What’s new in security and user management for GitHub Enterprise
Learn how you can securely manage users with the latest ships for GitHub Enterprise.
![Security in the Enterprise](https://cdn.statically.io/img/github.blog/wp-content/uploads/2022/04/Security-Enterprise@2x.png?resize=1600%2C850)
Over the past few weeks, we have released several new features to help our GitHub Enterprise customers secure and manage users at an enterprise level. Learn how you can securely manage users with GitHub Enterprise’s latest ships!
Here’s what’s new!
Limit who can invite outside collaborators to enterprise administrators
Enterprise owners can now prevent organization owners from inviting outside collaborators to repositories in their enterprise. In the “Repository outside collaborators” policy dropdown, we’ve included an additional option labeled “Enterprise admins only.” This option limits the ability to invite outside collaborators strictly to enterprise administrators.
Read our GitHub Changelog and documentation to learn more about repository management policies.
![Revoking pending member invitations](https://cdn.statically.io/img/github.blog/wp-content/uploads/2022/06/Repo-outside-collaborators-image-1.png?resize=1024%2C720)
Revoke pending member invitations
Another new feature now available in public beta is that enterprise owners have the ability to revoke pending member invitations. To view pending members and revoke a pending invitation, navigate to the “Pending invitations” page within your enterprise account.
Learn more about this feature via our Changelog and documentation.
![Cancel invitation UI](https://cdn.statically.io/img/github.blog/wp-content/uploads/2022/06/Octocat-invite-image-2.png?resize=930%2C115)
View actor IP addresses in your GitHub Enterprise Cloud audit log
Now in public beta, GitHub Enterprise account owners can view actor IP addresses in the audit log for events associated with their private repositories. In this case, an actor is defined as a user that initiates an event within GitHub Enterprise. Disclosing actor IP addresses within audit logs is a long-awaited feature for our Enterprise customers, because it enables them to meet their security and compliance needs. IP addresses are only shared if an Enterprise member takes action against their GitHub Enterprise-owned asset, such as a private repository, project board, issue, or GitHub Action within the enterprise organization. We do not report when someone pushes code to a public repository or a GitHub Enterprise member pushes code to private repositories that are not part of their enterprise’s organization.
View Dependabot alerts across the enterprise
GitHub Advanced Security customers can now view Dependabot alerts at the enterprise level. This new UI capability in public beta displays a repository-centric view of application security risks, an alert-centric view of all secret scanning, and Dependabot alerts. We plan to include alert-centric views for code scanning in the near future!
Read our Changelog and documentation to learn more about security overview.
![Dependabot alerts UI](https://cdn.statically.io/img/github.blog/wp-content/uploads/2022/06/Dependabot-alerts-image-3.png?resize=1024%2C486)
Conduct dry runs for custom secret scanning pattern
GitHub Advanced Security customers can also conduct dry runs for custom secret scanning patterns. Conducting dry runs allows admins to understand a pattern’s impact across the entire enterprise and hone in on the pattern before publishing and generating alerts.
Check out our Changelog and our documentation for more information
To learn more about how to keep your organization secure, check out our docs on managing and reviewing security settings.
Tags:
Written by
Related posts
![](https://cdn.statically.io/img/github.blog/wp-content/uploads/2024/04/Enterprise-DarkMode-2-3.png?resize=400%2C212)
GitHub Actions, Arm64, and the future of automotive software development
Learn how GitHub’s Enterprise Cloud, GitHub Actions, and Arm’s latest Automotive Enhanced processors, work together to usher in a new era of efficient, scalable, and flexible automotive software creation.
![A schematic diagram depicting the steps an SAST tool takes to scan the source code of an SQL application under an SQL injection attack. The first step is tokenizing the source code, the second is abstracting the source code, the third conducting semantic analysis, the fourth conducting taint analysis, and the last generating a security alert about the SQL injection vulnerability.](https://cdn.statically.io/img/github.blog/wp-content/uploads/2024/02/sast-tool-diagram.png?resize=400%2C212)
The architecture of SAST tools: An explainer for developers
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.
![](https://cdn.statically.io/img/github.blog/wp-content/uploads/2023/11/Security-LightMode-4.png?resize=400%2C212)
Frenemies to friends: Developers and security tools
When socializing a new security tool, it IS possible to build a bottom-up security culture where engineering has a seat at the table. Let’s explore some effective strategies witnessed by the GitHub technical sales team to make this shift successful.