Code security configurations API now includes validity checks, enforcement, and removal

The REST API now supports the following code security configuration actions for organizations:
Detach configurations from repositories
Enforce configurations
Enable validity checks for secret scanning in a configuration

The API is now available on GitHub Enterprise Cloud and will be available in GitHub Enterprise Server 3.15.0. You can learn more about security configurations, the REST API, or send us your feedback.

Secret scanning detects generic passwords with AI (public beta)

Secret scanning now detects generic passwords using AI. Passwords are difficult to find with custom patterns — the AI-powered detection offers greater precision for unstructured credentials that can cause security breaches if exposed.

Passwords found in git content will create a secret scanning alert in a separate tab from regular alerts. Passwords will not be detected in non-git content, like GitHub Issues or pull requests, and are not included in push protection. Password detection is backed by the Copilot API and is available for all repositories with a GitHub Advanced Security license. You do not need a Copilot license to enable generic secret detection.

To start detecting passwords, select “Use AI detection to find additional secrets” within your code security and analysis settings at the repository level, or the code security global settings at the organization level.

See more

Filter repositories by configuration attachment failure reason in the code security configurations UI

Organization owners and security managers can now filter the table of repositories on the code security configurations settings page by configuration attachment failure reason.

This is useful when you’ve attempted to attach a code security configuration to many repositories at the same time, and some have failed. The reason for the failure is also now listed in the row with the repository name.

Use the search bar to filter by failure-reason: and then insert one of the following options:
actions_disabled – When you are attempting to rollout default setup for code scanning, but the repository does not have Actions enabled on it.
code_scanning – When you are attempting to rollout default setup for code scanning, but the repository already has advanced setup for code scanning.
enterprise_policy – When the enterprise does not permit GitHub Advanced Security to be enabled in this organization.
not_enough_licenses – When enabling advanced security on these repositories would exceed your seat allowance.
not_purchased – When you are attempting to rollout a configuration with GitHub Advanced Security features, but GitHub Advanced Security has not been purchased.
unknown – When something unexpected occurred.

Learn more about code security configurations, the configurations REST API, or send us your feedback.

See more
View all changes