Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Copilot Enterprise now helps you fix failed Actions jobs, plus other August updates (public beta)

Image

In this latest release, you can now ask Copilot Chat in GitHub.com questions about failed Actions jobs. With this feature, you can now speed up your pull request review cycle by asking Copilot about build failures to quickly get them resolved. In addition, we’ve added a quality improvement to how Copilot Chat in GitHub.com handles complex questions. This internal improvement will help you get the most out of your Copilot Chat conversations. Both of these features are in beta.

Copilot Chat in GitHub.com now has knowledge of failed Actions jobs

You can now click into a failed job on a pull request and ask Copilot what went wrong.

Open an existing PR and try it yourself:
Tell me why this job failed
Suggest a fix for this error

To learn more, check out our documentation.

Copilot Chat in GitHub.com can now answer complex questions

Copilot Chat can now access context from multiple primitives across pull requests, commits, discussions, issues, code, repos, and more to provide informed responses to more complex questions.

See it live by asking:
How do I get started in this project?
What are all of the open PRs assigned to me?
Who can I talk to about this project?
What changed on this PR?

We’re excited to bring these more advanced Copilot capabilities to customers in beta and would love your feedback!

How to enable these beta features for your enterprise

An enterprise owner can enable beta features using the Copilot policy “Opt in to preview features.”

Image

For more information about policies for Copilot Enterprise, see the documentation.

Join the discussion within the GitHub Community.

See more

Code security configurations will replace feature enablement on the organization-level security coverage page on October 15

We are streamlining the deployment of GitHub’s security products at scale with code security configurations. This functionality simplifies the rollout of GitHub security products by defining collections of security settings and enabling you to apply those settings to groups of repositories. Configurations help you maintain security settings for important features like code scanning, secret scanning, and Dependabot.

As of October 15th, 2024, you will no longer be able to enable or disable GitHub security features for repositories from the organization-level security coverage view.

Learn more about code security configurations and send us your feedback.

See more

Bypass list for secret scanning push protection can include the maintainer role

Starting in April 2024, GitHub Advanced Security customers using secret scanning have been able to specify which teams or roles have the ability to bypass push protection using a delegated bypass list.

Administrators can now add the maintainer role to this list.

See more

Copilot Autofix for CodeQL code scanning alerts is now generally available

Today, we’ve announced the general availability of Copilot Autofix for CodeQL alerts in GitHub code scanning! Powered by GitHub Copilot, this feature brings automatic fixes for vulnerabilities found by CodeQL into the developer workflow.

Through a deep integration in GitHub pull requests, autofixes help developers to fix vulnerabilities quickly and early in the development process, thereby preventing new vulnerabilities from entering your codebase. Data from our beta programme shows that vulnerabilities with a fix suggestion are fixed 3x faster across all vulnerability types, and even faster for complicated vulnerability types like cross-site scripting (7x faster) and SQL injection (12x faster). For security debt that already exists in your codebases, Copilot Autofix can help you with on-demand autofixes for historical alerts. Copilot Autofix for CodeQL code scanning was previously called “code scanning autofix”, and is now generally available for all GitHub Advanced Security customers on GitHub.com.

As developers start using autofixes, security teams can see an overview of how their organisation adopts autofixes generated by Copilot on their security overview dashboard. This includes detailed information about remediation rates.

For more information, see: About Copilot Autofix for CodeQL code scanning. If you have feedback for Copilot Autofix for code scanning, please join the discussion here.

Example of Copilot Autofix operating on a CodeQL alert in a pull request

See more

Secret scanning push protection is supported for content upload REST API endpoints

Push protection blocks you from pushing secrets to a repository and generates an alert whenever you bypass the block.

Push protection is now supported for the following REST API endpoints:
* Create a blob
* Create or update file contents

If the content of a PUT request to these endpoints includes a secret, the API will respond with a 409 error and provide a link for bypassing push protection, along with a placeholder_id.

There is also a new API endpoint to bypass push protection programatically, Create a push protection bypass. You or your application can use the placeholder_id from your push protection block in your call to this endpoint.

You need to be the individual or application that initially got blocked to be able to bypass the block successfully.

See more

Secret scanning backfilling existing secrets in GitHub wikis

Secret scanning is now performing a backfill to detect historically existing secrets in GitHub wikis. For repositories with secret scanning enabled, you may notice newly created alerts for these exposed secrets.

