Major Features and Improvements

GitHub Enterprise Server (GHES) 3.20 delivers substantial enhancements across deployment efficiency, monitoring, security, and policy management. This release introduces several features that address enterprise governance and supply chain security concerns.

Security and Release Management

Immutable Releases are now generally available, allowing organizations to lock release assets from being added, modified, or deleted after publication. This protects the release tag from being moved or deleted, providing crucial defense against supply chain attacks. Note that release attestations remain exclusive to GitHub.com and are not yet available on GHES.

Secret Scanning Enhancements include multiple improvements:

• Validity checks indicate whether detected secrets are still active
• Push protection delegated bypass controls can now be managed at the enterprise level
• Expanded default coverage blocks additional secret types, reducing credential leak risks during pushes
• New detectors and improvements to existing secret type detection
• Alert assignment for better collaboration on credential leak responses
• Enterprise admins can now make validity checking available to repository admins from the Management Console

Enterprise Governance

Enterprise Teams (in public preview) allow enterprise owners to create and manage teams for simplified governance:

• Assign enterprise teams to organizations through API or enterprise settings UI
• Create and assign custom enterprise roles to teams and users
• Organization and repository owners can assign roles to enterprise teams within their scope
• Enterprise teams can be added to ruleset bypass lists
• Note: Feature has product limitations; see documentation for details

Enterprise Security Manager Role (in public preview) simplifies security policy and alert management for GitHub Advanced Security users. This role supports enterprises with up to 15,000 organizations.

Operational Improvements

Pull Request Merge Experience: The improved merge experience is now generally available with enhanced status check grouping (failing checks listed first), natural sorting, and better accessibility with consistent keyboard navigation and landmarks.

Backup Service: Previously in public preview, the managed, built-in backup service is now generally available as an alternative to external backup utilities. This eliminates the need for a separate host for backup software. Important note: backup-utils will be retired starting in version 3.22.

Getting Started

Organizations can download GHES 3.20 now and review the full release notes. For upgrade issues or questions about new features, contact GitHub support. Community feedback is welcomed in the official discussion thread.