GitHub Models is now available in public preview

GitHub Models has entered public preview! GitHub Models provides every GitHub developer with access to top AI models via a playground, API, and more.

GitHub Models product screenshot showing the model playground

Since the announcement of GitHub Models almost three months ago, we’ve shipped a number of enhancements and new models.

New features include:

  • Side-by-side comparisons – Compare the output of two models as they respond to the same prompt in real time.
  • Model presets – Save prompts, parameters, and messages to use later or share with a friend.
  • Multimodal support – Provide images in the playground to models that support multimodal capabilities.
  • Streamlined deployment process – Quickly move your application from development to production with an Azure production key.

New surfaces to use models include:

  • Models CLI extension – Use any model from the command line by extending the GitHub CLI with `gh extension install https://github.com/github/gh-models`.
  • Models Copilot extensionInstall the GitHub Models Copilot Extension and call GitHub Models with @models in GitHub Copilot Chat.
  • Azure AI Toolkit for VS Code – Access GitHub Models in VS Code with the pre-release of Azure AI Toolkit, available on the VS Code Marketplace.

New model ships include:

To learn more about GitHub Models, check out the docs.

Join our Community

Join our dedicated Community Discussions to discuss this update, swap tips, and share feedback.

Copilot Autofix for Dependabot now available for TypeScript repositories (private preview)

Copilot Autofix for Dependabot is now available in private preview for TypeScript repositories.

This new feature combines the power of GitHub Copilot with Dependabot, making it easier than ever to automatically fix breaking changes introduced by dependency updates. With Copilot Autofix, you can save time and minimize disruptions by receiving AI-generated fixes to resolve breaking changes caused by dependency upgrades in Dependabot-authored pull requests.

Why Copilot Autofix for Dependabot?

Dependency updates can introduce breaking changes that lead to failing CI tests and deployment delays. Identifying the exact cause of these breaks and implementing the correct fix can require significant time and effort, making it challenging to stay on the most up-to-date and secure version of a dependency.

Dependabot can now leverage the power of Copilot Autofix to analyze dependency updates that fail CI tests and suggest fixes, all within the pull request. Copilot Autofix for Dependabot not only helps keep your dependencies up to date, but also keeps your CI green. Staying up-to-date on dependencies upgrades with breaking changes is now easier and faster than ever.

How to join the private preview

To sign up for the feature waitlist, fill out the form to express your interest. We’ll notify selected participants as we roll out the feature over the coming weeks.

This feature is available in private preview to GitHub Advanced Security customers on cloud deployments. Starting today, we support TypeScript repos with tests set up in GitHub Actions. As we continue to develop this feature, we will expand coverage for additional languages and testing requirements.

Learn more

Please keep an eye on future changelogs for more updates as the feature moves to public preview and general availability.

To learn more, please join the waitlist or check out the latest GitHub feature previews.

To hear what others are saying and offer your own take, join the discussion in the GitHub Community.

See more

Security campaigns with Copilot Autofix are now in public preview

Security campaigns with Copilot Autofix are now in public preview. Available as part of GitHub Advanced Security, security campaigns rapidly reduce your backlog of application security debt. By using Copilot Autofix to generate contextual explanations and code suggestions for up to 1,000 historical code scanning alerts at a time, security campaigns help developers and security teams collaborate to fix vulnerabilities with speed and confidence.

Code scanning detection engines such as GitHub’s CodeQL are incredibly effective at automatically notifying developers about potential security vulnerabilities in their code in the form of code scanning alerts. Most developers fix these vulnerabilities with the help of Copilot Autofix when they’re flagged pull requests. However, in situations where these alerts aren’t remediated in a timely manner, security debt can build up and pose a serious risk to deployed applications. Using security campaigns, security teams and developers can easily collaborate to remediate and eradicate security debt at scale, with the help of Copilot Autofix.

A security campaign on GitHub can contain a large number of code scanning alerts, prioritized by your security team to be fixed within a chosen timeframe. When a campaign is created, Copilot Autofix automatically suggests fixes for all supported alerts, and developers who are most familiar with the code are notified. From there, they can review the fixes, open pull requests, and remediate the security debt.

Security teams can monitor the progress of the campaign and track the number of alerts that have been fixed. Using security campaigns, security and developer teams work together with Copilot Autofix to remove security debt in targeted efforts aimed at maximizing impact by focusing on the alerts that matter.

Organization-level view of a security campaign to remediate SQL injection alerts

Security campaigns are available for users of GitHub Advanced Security on GitHub Enterprise Cloud. For more information about security campaigns, see About security campaigns in the GitHub documentation.

If you have any feedback on security campaigns: join the discussion in the GitHub Community.

See more
View all changes