Learn how to secure your repositories with secret scanning or sign up for a 60 minute feedback session on secret scanning and be compensated for your time.

You are also welcome to join the discussion and share your feedback on our dedicated Github community.

See more

Sign-up for the GitHub Copilot Extensions waitlist

Today, we are excited to open our waitlist for all GitHub Copilot users to start using Copilot Extensions!

Join the Copilot Extensions waitlist.

With extensions, you can extend the capabilities of GitHub Copilot Chat and enhance the experience to perform a wide range of actions across third-party tools, services, and data. Create feature flags, check log errors, access API documentation, and even deploy your application to the cloud, all through natural language.

Copilot Extensions are live on the GitHub Marketplace, with extensions from Octopus Deploy, Sentry, New Relic, and many more.

Questions or suggestions? Join the conversation in the community discussion.

See more

Enhanced Repo Insights Views

We’re thrilled to introduce improvements to Repo Insights!

New Enhanced Repo Insights Views

With this update, you’ll find significant enhancements to two of our repository insights views—Contributors and Code Frequency. Both now utilize an SVG-based solution, offering improved focus navigation for precise, point-by-point interaction. You can also hide a series by interacting with the chart legend and view or download the data in both table format and as PNGs. Let’s dive into the details!

Contributors

  • Date Range Filter: While the click-and-drag date range selection was a handy feature, it was also a hidden feature. The new date range filter is always visible and fully navigable by keyboard, making it more accessible and easier to use.

  • Clear Date Range Display: The current date range is now explicitly listed under the heading, giving you a clear and immediate understanding of the data timeframe.

  • Responsive Contributor Cards: Previously locked to a two-column view, contributor cards are now more responsive on small screens, seamlessly wrapping to a single-column layout for a better viewing experience.

Code Frequency

  • Enhanced Axes Differentiation: The two different axes are now distinguished not just by color but also by line style, making it easier to interpret the data at a glance.

  • Detailed Tooltips: Data points are now navigable and display more details in a tooltip. Previously, you could only visually reference data against the axes. Now, you get more information directly from the chart itself.

Explore the new features and let us know what you think! Join the discussion within the GitHub Community.

To revert this update, click on your profile picture in the top right corner of the page, go to the feature preview menu, select “Enhanced Repo Insights Views” and click disable. If you choose to turn this feature off – please let us know why using the link listed above!

 

See more

Copilot Metrics API Organization Team Metrics

We’re excited to share that usage metrics for GitHub Organization Teams are now available on the public beta of the GitHub Copilot Metrics API!

What metrics are available for GitHub Organization Teams?

  • Organization Team aggregates are available for teams with five or more Copilot license holders.
  • Teams must belong to the GitHub Organization which provisioned team members’ licenses.
  • The beta of the GitHub Copilot Metrics API is focused on serving metrics for Copilot Chat and code completions that take place in the IDE.
  • Code completion metrics include: Lines of Code Suggested, Lines of Code Accepted, Number of Suggestions, Number of Acceptances, and Active Users, with slices on language and IDE.
  • Copilot Chat metrics include: Number of Chats, Chat Suggestions Accepted, and Active Users. The endpoint does not currently feature slices on language or IDE for Chat metrics.

Documentation and Resources

See the following resources for help getting started:
– API Documentation: Explore the detailed API documentation, including metrics definitions here.
– Learning Pathway: You can find an extended article on measuring the impact of GitHub Copilot here.

Participate in the Public Beta!

Your feedback during this beta phase is invaluable to us. We encourage you to share your experiences, which will be instrumental in refining and enhancing the API as we look forward to the GA release.

Join the discussion within GitHub Community.

See more

Metrics for push protection bypass requests are included in the secret scanning metrics page

The secret scanning metrics page within an organization’s “Security” tab now includes metrics for push protection bypass requests.

If an organization uses delegated bypass controls for push protection, the following data is shown:

  • number of bypass requests, broken down by state
  • mean time to review the requests

The previous data tiles showing the number of blocked secrets and bypassed secrets has been condensed into one tile.

screenshot of new delegated bypass metrics

If an organization has not configured delegated bypass controls, the tiles will display no data.

This data is also available at the Enterprise level within the “Code security” tab on GHEC. It will be included in GHES 3.15.

