GitHub added lots of new functionality with version 3.5 of Enterprise Server, including security and automation. The functionality should help developers streamline projects.
Version 3.5 comes with 60 new features. Many focus on securing the code used by developers and should ensure that it does not contain any vulnerabilities. The focus on ‘cleaning up’ code beforehand should prevent any vulnerabilities in open-source software from causing major problems later on in applications.
In GitHub Enterprise Server 3.5, developers are provided with Dependabot to combat vulnerabilities in code. This security tool automatically notifies developers of security flaws in open-source components used by applications. The tool also lets developers download patches as soon as they become available.
Furthermore, CodeQl makes it easier for developers to develop secure applications. The tool scans code for known vulnerabilities. In version 3.5, the tool is faster and can recognize additional types of security flaws.
Other functionality includes security for sensitive data. Among other things, the platform can now automatically block code containing sensitive data, such as encryption keys. Also, developers can now use the platform to track whether their applications comply with cybersecurity best practices, based on data from Dependabot, CodeOL and 141 other metrics.
In addition to security, GitHub Enterprise Server Platform 3.5 adds functionality for automation. The GitHub Actions was expanded considerably. For instance, the latest platform version makes it easier to reuse GitHub Actions automation workflows for different projects. Furthermore, container developers now have access to a new container registry. This allows them to centralize frequently used components in a repository.