Edit and validate Copilot Autofix suggestions with Copilot Workspace

Copilot Autofix suggestions for code scanning alerts can now be edited and validated using Copilot Workspace for pull requests.

Copilot Workspace for Copilot Autofix for code scanning

With this, GitHub Advanced Security users can:

  • Review and integrate Copilot Autofix suggestions within the context of the pull request, benefiting from an improved diff-viewing experience.
  • Refine and address code scanning alerts directly within the pull request, utilizing an enhanced code editing experience.
  • Build, test, and run proposed changes in the pull request without impacting your personal build and test environment.

All GitHub Advanced Security users can use this feature in private repositories on GitHub.com. A Copilot license is not required.

To learn more about code scanning alerts and Copilot Autofix, see About Copilot Autofix for CodeQL code scanning. If you have feedback regarding Copilot Autofix for code scanning, please join the discussion here.

OpenAI o3-mini now available in GitHub Copilot and GitHub Models (Public Preview)

Copilot and GitHub Models o3-mini Release

OpenAI’s latest model, o3-mini, is now available in GitHub Copilot and GitHub Models, bringing OpenAI’s newest reasoning model to your coding workflow.

The o3-mini reasoning model outperforms o1 on coding benchmarks with response times that are comparable to o1-mini, meaning you’ll get improved quality at nearly the same latency.

This cutting-edge model is rolling out gradually and will be available to GitHub Copilot Pro, Business, and Enterprise users today via the model picker in Visual Studio Code and github.com chat (support in Visual Studio, and JetBrains are coming soon). To accelerate your workflow, whether you’re debugging, refactoring, modernizing, testing, or just getting started, simply select “o3-mini (Preview)” to begin using it.

Paid Copilot subscribers get up to 50 messages every 12 hours. Business or Enterprise admins can enable o3-mini access for org members through their org and enterprise admin settings pages.

GitHub Models users with a paid Copilot plan will also be able to leverage the o3-mini model to enhance their AI applications and projects later today. In the GitHub Models playground, you can explore o3-mini’s versatility as you experiment with sample prompts, refine your ideas, and iterate as you build. You can also try it alongside other models available on GitHub Models including models from Cohere, DeepSeek, Meta, and Mistral.

To learn more, check out product documentation on GitHub Models. You can also join our community discussions.

See more

Recent improvements to security campaigns with Copilot Autofix (public preview)

We’re releasing various improvements to security campaigns to help security teams and developers collaborate more effectively to resolve security debt with the help of Copilot Autofix.

Security campaigns with Copilot Autofix were released in public preview at GitHub Universe.

Available as part of GitHub Advanced Security, security campaigns help you rapidly reduce your backlog of application security debt. With security campaigns, you can make sure your developers focus on the most important security alerts across your portfolio. Copilot Autofix also automatically generates contextual explanations and suggests fixes for alerts in a campaign.

Today we are announcing multiple improvements based on the customer feedback we have received during the security campaigns public preview:
* The repository limit for security campaigns has increased from 100 to 1000, making it easier to create campaigns from more of your critical repositories.
* Multiple users or teams can now be specified as campaign managers, giving application security teams greater flexibility in assigning responsibility for monitoring campaign progress and collaborating with developers on fixing alerts.
* We’ve added a new contact link field in the security campaigns user interface to facilitate better communication between security teams and developers during campaigns.
* Email notifications are now consolidated when security campaigns are created or closed. Developers watching multiple repositories included in the same campaign will receive a single email including details of all relevant repositories rather than one email per repository.
Security campaigns are available for users of GitHub Advanced Security on GitHub Enterprise Cloud. For more information about security campaigns, see About security campaigns in the GitHub documentation.

If you have any feedback on security campaigns, join the discussion in the GitHub Community.

See more
View all changes