compliance

Subscribe to all “compliance” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

→ ~ cd github-changelog

→ ~/github-changelog|main git log main

showing all changes successfully

Enterprise custom properties, enterprise rulesets, and pull request merge method rule are all now generally available

March 24, 2025

An image on a dark background with collaboration-themed colors, showcasing GitHub products. In the forefront, enterprise rulesets and custom properties are highlighted alongside a side angled profile of Mona the Octocat.

Enterprise custom properties and enterprise rulesets are now generally available, further improving the governance features for GitHub Enterprise customers.

Enterprise custom properties

With enterprise-level custom properties, you can now enrich your repositories with metadata across your entire enterprise. This ensures consistent properties across organizations without the need for manual synchronization. By sharing a common namespace, enterprise and organization properties prevent confusion when searching or targeting rulesets with properties. If you’re already using custom properties in your organizations, you can also promote those properties to the enterprise.

Learn more about enterprise custom properties in our documentation.

Enterprise rulesets

Enterprise-level rulesets enforce consistent code governance rules, helping ensure thorough reviews of critical repositories with pull requests, requiring actions workflows, protecting important locations from unauthorized pushes, and more. Rule insights and push rule bypasses are also available at the enterprise level, providing complete visibility into the rulesets.

Learn more about enterprise rulesets in our documentation.

We look forward to seeing how you leverage these new capabilities to streamline your workflows and maintain high standards of code governance.

Pull request merge method rule

An image of GitHub products displayed against a dark collaboration-themed background. In the foreground, there is text saying "Pull request merge method rule generally available", with Mona the Octocat looking at the title in a side-angled profile image.

The new pull request merge method rule is now generally available using whatever method is suitable for your branches, such as ensuring that all changes are squashed when merging to the default branch while rebasing into feature branches. This simplifies your workflows, ensuring consistency across your branches.

The merge method rule is available for rulesets at the repository and organization level. You can use this rule to choose what merge methods are allowed on the targeted branches when merging pull requests from the user interface or APIs. You can choose between merge commit, squash, or rebase.

Learn more in our documentation and join the discussion within the GitHub Community.

See more See more

New and Updated ISO and CSA STAR Certifications Are Now Available

July 5, 2023

The 2023 updates to our ISO/IEC 27001:2013 certificate can be downloaded now. In addition, we have completed the processes for ISO/IEC 27701:2019 (PII Processor), ISO/IEC 27018:2019, and CSA STAR certifications. Those certificates can also be downloaded now.

For enterprises, administrators may download this report by navigating to the Compliance tab of the enterprise account: https://github.com/enterprises/"your-enterprise"/settings/compliance.
For organizations, owners may find these reports under Security > Compliance settings tab of their organization: https://github.com/organizations/"your-org"/settings/compliance.

For detailed guidance on accessing these reports, read our compliance documentation for organizations and enterprises.

Check out the GitHub blog for more information.

See more See more

2023 Update for Services Continuity and Incident Plan

May 26, 2023

GitHub Enterprise Cloud administrators can now download and view the updated Services Continuity and Incident Plan for 2023.

To learn more, please review our documentation on how to access compliance reports for your enterprise or for your organization.

See more See more

ISO/IEC 27001:2013 Certification Now Available

May 16, 2022

Our newly available ISO/IEC 27001:2013 Certification report can be downloaded now.

For enterprises, administrators may download this report by navigating to the Compliance tab of the enterprise account: https://github.com/enterprises/"your-enterprise"/settings/compliance.
For organizations, owners may find these reports under 'Security' > Authentication Security settings tab of their organization: https://github.com/organizations/"your-org"/settings/security.
For everyone else, you may download this report at any time by navigating to the GitHub security page, https://github.com/security.

To learn more about this new report, check out our blog post.

See more See more