Business · GitHub Blog
OIDC support for Dependabot and code scanning - GitHub Changelog
Compiled by KHAO Editorial — aggregated from 1 outlet. See llms.txt for citation guidance.
✓ KHAO Verified
Dependabot and code scanning now support OpenID Connect (OIDC) authentication for private registries configured at the organization level, eliminating the need to store long-lived credentials as repository secrets.
Key facts
- This feature is now generally.com and will ship in GitHub Enterprise Server 3.22
- With OIDC-based authentication, you can dynamically obtain short-lived credentials from your cloud identity provider, like GitHub Actions workflows using OIDC federation
- Within the next four weeks, they will add support for Cloudsmith and Google Artifact Registry
- Organization administrators can configure OIDC-based credentials for private registries across their organization
Summary
Organization administrators can configure OIDC-based credentials for private registries across their organization. Within the next four weeks, they will add support for Cloudsmith and Google Artifact Registry. This feature is now generally.com and will ship in GitHub Enterprise Server 3.22. Learn more about configuring OIDC for Dependabot and code scanning at the organization level.