GitHub Enterprise Server adds code security, automation features

Update to GitHub’s software for managing repositories on private servers features GitHub Container Registry access, Dependabot security alerts and updates, and reusable workflows.

GitHub Enterprise Server adds code security, automation features
KrulUA / Getty Images

GitHub Enterprise Server 3.5, the latest version of GitHub’s software for hosting and managing repositories on private servers, introduces new code security features, new automation capabilities, and access to the GitHub Container Registry, which is now available in public beta.

Generally available May 31, GitHub Enterprise Server 3.5 is accessible from the GitHub Enterprise website. With this release, access to the GitHub Container Registry can be enabled from the management console. Developers can configure fine-grained permissions control for containers and internal visibility settings for containers within organizations in addition to Private and Public. Also, data can be shared at the organization level, decreasing storage and bandwidth requirements. Developers also can securely access containers from workflows using the GITHUB_TOKEN.

GitHub Enterprise Server 3.5 takes full advantage of Dependabot automated dependency updates. Dependabot consists of three services: alerts, to alert users when vulnerabilities are detected in dependencies; security updates, to upgrade a dependency to a patched version when a vulnerability is detected by opening a pull request in a repo; and version updates, to keep all dependencies up-to-date and decrease exposure to vulnerabilities.

Other capabilities in GitHub Enterprise Server 3.5 include:

  • Anonymous access for public containers, allowing users to access these containers without providing credentials.
  • The audit log now includes Git events.
  • Storage and management of Open Container Initiative (OCI) Images.
  • GitHub Advanced Security users now can block pushes that include secrets. They also have access to a security overview at both the organization and enterprise levels.
  • A new option for maintenance settings keeps GitHub Enterprise Server in a healthy state to serve production traffic after operational changes while in maintenance mode. Administrators can allow only a certain set of IP addresses access to the appliance.
  • Users can gather 41 GitHub Enterprise Server metrics to understand how they are using the platform.
  • Reusable workflows in GitHub Actions, formerly known as templates, are now generally available.
  • GitHub Actions now allows users to cache intermediate ouputs and dependencies for workflows. This makes jobs faster.

Copyright © 2022 IDG Communications, Inc.