GitHub · Google · GitHub Blog

OIDC support for Dependabot and code scanning - GitHub Changelog

Tue, Apr 14 · 8:31 PM UTC 2 min read

Compiled by KHAO Editorial — aggregated from 3 outlets. See llms.txt for citation guidance.

★ Tier-1 Source

Dependabot and code scanning now support OpenID Connect (OIDC) authentication for private registries configured at the organization level, eliminating the need to store long-lived credentials as repository secrets.

Key facts

This feature is now generally.com and will ship in GitHub Enterprise Server 3.22
With OIDC-based authentication, you can dynamically obtain short-lived credentials from your cloud identity provider, like GitHub Actions workflows using OIDC federation
Within the next four weeks, they will add support for Cloudsmith and Google Artifact Registry
Organization administrators can configure OIDC-based credentials for private registries across their organization

Summary

Organization administrators can configure OIDC-based credentials for private registries across their organization. Within the next four weeks, they will add support for Cloudsmith and Google Artifact Registry. This feature is now generally.com and will ship in GitHub Enterprise Server 3.22. Learn more about configuring OIDC for Dependabot and code scanning at the organization level.

#GitHub #Google

Full coverage

All sources for this story are listed below — KHAO's direct ingest only; no additional coverage was discovered via Google News.

Tier 1 — direct ingest

GitHub Blog Apr 14 · 20:31 UTC

GitHub Blog Apr 14 · 18:32 UTC

You can now link code scanning alerts to GitHub Issues, bringing security remediation into your existing planning and tracking workflows.

GitHub Blog Apr 14 · 11:40 UTC

We’ve updated the GitHub Code Quality experience to make it easier to navigate and triage findings across your repository.