GitHub Apps and OAuth Apps now feature GA support for the OAuth 2.0 Device Authorization Grant, in addition to the existing Web Application Flow. This allows any CLI client or developer tool to authenticate using a secondary system with a browser. GitHub CLI uses this authentication method on the login command.
Read the full documentation on Authorizing OAuth Apps and Authorizing Users for GitHub Apps for more information.
GitHub Advanced Security customers can now view and resolve private repository secret scanning results via the GitHub REST API. In addition, a webhook is available whenever a new committed secret is detected. The new API endpoints and webhooks will be in beta until early next year.
For more information:
Dependabot already updates your public dependencies, such as open source dependencies from a public GitHub repository, npm, Maven Central, or similar. Now, you can also update dependencies from private GitHub repositories. This feature is available for most package managers supported by Dependabot version updates, except bundler, hex, and pip.
To get started, grant Dependabot access to some or all of your private repositories on your organization's security & analysis settings page: https://github.com/organizations/YOUR-ORGANIZATION/settings/security_analysis.
