Connect with us

Hi, what are you looking for?


Application Security

GitHub Enterprise Server Gets New Security Capabilities

GitHub Enterprise Server 3.10 released with additional security capabilities, including support for custom deployment rules.

GitHub on Tuesday announced the general availability of Enterprise Server 3.10 with new security capabilities, including support for custom deployment rules.

With the new release, GitHub Projects is now generally available in Enterprise Server, providing administrators with increased visibility over issues and pull requests.

Now, teams using GitHub Actions can also create their own custom deployment protection rules, to ensure that only “the deployments that pass all quality, security, and manual approval requirements make it to production,” the code hosting platform explains.

The new release also provides administrators with additional control over the management and security of runners in GitHub Actions, allowing them to disable repository-level self-hosted runners across the entire organization and cross-user namespaces, to ensure that jobs are hosted on centrally managed machines only.

GitHub Enterprise Server 3.10 also makes it easier for developers to set up code scanning on their repositories, using the new default setup, without the need of YAML files. The new default setup also allows teams to enable code scanning across multiple repositories at once.

According to GitHub, the new release also makes it easier for security teams to track coverage and risks across all repositories, from the enterprise-level “code security” pages, through the Dependabot feature.

An ability to filter alerts on a repository by file path or language should make it easier to prioritize remediation efforts, while the newly added Swift support (which follows Kotlin support in the previous release) results in GitHub’s code scanning now covering iOS and Android development languages as well.

Advertisement. Scroll to continue reading.

GitHub also introduces fine-grained Personal Access Tokens in Enterprise Server, to minimize risks if one token is leaked (previously, PATs could be granted broad permissions across all repositories).

Developers can now select from a set of over 50 granular permissions, each with ‘no access’, ‘read’, or ‘read and write’ access options.

“Fine-grained PATs also have an expiration date, and they only have access to the repositories or organizations they are explicitly granted access to. This makes it easy for developers to follow a least privileged access model when using PATs,” GitHub explains.

The latest GitHub Enterprise Server release also brings refined branch protections (changes to how required protections are enforced, and on preventing last pushers from approving pull requests) and improved backup operations.

Related: GitHub Paid Out $1.5 Million in Bug Bounties in 2022

Related: GitHub Secret-Blocking Feature Now Generally Available

Related: GitHub Announces New Security Improvements

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.