See more

Enterprise Team Metrics Now Available on the Copilot Metrics API

We’re happy to announce that metrics for GitHub Enterprise Teams are now available on the public beta of the GitHub Copilot Metrics API as of today.

The GitHub Copilot Metrics API is designed to supply you with information about Copilot’s usage within your organizations. The data from the API is intended to be consumed and combined with your organization’s own data to create greater visibility into how Copilot engagement fits into the bigger picture of your software development cycle.

What metrics are available for GitHub Enterprise Teams?

  • This iteration of the GitHub Copilot Metrics API is focused on serving metrics for Copilot Chat and code completions that take place in the IDE.
  • Code completion metrics include: Lines of Code Suggested, Lines of Code Accepted, Number of Suggestions, Number of Acceptances, and Active Users with slices on language, and IDE.
  • Copilot Chat metrics include: Number of Chats, Chat Suggestions Accepted, and Active Users. The endpoint does not currently feature slices on language or IDE for Chat metrics.
  • Enterprise Team-level aggregates are available for teams with five or more Copilot license holders.

Documentation and Resources

See the following resources for help getting started:
– API Documentation: Explore the detailed API documentation, including metrics definitions here.
– Learning Pathway: You can find an extended article on measuring the impact of GitHub Copilot here.

Participate in the Public Beta!

Your feedback during this beta phase is invaluable to us. We encourage you to share your experiences, which will be instrumental in refining and enhancing the API as we look toward the future.

Stay tuned for updates and enhancements throughout the beta period. We’re committed to delivering a robust and feature-rich API that meets your needs and expectations.

Join the discussion within GitHub Community.

See more

The GitHub Enterprise Server 3.14 Release Candidate is available

The GitHub Enterprise Server 3.14 release candidate is here

GitHub Enterprise Server 3.14 gives customers enhanced deployment requirements and security controls. Here are a few highlights in the 3.14 release:

  • SCIM for GHES is a popularly requested enterprise identity management feature, now available in public beta! SCIM stands for “System for Cross-domain Identity Management” and is a leading standard for user lifecycle management in SaaS applications. Enterprise administrators can configure SCIM for their GitHub Enterprise Server instance, which supports automatic provisioning of new user accounts and groups through our SCIM API. We support several paved path applications such as Entra ID and Okta that combine SAML and SCIM support in one place. Additionally you may bring your own SAML identity provider and SCIM implementation to GitHub Enterprise Server to satisfy your unique identity and user lifecycle management needs. To get started, visit our SCIM documentation for GitHub Enterprise Server. While in public beta we recommend testing SCIM support for your identity system in a non-production GHES environment before adding SCIM to your current setup. SCIM support can be added onto existing SAML implementations, but will require using a new application that supports automated provisioning via SCIM in your IdP. Existing private beta customers should also reconfigure their implementation with updated IdP applications.

  • SAML settings are now visible as a read-only configuration in the enterprise settings page. Enterprise administrators are able to view these settings in the same place where SCIM support is configured for your enterprise instance.

  • We’re introducing custom organization roles, allowing you to delegate some of the organization’s administrative duties to trusted teams and users. Organization admins will have both the UI and API to manage these custom roles. See custom organization roles.

  • Code scanning option for repository rules is now available in public beta in GHES. Now, you can create a dedicated code scanning rule to block pull request merges instead of relying on status checks. This makes it easier than ever to prevent new vulnerabilities from being introduced into a code base. See set code scanning merge protection.

  • Dependabot grouped security updates are now generally available. This feature automatically groups Dependabot pull requests and lets you specify several additional options to fine tune groupings. You can enable grouped security updates for Dependabot at the repository or organization-level. If you would like more granular control over Dependabot’s grouping, you can also configure the dependabot.yml file in a repository.

  • With Generation 2 VM support, Operators can scale the GHES appliance vertically. New installs of 3.14 and later wll boot on newer generation hardware by supporting both boot firmwares, BIOS, and UEFI. See Generation 2 VMs.

  • On an instance with multiple replica nodes, to start or stop replication for all nodes in a single configuration run, Operators can use the ghe-repl-start-all and ghe-repl-stop-all commands.

Release Candidates are a way for you to try the latest features early, and they help us gather feedback to ensure the release works in your environment. They should be tested on non-production environments. Read more about the release candidate process.

To learn more about GHES 3.14, check out release notes, or download the 3.14 release candidate now.
If you have any feedback or questions about the release candidate, please contact our Support Team.

See more

What’s New in Mobile, July Update

In July, GitHub Mobile introduced three major improvements
  • App Lock! Securely unlock the GitHub app with just a glance. Enable App Lock in Settings to use FaceID, TouchID or pass code to protect your information in the GitHub app.
  • A smarter Copilot Chat! It knows where you are in the app. Ask Copilot about the file or repository you’re viewing to try it out.
  • Workflow Dispatching! Kick off new Actions on the go from the list of workflow runs for a given workflow.

As well as several other fixes and features to both iOS and Android apps

iOS

  • Edit files in full screen on iPad.
  • Introduced pinned issues! View pinned issues in a repository’s list of issues. Pin and unpin issues by tapping the … menu within an issue, or by long-pressing within a repository’s list of issues.
Pinning an issue Pinned repository issues
  • Fixed viewing file from a pull request on a fork.
  • Improved contrast on issue and pull request triage sheet.
  • Fixed an issue that caused discussions filter not to persist.
  • Fixed the overlapping Copilot button when editing items in Inbox.
  • Fixed the memory leaks across the app.
  • Fixed the crash that sometimes occurs when sanitizing diff lines.
  • The project item sheet now renders emoji codes in labels..
  • Edit a project content field updates the project view.
  • Mono-spaced font now changes its font size according to the settings.
  • Explore tab shows a loading indicator when initially loading content.
  • Project picker only shows projects for which users have write permissions.
  • Workflow run list paginates correctly.
  • Workflow run list shows the name of the workflow.
  • Select workflow runs deselect when navigating back to workflow runs.
  • Navigated to commit screen from release details no longer displays an error.
  • Triage sheets adapted to larger font sizes.
  • Navigate and interact with the “More Actions” button in issues and pull requests using a hardware keyboard.

Android

  • Added scrolling indication in markdown bar of actions when composing comments.
  • Editing metadata fields on an issue or pull request is now more accessible.
  • Fixed broken images in repository descriptions and user bios throughout the app.
  • Fixed list names showing the previous name after editing.
See more

Revised release plan for Copilot subscription-based network routing

On July 31 we announced that network requests for Copilot would be routed based on a user’s Copilot subscription, giving customers the ability to block access to Copilot Individual. This change enables Copilot Business and Copilot Enterprise customers to make sure all Copilot users on their networks are accessing Copilot through their Copilot Business or Copilot Enterprise subscription, and that all Copilot user data is handled according to the terms of their Copilot Business or Copilot Enterprise agreement.

We have rolled back that release in order to allow customers more time to make any necessary adjustments to their firewall settings.

On November 4, we will enable the feature and ensure that users are accessing Copilot through the specific endpoints for their Copilot subscriptions. This means only Copilot Business users will be able to connect to Copilot Business endpoints and only Copilot Enterprise users will be able to connect to Copilot Enterprise endpoints.

Important next steps to ensure continued access to Copilot

Between now and November 4, all Copilot customers should ensure they are following the firewall settings published in our docs. Specifically, this means customers should ensure access is allowed to the wildcard hostname https://*.githubcopilot.com, along with the other listed hostnames.

In order to ensure continued access to Copilot after November 4, all Copilot customers should:

  • Ensure access is allowed to the subscription-specific hostnames https://*.business.githubcopilot.com (for Copilot Business) or https://*.enterprise.githubcopilot.com (for Copilot Enterprise)
  • Update their IDE clients to at least these minimum versions:
  • For Visual Studio Code, use Copilot Chat version 0.17 or later
  • For JetBrains IDEs, use Copilot version 1.5.6.5692 or later
  • For Visual Studio, use version VS 2022 17.11 or later

Customers with an account rep that want to block access to Copilot Individual on their network before November 4 should follow these instructions instead of the previously published firewall docs:

  • Ask their account rep to opt them into the feature without waiting
  • Block access to https://*.individual.githubcopilot.com
  • Ensure access is allowed to the subscription-specific hostnames https://*.business.githubcopilot.com (for Copilot Business) or https://*.enterprise.githubcopilot.com (for Copilot Enterprise)
  • Update their IDE clients to at least these minimum versions:
  • For Visual Studio Code, use Copilot Chat version 0.17 or later
  • For JetBrains IDEs, use Copilot version 1.5.6.5692 or later
  • For Visual Studio, use version VS 2022 17.11 or later

Read more about subscription-based network routing here.

