GitHub Enhances Dependabot and Code Scanning Security with Organization-Level OIDC Support, Eliminating Long-Lived Credentials

GitHub has announced that Dependabot and Code Scanning now support OpenID Connect (OIDC) authentication at the organization level. This update eliminates the need to store long-lived credentials as repository secrets for authenticating to private registries, significantly reducing potential security risks. Organization administrators can now configure OIDC-based credentials across their entire organization. This system dynamically fetches short-lived credentials from a cloud identity provider, similar to how OIDC federation is used within GitHub Actions workflows. This approach streamlines credential management and enhances overall security by minimizing the exposure of sensitive information. This feature is generally available on github.com and is planned for inclusion in GitHub Enterprise Server 3.22. Additionally, support for Cloudsmith and Google Artifact Registry is expected to be added within the next four weeks. This update directly contributes to strengthening supply chain security and reducing the operational burden of managing secrets.