Private Registries - 1

2026 (4)

April (2)

github: OIDC support for Dependabot and code scanning

GitHub

2026-04-14

Dependabot and code scanning now support OpenID Connect (OIDC) authentication for private registries configured at the organization level. This removes the need to store long-lived credentials as repository secrets.

github: Dependabot and code scanning: Org-level private registries

GitHub

2026-04-14

GitHub now lets organizations configure multiple private registries at the org level for Dependabot and code scanning, which is useful for setups that use more than one internal package feed. Previously, org-level settings supported only one private registry per ecosystem.

February (2)

github: CodeQL 2.24.1 improves Maven private registry support and improves query accuracy

GitHub

2026-02-07

CodeQL 2.24.1 was released with improved support for Maven private registries and enhancements to query accuracy.

github: Dependabot now supports OIDC authentication

GitHub

2026-02-03

GitHub Dependabot can now authenticate to private registries using OpenID Connect (OIDC), removing the need to store long-lived registry credentials as repository secrets for Dependabot update jobs.