Key Features in GHES 3.20

GitHub Enterprise Server 3.20 RC is now available for testing, bringing significant improvements to deployment efficiency, monitoring, security, and policy management. Organizations can now test these features early and provide feedback before the official release.

Release Immutability and Supply Chain Protection

Immutable releases are now generally available on GitHub Enterprise Server, allowing administrators to lock release assets after publication. This prevents assets from being added, modified, or deleted, and protects release tags from being moved or deleted—providing critical protection against supply chain attacks. Release attestations remain exclusive to GitHub.com.

Enhanced Secret Scanning Capabilities

Secret scanning receives substantial improvements across multiple fronts:

• Validity checks now indicate whether secrets are still active, helping teams prioritize remediation efforts
• Enterprise-level push protection bypass controls enable centralized management of bypass permissions
• Alert assignment allows teams to collaborate more effectively on addressing credential leaks
• Expanded default coverage blocks additional secret types by default, reducing credential leak risks during pushes
• New and improved detectors for various secret types strengthen overall detection capabilities

Enterprise admins can make validity checks available to repository admins through the Management Console.

Enterprise Team Management and Governance

Enterprise owners can now create and manage enterprise teams directly through the API or enterprise settings UI. This enables:

• Assignment of enterprise teams to organizations
• Creation and assignment of custom enterprise roles
• Management of team and user role assignments at the enterprise level
• Addition of enterprise teams to ruleset bypass lists

The feature is in public preview with some product limitations.

New Security Manager Role

For GitHub Advanced Security customers, the new Enterprise Security Manager role simplifies security policy and alert management across enterprises (up to 15,000 organizations). This role is currently in public preview.

Backup Service Availability

The backup service, previously in public preview, is now generally available. This managed, built-in service provides an alternative to separate backup utilities and eliminates the need for a dedicated backup host. Note that backup-utils will be retired starting in GHES 3.22.

Additional UX Improvements

The improved pull request merge experience—featuring grouped status checks and better accessibility—is now generally available on GHES 3.20.

Getting Started

Download the 3.20 release candidate to test these features. Review the full release notes for detailed information. Organizations are encouraged to contact GitHub support with feedback or questions.