Manage push protection bypass requests for secret scanning with the REST API

Push protection for secret scanning blocks any push that contains a secret. By default, this block can be bypassed, which results in a secret scanning alert in the repository. Delegated bypass controls let you choose who is allowed to bypass push protection, and contributors without permissions to bypass must submit a request for approval by the listed reviewers. These controls can reduce the risk of secrets being accidentally exposed in your codebase.

Managing bypass requests is now available with the REST API, offering flexibility for triaging and reviewing by integrating with your existing workflows.

Reviewers can retrieve bypass requests for an organization or repository with the following endpoints:

Reviewers can review a request and dismiss a response to a request with the following endpoints:

Learn more about how to secure your repositories with secret scanning and push protection.

It is easier to track your progress with fixed code scanning CodeQL security alerts on the Security Overview page

Now it is easier to see how many of your historical CodeQL alerts received autofix suggestions and how many of those alerts were resolved across all the repositories in your organization.

Historical alerts are those found in your default and protected branches, indicating potential existing security issues in your code. You can stay informed about the progress of historical alert resolution and expediting this process as it is essential for accurately assessing your security risks.

New Autofix tile on mitigation tab on the security overview dashboard

The new “Historical Alerts Fixed with Autofix” tile on the Security Overview provides you with the total number of fixed vulnerabilities compared to the total suggested autofixes for existing alerts. This will help you stay informed about the security trends in your organization.

Learn more about Copilot Autofix for CodeQL code scanning and security overview.

To leave feedback for Copilot Autofix for code scanning, join the discussion.

See more

Phi-4-mini-instruct and Phi-4-multimodal-instruct are now available in GitHub Models (GA)

Phi-4-mini-instruct and Phi-4-multimodal-instruct models release
The latest AI models from Phi, 4-mini-instruct and 4-multimodal-instruct, are now available in GitHub Models.

Phi-4-mini-instruct is a 3.8B parameter lightweight model designed for chat-completion prompts and strong reasoning, particularly in math and logic. Its efficiency makes it well-suited for memory- and compute-constrained environments.

Phi-4-multimodal-instruct is a 5.6B parameter multimodal model that excels at generating text outputs from various inputs including text, images, and audio. This model demonstrates strength in reasoning across multiple modalities.

GitHub Models makes it easy for every developer to build AI features and products on GitHub.

Try, compare, and implement these models in your code for free in the playground (Phi-4-mini-instruct and Phi-4-multimodal-instruct) or via the API.

To learn more about GitHub Models, check out the docs. You can also join our community discussions.

See more
View all changes