PK.

OIDC Support Enhances Security for Dependabot and Code Scanning

April 14, 2026

devsecopsgithuboidcsecurity
OIDC Support Enhances Security for Dependabot and Code Scanning

Introducing OIDC Support for Dependabot and Code Scanning

GitHub has enabled OpenID Connect (OIDC) authentication for Dependabot and code scanning tools when accessing private registries configured at the organization level. This update marks a significant improvement in managing authentication securely without relying on stored credentials.

Why This Matters

Previously, managing access to private registries often required storing long-lived credentials as repository secrets. These credentials pose security risks if compromised. By adopting OIDC, GitHub eliminates this need, enabling transient, token-based authentication that is more secure and easier to manage.

Benefits for Organizations

  • Enhanced security by removing long-lived secrets from repos
  • Streamlined authentication workflows for Dependabot and code scanning
  • Improved compliance through transient, short-lived tokens

This advancement reflects GitHub's ongoing commitment to securing the software supply chain and simplifying developers' workflows.