Copilot in GitHub Support (GA)

We are excited to announce the GA release of Copilot in GitHub Support, a faster way to find answers to your GitHub-related questions! Copilot in GitHub Support is an AI-powered assistant that answers questions based on our official GitHub documentation.
It will help you get instant answers to some of your basic questions without needing to create a support ticket.

This tool is part of our ongoing efforts to make GitHub the best place for all developers to collaborate, innovate, and ship great software. We believe that Copilot in GitHub Support will enhance your experience and productivity.

We look forward to hearing from you and learning from your feedback. Try out Copilot in GitHub Support today!

Secret scanning adds validity checks for Stripe, Telegram, SendGrid, and more

Secret scanning is extending validity check support to several additional token types.

Validity checks indicate if the leaked credentials are active and could still be exploited. If you’ve previously enabled validation checks for a given repository, GitHub will now automatically verify validity for alerts on supported token types. In addition to token types announced in our previous changelogs, you will now see validity checks for the following token types:

Provider Token
Dropbox dropbox_short_lived_access_token
Notion notion_integration_token
OpenAI openai_api_key
OpenAI openai_api_key_v2
SendGrid sendgrid_api_key
Stripe stripe_api_key
Stripe stripe_test_secret_key
Telegram telegram_bot_token

Validity checks are available for repositories with GitHub Advanced Security on Enterprise Cloud. You can enable the feature at both organization and repository levels from the “Code security and analysis” settings page by checking the option to “automatically verify if a secret is valid by sending to the relevant partner.”

Learn more about secret scanning or our supported patterns for validity checks.

See more

Code scanning can now be enabled on repositories before they contain CodeQL supported languages

Code scanning can now be enabled on repositories even if they don’t contain any code written in the languages currently supported by CodeQL. Default setup will automatically trigger the first scan when a supported language is detected on the default branch. This means users can now enable code scanning using default setup, for example on empty repositories, and have confidence that they will be automatically protected in the future when the languages in the repository change to include supported languages.

This also takes effect from the organization level so you can bulk-enable code scanning on repositories without CodeQL supported languages.

Enabled on repo without supported languages

This change is now on GitHub.com and will be available in GitHub Enterprise Server 3.13. For more information, see “About code scanning default setup.”

See more
View all changes