See more

App lock via Face ID or biometrics

A screenshot about the new feature lock app via Face ID

We’re excited to introduce a new security feature in GitHub Mobile: app lock via biometrics. This adds an extra layer of security, ensuring only you can access your GitHub account on your mobile device. With fingerprint or facial recognition, you can have peace of mind knowing your projects and data are protected, providing a secure experience on the go.

Join the discussion within GitHub Community.

See more

CSV exports for security alerts on the organization-level security overview dashboard

New Export CSV button highlighted on the overview dashboard on the Security tab at the organization level

Enhance your security workflows by exporting security alert data for offline analysis, reporting, and archival purposes with our new CSV export functionality, available at the organization level. CSV exports will respect all filters you’ve applied to the page, allowing you to generate multiple exports focusing on different datasets. You can download all data where you have an appropriate level of access.

Learn more about the security overview dashboard and send us your feedback.

See more

Featured Sponsors

Maintainers can now display their top sponsors on their Sponsors profile. Users can opt to manually select up to 10 sponsors, automatically display their top funders or opt out of displaying featured sponsors altogether.

To learn more about featured sponsors, please visit our GitHub Sponsors docs.

See more

Secret scanning alerts for non-provider patterns and passwords are retrievable with the REST API

Secret scanning alerts for non-provider patterns and generic passwords can now be retrieved using the REST API.

With the “List secret scanning alerts” endpoint for an enterprise, organization, or repository, you can use the query parameter secret_type to request alerts for non-provider patterns or passwords. To retrieve alerts for non-provider patterns, use the “Token” value in this table. To retrieve alerts for passwords, use the value password.

The secret_type parameter can be used to return several secret types, separated by commas: e.g. api.github.com/orgs/ORG/secret-scanning/alerts?secret_type=rsa_private_key,password.

Alerts for non-provider patterns and passwords are not returned by default with the “List secret scanning alerts” endpoint; they must be specifically requested.

See more

Improving GitHub Copilot Completions in VS Code for C++ Developers

GitHub Copilot code completions are autocomplete-stye suggestions that appear inline as you code. Until today, they have used context from your active file and other tabs open in the editor to inform the suggestion that is returned. However, we know that more contextually relevant input leads to better suggestions. Our team has made changes to the C/C++ extension and the GitHub Copilot extension in VS Code to ensure that other relevant C++ context — like available types and methods — are also provided to Copilot completions.

When you use the latest version of the C/C++ extension and the GitHub Copilot extension together in VS Code, directly-referenced header files will be automatically considered when gathering additional context for Copilot completions, even if they’re not open in the editor. This helps to reduce hallucinations and provide more relevant suggestions.

To get started, make sure you’re using the GitHub Copilot extension version 1.205 or later and have an active GitHub Copilot subscription. You’ll also need the C/C++ extension version 1.21 or later with IntelliSense configured correctly. Our team is committed to C++ Copilot support in both Visual Studio and VS Code, and similar support is coming to Visual Studio in Visual Studio 2022 version 17.12.

See more details in the C++ team blog here.

See more

Enterprise Managed User accounts now require email verification

Enterprise managed users (EMUs) must now prove ownership of their email addresses. Existing EMU account email addresses do not have to take this step unless the email address matches one on another GitHub.com account.

Enterprises with EMU accounts that have conflicts have received notification from GitHub regarding specific accounts that have an email address which also exists on another github.com account. Certain 3rd party applications may not work correctly until they have reverified their email address.

New EMU accounts will have their enterprise’s shortcode appended to their email address’s prefix until it is verified, or their administrator changes the email address to another value.

To verify an email address, follow the steps outlined in our documentation. EMU account email addresses are defined by your identity provider, and cannot be changed directly within GitHub. You will need to work with your IdP administrator to change your email address if necessary.

Some users may find that 3rd party GitHub Apps and OAuth apps may not handle the placeholder email correctly, resulting in missing data in these apps. In rare cases, Enterprise Owners may also find that their email provider does not support the “plus addressing” scheme in use. Developers can review our best practices for OAuth and GitHub App implementation, including the use of the id field when storing user reference data so that email address changes are not disruptive to a user’s apps experience.

See more
View more changes