jobs faster.

#### Restrict self-hosted runner groups to specific workflows

In addition to restricting which repositories can access specific enterprise and organization runner groups, administrators can further control access by selecting specific workflow files and versions. Combining this feature with reusable workflow can help you create more secure standard workflows in your organization.

#### Self-hosted runners can now disable automatic updates

You now have more control over when your self-hosted runners perform software updates. If you specify the `–disableupdate` flag to the runner then it will not try to perform an automatic software update if a newer version of the runner is available. This allows you to update the self-hosted runner on your own schedule, and is especially convenient if your self-hosted runner is in a container.

### For Enterprise Administrators

#### IP allow list for maintenance

We are introducing a [new option for maintenance settings]() to keep GitHub Enterprise Server in a healthy state to serve production traffic after any operational changes while in maintenance mode. This modification enables administrators to only allow a set of certain IP addresses access to the appliance.

#### GitHub Enterprise Server Statistics

Customers can now gather [41 GitHub Enterprise Server metrics]() to understand how they are using the platform. These metrics will give insights into how the users are utilizing the product, clarity on how teams operate, and gain maximum value from all aspects of GitHub Enterprise Server.

### Security

#### Audit Log now includes git events

Three new events, `git.clone, git.fetch, and git.push,`will be incorporated alongside existing audit log events and available for search via the UI, export via JSON/CSV, and search via the API and streaming. Customers will be able to more fully observe UI and CLI activity on their account through the audit log. This will help customers to better meet administration, compliance, and security response needs.

## What’s included in GitHub Advanced Security

#### Prevent secret leaks with secret scanning push protection now in public beta

GitHub Advanced Security customers can now block pushes that include secrets. Push protection scans for highly identifiable secrets with a false positive rate of less than 1%. Developers can review the identified secrets and remove them or, if needed, bypass the block. For more information, see “[Protecting pushes with secret scanning]().”

#### Quantify your security risk with security overview org-level view (Generally Available) and enterprise-level view (Public Beta)

GitHub Advanced Security customers now have access to a security overview at both the organization and enterprise level. The security overview aggregates security results, with both repo-centric and alert-centric views for secret scanning, Dependabot, and code scanning.

#### Secret scanning supports organization-level and repository-level dry runs now in public beta

A poorly authored custom pattern can create thousands of results across an organization or repository. To solve this, GitHub Advanced Security customers can now dry-run scans before publishing them. Dry runs can be used at the organization-level and repository-level, and are in public beta.

#### CodeQL detects more security issues, supports new language versions

GitHub Advanced Security customers can now benefit from a range of improvements to CodeQL, including support for new languages, improved detection for a large number of CWEs, and performance improvements. [More details]().

To learn more about all the new features in GitHub Enterprise Server 3.5, read the [release notes]() or [download it today](). Are you using the latest GitHub Enterprise Server version? Use the [Upgrade Assistant]() to find the upgrade path from your current version of GitHub Enterprise Server to your desired version.Read More

Exit mobile version