ghec

Subscribe to all “ghec” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Replacement of announcement banner GraphQL fields

Announcement banner fields in GraphQL for enterprises and organizations are being replaced with a new announcementBanner object to simplify their access and better follow our standard styles. The new fields are available today, and the old fields will be removed on April 1, 2025.

The following fields are being removed from the enterprise and organization GraphQL objects:

  • announcement
  • announcementCreatedAt
  • announcementExpiresAt
  • announcementUserDismissible

The new GraphQL structure for these fields is:

announcementBanner {
  message
  createdAt
  expiresAt
  isUserDismissible
}

Learn more about announcement banners for organizations on GitHub Enterprise Cloud.

See more

View an organization’s REST API activity with API insights in public preview

As a GitHub Enterprise Cloud organization owner, you and your designated users can now use API insights to visualize REST API activity for your entire organization or specific apps and users. This new feature, currently in public preview, helps you understand the sources of your REST API activity and manage against your primary rate limits—giving you visibility into the timeframe, apps, and API endpoints involved.

Who can access it

The API insights feature is available only at the organization level. By default, only organization owners can access it. However, organization owners can grant access to non-owners by creating a custom role at the organization level, assigning the permission named View organization API insights to the custom role, and then assigning the custom role to an organization member or team. See the documentation for managing organization custom roles.

Where to find it

The API insights public preview feature is enabled for all GitHub Enterprise Cloud organizations. To access it on your organization home page, select Insights near the top of the page, and then select REST API on the left side of the page.

An image of an organization homepage where selecting Insights and then REST API will navigate to the new API insights feature.

How to use it

Use the Period and Interval drop-downs to choose the range of time displayed in the chart and how granularly to display REST API requests on the chart. These drop-downs also set the time range for the “Total REST requests,” the “Primary-rate-limited requests,” and the Actors table below the chart.

An image of the API insights feature page showing the Period drop-down expanded for selecting the time period of REST API activity to include.

The Actors table displays the GitHub Apps and users that made REST API requests in the current organization within the selected time period. Select a GitHub App to display its REST API activity and any primary-rate-limiting. Select a user to display their personal REST API activity from personal access tokens (PATs) and OAuth apps acting on their behalf.

An image of the API insights feature page showing a table of actors, including GitHub Apps and users, that created REST API activity in the selected time period.

Tell us what you think

We welcome your feedback in this community discussion.

Refer to the documentation for API insights for more details about understanding your organization’s REST API activity and investigating primary-rate-limiting.

See more

GitHub Enterprise Cloud Data Residency in the EU is generally available

Announcing the general availability of GitHub Enterprise Cloud with data residency in the EU

Today, GitHub Enterprise Cloud with data residency in the EU is generally available. GitHub Enterprise Cloud offers customers a robust, enterprise-grade development platform designed to enhance productivity, collaboration, and agility in software development, while providing the flexibility and control to choose where your code is stored, starting with the European Union (EU) and expanding to more regions in the future. Customers will also be able to monitor the status and availability of our services by region via the GitHub status webpage.

What is GitHub Enterprise Cloud with data residency?

GitHub Enterprise Cloud is a multi-tenant, enterprise SaaS deployment option of GitHub Enterprise with enhanced enterprise-grade capabilities and powered by Microsoft Azure. Customers experience a cloud-based unified platform that includes a suite of tools and capabilities to enhance the developer experience, so you can focus on building innovative software at scale without the complexities of having to manage updates and infrastructure.

GitHub Enterprise Cloud empowers you with the flexibility to choose where your code is stored, starting with the EU and expanding to more regions in the future. This enhanced control allows you to manage your data residency preferences to meet the unique needs of your business, whether for compliance, performance, availability, or other reasons. Powered by Microsoft Azure’s enterprise-grade infrastructure and security, GitHub Enterprise Cloud with data residency protects your code both in transit and at rest.

Who is this available for?

GitHub Enterprise Cloud is available to customers who need their code and repository data to reside in the EU. Support for data residency in additional regions will be released as they become available.

How can I access GitHub Enterprise Cloud with data residency?

Get started today by contacting our sales team. You can also learn more by visiting our docs.

Join our Community

Discuss this and other updates and swap tips with other Github Enterprise customers in our dedicated Community Discussions.

See more

Announcing GitHub for Nonprofits

Now, verified nonprofits can access the GitHub Team plan for free or receive 25% off the GitHub Enterprise Cloud plan through GitHub for Nonprofits. This includes nonprofit organizations that are 501(c)(3) or equivalent and are non-governmental, non-academic, non-commercial, non-political in nature, and have no religious affiliation.

You can sign up here to get exclusive discounts automatically applied to your account. Join GitHub for Nonprofits, where technology meets purpose, and together, let’s create a more sustainable and equitable future for all.

Join the discussion within GitHub Community.

See more

Team Sync no longer invites or removes organization members by default

For GitHub Enterprise Cloud customers, team sync no longer invites members to organizations by default. For existing team sync customers we have added a configuration option to disable automatic organization provisioning for users that are synced from your identity provider groups. Team sync will not remove users from an organization when they are removed from a team.

