To reduce hallucinations, improve contextually-relevant suggestions, and provide a consistent C++ experience across Visual Studio and Visual Studio Code, related files such as headers are now automatically considered when gathering additional context for Copilot completions, even if they’re not open in the editor.
This is available to C++ users with an active GitHub Copilot subscription on Visual Studio 2022 17.12 or greater.
Discuss this update and swap tips with other developers in our dedicated Community Discussions.
Secret scanning now supports delegated bypass controls for repository file uploads from the browser.
If delegated bypass is configured for an organization or repository, anyone without bypass permissions will need to submit a bypass request to approved reviewers in order to upload a file that contains a secret. This helps ensure that secrets are not accidentally committed to a repository.
For more information, see “About secret scanning” and “About delegated bypass for push protection.”
Public leak and multi-repository indicators are now included in webhook and audit log event payloads for secret scanning alerts.
To help you triage and remediate secret leaks more effectively, GitHub secret scanning indicates if a secret detected in your repository has also leaked publicly with a public leak label on the alert. The alert also indicates if the secret was exposed in other repositories across your organization or enterprise with a multi-repo label.
These labels provide additional understanding into the distribution of an exposed secret, while also making it easier to assess an alert’s risk and urgency. For example, a secret which has a known associated exposure in a public location has a higher likelihood of exploitation. Detection of public leaks is only currently supported for provider-based patterns.
The multi-repo label makes it easier to de-duplicate alerts and is supported for all secret types, including custom patterns. You can only view and navigate to other enterprise repositories with duplicate alerts if you have appropriate permissions to view them.
Both indicators currently apply only for newly created alerts.
Learn more about reviewing alert labels and how to secure your repositories with secret scanning. Let us know what you think by participating in our GitHub community discussion or signing up for a 60 minute feedback session.