GitHub, the world’s largest software development collaboration platform, today announced Enterprise Server 3.10 is now generally available. With this version, organizations will be able to give developers and administrators more control over their repositories with enhanced security and compliance controls, and ensure secure development is a top priority.
Highlights of this release include:
- GitHub Projects is generally available, with additions that help teams manage large projects (#650)
- Always deploy safely, with custom deployment protection rules for GitHub Actions (#199) and new policy control over runners
- Start finding vulnerabilities in all your repositories, in just a few clicks with a new default setup experience for GitHub Advanced Security code scanning (#642), and track security coverage and risk at the enterprise level (#766)
- Fine-grained personal access tokens (PATs) bring granular control to PATs (#184)
- Branch protections meet more compliance needs with more control over merge policies
- Backup instances faster and more incrementally, for more confident operations
GitHub Projects is generally available
Organize and track your team’s work directly on GitHub using the new Projects, now generally available on Enterprise Server.
Built like a spreadsheet, project tables give a live workspace to filter, sort, and group issues and pull requests. This gives administrators greater visibility across everything that’s happening, and development teams can collaborate and stay in flow more efficiently.
“Before GitHub Projects, I would have needed two or more tools to get context from interdisciplinary teams on their projects. Now I can get context at a glance all in one place, so teams can be efficient and stay in the flow.”
Lisa Vanderschuit, Engineering Program Manager, Office of the CTO, Shopify
Always deploy safely, with custom deployment protection rules for GitHub Actions
Shipping software faster means knowing you’re doing so safely. That means deployments need to be both governed and automated. Teams using GitHub Actions for continuous deployment have long been able to protect specific environments to enforce deployment protection rules, such as requiring approval from specific team members. With GitHub Enterprise Server 3.10, teams can create their own custom deployment protection rules (beta) to set up rigorous guardrails that ensure only the deployments that pass all quality, security, and manual approval requirements make it to production.
It also gives administrators new control over the security and management of runners for GitHub Actions. Centrally managing self-hosted runners is a best practice that helps companies ensure that runners aren’t compromised by untrusted code in a workflow. Now, enterprise administrators can disable repository level self-hosted runners across organizations and user namespaces, ensuring that all jobs are hosted on centrally governed machines.
Start finding vulnerabilities in all your repositories, in just a few clicks
This means building security tools that provide a frictionless experience for developers so they can focus on innovation. With code scanning, automated security checks are run with every pull request, surfacing issues in the context of the development workflow and empowering developers to fix 48% of vulnerabilities in real time and 72% within 28 days. This release will make it easier for all developers to realize these results with seamless enablement. Developers can now set up code scanning on a repository in just a couple of clicks – without using a .yaml file – with the new “default setup”. Teams can also enable code scanning across multiple repositories at once with default setup.
Track security coverage and risk across your enterprise
With Dependabot, code scanning and secret scanning enabled across enterprise, it’s now easier for central security teams to track coverage and risk across all your repositories–with risk and coverage insights now included in the enterprise-level “code security” pages. Drill down by Team or Organization to drive directed roll out and remediation programs.
It’s also now easier for teams to prioritize their own remediation efforts, with tools such as the ability to filter alerts on a repository by file path or language. GitHub has also announced Swift support for code scanning. This launch, paired with the launch of Kotlin support in Enterprise Server 3.9, means that CodeQL, the engine that powers GitHub code scanning, covers both iOS and Android development languages. Note that Swift is not yet supported as a default setup language, and this will be added in a later release.
Minimize risk with fine-grained Personal Access Tokens
Classic PATs can be granted broad permissions across all repositories a user has access to. As a result, if one is leaked, the risk can be significant. Fine-grained PATs minimize this risk. They allow developers to grant a PAT permissions from a set of over 50 granular permissions. Each permission can be granted with either ‘no access’, ‘read’, or ‘read and write’ access. Fine-grained PATs also have an expiration date, and they only have access to the repositories or organizations they are explicitly granted access to. This makes it easy for developers to follow a least privileged access model when using PATs.
Branch protections meet more compliance needs
Branch protection rules gives one a lot of control over how to enforce approval processes for compliance. In this release, GitHub has refined this control with two key updates: changes to how required approvals are enforced, and allowing one to prevent the last pusher from approving a pull request.
Backup instances faster
Regular backups and upgrades are a core part of managing Enterprise Server instances. This release includes enhancements across these operations, from updating ghe-migrations to show the status of all database migrations during an upgrade, to incremental mySQL backups, and the ability to prune backup snapshots in backup-utils v3.10.0 outside of the backup generation process so backups can be taken more quickly.