For additional information and instructions to opt out of the default behavior, learn more in our team sync documentation.

See more

Organization Audit Logs include IP addresses – Public Beta

GitHub organization owners can now opt-in to a public beta to display organization members' IP addresseses in audit logs events. When enabled, IP addresses will be displayed for all audit log events performed by organization members on organization assets other than public repositories, which will be treated differently due to privacy obligations.

The inclusion of IP addresses in audit logs helps software developers and administrators protect their systems and data from potential threats and improve their overall security posture by providing the source of an action or event within a system or network. This information is crucial for troubleshooting issues or investigating security incidents. IP addresses are often used in forensic investigations to trace the origin of cyberattacks, unauthorized access, or other malicious activities.

For additional information and instructions for enabling this feature, read about displaying IP addresses in the audit log for your organization.

See more

New and improved Enterprise Reports now Generally Available

The recently enhanced GitHub Enterprise "consumed licenses" report and new "enterprise members" report are now generally available. These reports provide more insight into who has access to an enterprise, what level of access, and whether a license is consumed:

  • Consumed License Report: A breakdown of license usage for your GitHub Enterprise and any synced GitHub Enterprise Server instances;
  • Enterprise Members Report: An extensive list of licensed and non-licensed members associated with your Enterprise Cloud environment, including members synced from a GitHub Enterprise Server instance.

To learn more about these reports and how to access them, read our documents about viewing license usage for GitHub Enterprise and exporting membership information about your enterprise.

See more

License sync updates: new Consumed License data, a new License API and license matching improvements (Public Beta)

We’ve made a series of improvements to the GitHub Connect license sync feature in addition to the "Sync now" button we recently added in GHES:

  1. Enterprise administrators can now access a refreshed Consumed License CSV that includes additional data, such as the saml_name_id and the GitHub Enterprise Cloud email address (for verified domains only) for each user;
  2. Enterprise administrators also have access to two new License REST API endpoints:
    a. consumed-licenses: returns the same Consumed License data found in the CSV download
    b. license-sync-status: returns information related to the license sync job status
  3. We improved the license sync matching algorithm for enterprises that use SAML SSO. We now attempt to match Server user accounts against SAML attributes in addition to matching against users' GitHub Enterprise Cloud email addresses. This improvement eliminates the need for enterprise administrators to require users to add their work-related email addresses to their GitHub Enterprise Cloud account.

Learn more about license sync and give us your feedback

See more

GitHub Enterprise Cloud customers can configure audit log streaming to AWS S3 with OpenID Connect (OIDC) – Public Beta

GitHub Enterprise Cloud customers can elect to participate in a public beta to configure audit log streaming to AWS S3 with OpenID Connect (OIDC). Audit log streaming configured with OIDC eliminates storage of long-lived cloud secrets on GitHub by using short-lived tokens exchanged via REST/JSON message flows for authentication.

For additional information, please follow the instructions for setting up audit log streaming to AWS S3 with OpenID Connect.

See more

GitHub Enterprise Cloud customers can access IP addresses for audit log entries for enterprise owned assets

The ability for GitHub Enterprise Cloud owners to display members’ IP addresses for all audit logs events for private repositories and other enterprise assets, such as issues and projects, is generally available.

These IP addresses can be used to improve threat analyses and further secure your software. Note, IP addresses will continue to not be displayed for activity related to public repositories.

For additional information, read about displaying IP addresses in the audit log for your enterprise.

See more

Audit Log Streaming to Datadog available as Private Beta

GitHub Enterprise Cloud (GHEC) customers can now participate in a private beta enabling audit log streaming to a Datadog endpoint. Audit log streaming to Datadog not only allows enterprises to satisfy long-term data retention goals but also analyze GitHub audit log data using the tools offered by Datadog.

GHEC administrators interested in participating in the private beta should reach out to your GitHub account manager or contact our sales team to make the feature available for your enterprise. Once enabled, administrators can follow the instructions for setting up streaming to Datadog and provide feedback on their experience at the audit log streaming to Datadog community discussion.

See more

GitHub Enterprise Cloud customers can configure audit log streaming to AWS S3 with OpenID Connect (OIDC)

GitHub Enterprise Cloud customers can elect to participate in a private beta to configure audit log streaming to AWS S3 with OpenID Connect (OIDC). Audit log streaming configured with OIDC eliminates storage of long-lived cloud secrets on GitHub by using short-lived tokens exchanged via REST/JSON message flows for authentication.

If interested in participating in the private beta, please reach out to your GitHub account manager or contact our sales team to make the feature available for your enterprise. For additional information on configuring OIDC, read about setting up audit log streaming to AWS S3 with OpenID Connect.

See more

Azure AD OIDC and Conditional Access support for GHEC EMUs

Enterprises that use Enterprise Managed Users (EMUs) to authenticate their accounts via Azure Active Directory can now use Azure AD location-based Conditional Access policies to protect the use of PATs and SSH keys. This requires the use of a new OpenID Connect-based application rather than a SAML integration. To learn more, read about enforcing Azure AD Conditional Access for PATs and SSH keys.

Note: this feature is currently in public beta for new and existing Azure AD EMU enterprises.

For more information:

See more
View more changes