GitHub Enterprise Server Gets New Security Capabilities
GitHub on Tuesday announced the general availability of Enterprise Server 3.10 with new security capabilities, including support for custom deployment rules.
With the new release, GitHub Projects is now generally available in Enterprise Server, providing administrators with increased visibility over issues and pull requests.
Now, teams using GitHub Actions can also create their own custom deployment protection rules, to ensure that only “the deployments that pass all quality, security, and manual approval requirements make it to production,” the code hosting platform explains.
The new release also provides administrators with additional control over the management and security of runners in GitHub Actions, allowing them to disable repository-level self-hosted runners across the entire organization and cross-user namespaces, to ensure that jobs are hosted on centrally managed machines only.
GitHub Enterprise Server 3.10 also makes it easier for developers to set up code scanning on their repositories, using the new default setup, without the need of YAML files. The new default setup also allows teams to enable code scanning across multiple repositories at once.
According to GitHub, the new release also makes it easier for security teams to track coverage and risks across all repositories, from the enterprise-level “code security” pages, through the Dependabot feature.
An ability to filter alerts on a repository by file path or language should make it easier to prioritize remediation efforts, while the newly added Swift support (which follows Kotlin support in the previous release) results in GitHub’s code scanning now covering iOS and Android development languages as well.
GitHub also introduces fine-grained Personal Access Tokens in Enterprise Server, to minimize risks if one token is leaked (previously, PATs could be granted broad permissions across all repositories).
Developers can now select from a set of over 50 granular permissions, each with ‘no access’, ‘read’, or ‘read and write’ access options.
“Fine-grained PATs also have an expiration date, and they only have access to the repositories or organizations they are explicitly granted access to. This makes it easy for developers to follow a least privileged access model when using PATs,” GitHub explains.
The latest GitHub Enterprise Server release also brings refined branch protections (changes to how required protections are enforced, and on preventing last pushers from approving pull requests) and improved backup operations.
Related: GitHub Paid Out $1.5 Million in Bug Bounties in 2022
Related: GitHub Secret-Blocking Feature Now Generally Available
Related: GitHub Announces New Security Improvements
https://www.securityweek.com/github-enterprise-server-gets-new-security-capabilities/