Notes

GitHub Enterprise Server Adds Code Security, Automation Features

What is Git? datchley's news Control of version is vital for collaborative programming



Home Software Development GitHub



GitHub Enterprise Server offers code security and automation capabilities



Update to the software used by GitHub to manage repositories on private servers features GitHub Container Registry access, Dependabot security alerts and updates, as well as reusable workflows.



By Paul Krill



Editor at Large, InfoWorld |



GitHub Enterprise Server 3.5, the most current version of the software used by GitHub for hosting and managing repositories on private servers, adds new security features to code, new automation capabilities, and access to the GitHub Container Registry, which is now in public beta.



GitHub Enterprise Server 3.5 will be available for general download May 31. It is accessible from the GitHub Enterprise website. Access to the GitHub Container Registry is now possible via the management console. Developers can customize fine-grained permissions control for containers as well as internal visibility settings for containers within organizations in addition to Public and Private. Data can be shared at an organizational level, which decreases the bandwidth and storage requirements. Developers can also access securely containers through workflows using GITHUB_TOKEN.



[ Also on InfoWorld: The GitHub Copilot preview gives us hope ]



Dependabot automated dependency upgrades are available in GitHub Enterprise Server 3.5. Dependabot comprises three services: alerts to alert users when vulnerabilities are discovered in dependencies; security updates, which allow you to upgrade a dependency to a patched or updated version when vulnerabilities are discovered by opening a pull request in repos; and version updates, to keep all dependencies current and reduce vulnerability exposure.



Other capabilities of GitHub Enterprise Server 3.5 include:



- Anonymous access to public containers that allows users to access the containers without requiring credentials. - The audit log now includes Git Events. Storage and management of Open Container Initiative (OCI), images. GitHub Advanced Security users can now block pushes that contain secrets. They also have access to an overview of security at the organization and enterprise levels. - A new option for maintaining settings will keep GitHub Enterprise Server in a well-functioning state to support production traffic following operational changes while in maintenance mode. Administrators can restrict access to the appliance to a certain number of IP addresses. - Users can gather 41 GitHub Enterprise Server metrics to see how they are using the platform. Reusable workflows that are part of GitHub Actions, formerly known as templates, are now generally available. - GitHub Actions now allows users to cache intermediate ouputs and dependencies for workflows. This helps to make workflows more efficient.


My Website: https://datchley.name/