DeepSeek-V3 is now deprecated in GitHub Models. Please transition to DeepSeek-V3-0324 to continue using the improved version with enhanced features.
To learn more about GitHub Models, check out the docs. You can also join our community discussions.
Copilot Chat users can use the Gemini 2.5 Pro model in public preview
Gemini 2.5 Pro is now available to all GitHub Copilot customers. The latest Gemini model from Google is their most advanced model for complex tasks. It shows strong reasoning and code capabilities. It also leads on common coding, math, and science benchmarks.
Get started today!
Copilot Pro/Pro+ users
You can start using the new Gemini 2.5 Pro model today through the model selectors in Copilot Chat in VS Code and immersive chat on github.com.
Copilot Business or Enterprise users
Copilot Business and Enterprise organization administrators will need to grant access to Gemini 2.5 Pro in Copilot through a new policy in Copilot settings. Once enabled, users will see the model selector in VS Code and chat on github.com. You can confirm the model’s availability by checking individual Copilot settings and confirming the policy for Gemini 2.5 Pro is set to enabled.
Share your feedback
Join the Community discussion to share feedback and tips.
For additional information, check out the docs on Gemini 2.5 Pro in Copilot.
Learn more about the models available in Copilot in our documentation on models and get started with Copilot today.
Starting May 30, 2025, CodeQL will no longer generate code scanning alerts for hardcoded secrets. Instead, we recommend using secret scanning to detect hardcoded secrets in your repositories, which has greater precision and recall than CodeQL. Secret scanning is a feature of GitHub Secret Protection.
Learn more about secret scanning, which scans your repositories for over 300 hardcoded secrets and uses Copilot to detect generic passwords. By using this detection instead of CodeQL, all your alerts for hardcoded secrets can be managed in one place.
What’s changing?
We’re disabling CodeQL detection of hardcoded secrets on May 30, 2025. This aligns with the release of CodeQL 2.21.4. We’ll post a follow-up notice to the GitHub changelog when this is complete. Once these checks are disabled, the next time your repository is analyzed using CodeQL, any code scanning alerts for hardcoded secrets will close. These alerts will stay in your historical security alert backlog.
These changes will also be included with GHES 3.18.
The following CodeQL queries will be disabled:
js/hardcoded-credentialsswift/hardcoded-keyswift/constant-passwordcs/password-in-configurationcs/hardcoded-credentialsjs/password-in-configuration-filepy/hardcoded-credentialsgo/hardcoded-credentialsrb/hardcoded-credentialscs/hardcoded-connection-string-credentialsjava/password-in-configuration
Why are we doing this?
The hardcoded secrets queries in CodeQL are redundant to the capabilities of secret scanning, which can result in duplicate alerts for the same secret. This creates unnecessary effort spent on manual deduplication of secret scanning and code scanning alerts. Secret scanning has superior accuracy and recall for detecting hardcoded secrets and provides additional metadata that’s helpful for remediation.
How do I get started?
Check out this introduction to getting started with GitHub Secret Protection:
Watch this video to learn more about deploying and managing Secret Protection at scale: