07/2025

GitHub Copilot coding agent, available in public preview, now has access to a web browser out of the box, powered by the Playwright MCP server. This feature is in public…

We’ve made big improvements to how Copilot code review handles large pull requests. Around 30% of pull requests on GitHub include more than 20 files—and now we’re equipped to review…

GitHub Apps can now be installed onto enterprise accounts, with new permissions that let them call enterprise management APIs. The public preview of this new access pattern has a limited…

GitHub code scanning customers can now require a review process before dismissing alerts, helping you manage security risks as well as meet audit and compliance requirements. What’s new Provide a…

Secret scanning is adding validity check support for additional token types. Validity checks indicate if the leaked credentials are active and could still be exploited. If you’ve previously enabled validation…

You can now manage artifact attestations more effectively with new updates to the UI and API, including deletion, filtering, and bulk actions. Here’s what’s new: Delete attestations: Easily delete artifact…

Dependency auto-submission now supports the .NET package manager NuGet. This feature continues to expand the supported range of package manager ecosystems, adding to the existing Maven and Gradle support. Dependency…

Multi-ecosystem grouped updates are now generally available for all Dependabot users! This configurable functionality allows you to group security or version dependency updates across multiple package ecosystems into a single…

The cooldown feature is now generally available for Dependabot version updates! This feature gives you control over when version update pull requests are created to bump your dependencies. What’s new…

Today, we’re extending CodeQL code scanning support to Rust. Developers working on Rust libraries and apps can now benefit from our best-in-class code security analysis. We currently identify issues such…