
Insider newsletter digest: How to use GitHub Copilot
Explore the July edition, featuring prompts, tips, and use cases for GitHub Copilot.
A public beta for CodeQL package manager, additional options to manage Actions runs from first-time contributors, GitHub Discussions translation, and more.
Security is a topic that can feel daunting at times, but it doesn’t have to. The security team at GitHub has been working to streamline the processes for discovering, reporting, and fixing common vulnerabilities through features such as GitHub Security Advisories, Dependency Graph, Dependabot Alerts, and Dependabot Security Updates. And, in July, we brought all of these supply chain security features to the Go community.
You can now set an expiration date on new or existing personal access tokens! GitHub will send you an email when it’s time to renew a token that’s about to expire. A new response header, (GitHub-Authentication-Token-Expiration
) indicates the expiration date, which you can use in scripts to (for example) log a warning message as the date approaches.
For anyone with an academic bent: If you add a CITATION.cff
file to your repository, GitHub will now parse your information into APA and BibTeX citation formatting that can be copied by academics who cite your work. Check out the documentation for how to add a CITATION.cff
file. We think it’s pretty cool!
New to GitHub.com? Welcome! We’ve redesigned the onboarding experience for new accounts.
In April, we shipped an update for GitHub Actions that required maintainers to approve Actions runs for first-time contributors. Based on user feedback, you can now configure this behavior at the repository, organization, or enterprise level.
Want to run Node.js projects faster on GitHub Actions? Enable dependency caching on the setup-node
action! setup-node
supports caching from both npm and yarn package managers. If you’ve got questions, join us in the GitHub Support Community discussion.
- uses: actions/setup-node@v2
with:
node-version: '14'
cache: npm
Use a new beta feature to translate GitHub Discussions content into Korean, Brazilian Portuguese, and English. Click the overflow menu beside any discussion comment and you’ll see a link to translate it to your preferred language (based on the default language configuration of your web browser). Support for more languages coming soon. Be sure to leave feedback!
Creating or editing a release in a GitHub repository? We added a text-editing toolbar to the markdown editor! Show off your excitement with bold and italics, or learn more about managing releases in our documentation.
The CodeQL team had another busy month. If you are using CodeQL for your code scanning, here’s what happened in July:
critical
, high
, medium
, or low
. CodeQL automatically calculates security-severity
and assigns an exact numerical score to each security query. The Changelog entry walks you through this scoring, plus how to view alerts and customize settings. Speaking of code scanning, we’ve made some changes to how we display scan results. Your repository’s security view shows alerts for the default branch of your repository (under “Code scanning alerts”), but you can use the branch filter to display alerts on non-default branches, and we’ve extended the search syntax so that you can use a more simplified version of the previous queries.
A couple more security updates:
We’re happy to welcome Linear and Ionic as GitHub secret scanning integrators. We now scan for their developer tokens! Learn more about secret scanning or about joining our partner program.
In June, security alert notifications became opt-in on a per-repository basis. Security alert digest emails will now respect these settings!
If you have a GitHub Sponsors profile, you can now set custom donation amounts as an option both for recurring sponsorships and for one-time sponsorships.
Maybe you haven’t joined GitHub Sponsors because you aren’t sure how to set up a business bank account or fiscal host for your organization? We’re happy to announce that organizations can now join GitHub Sponsors using a personal bank account, too!
Take a look at our public roadmap for what’s coming next, follow GitHub Changelog on Twitter, and check back on the GitHub Blog for another recap next month.