Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Copilot code review hero image

With Copilot code review in GitHub.com, you get fast, AI-powered feedback on your code, so you can start iterating while you wait for a human review.

Copilot code review on GitHub.com is launching in public preview today for Copilot Individual, Copilot Business and Copilot Enterprise subscribers. Sign up to the waitlist to request access.

You can request a review on your pull request by picking “Copilot” from the Reviewers menu. Administrators can configure automatic reviews for every pull request using repository rules.

Screenshot of requesting a review from Copilot

Copilot will review your changes and attach its comments to specific lines of your code, including one-click fixes where possible.

Screenshot of committing a suggestion from Copilot

You can jump from these suggestions into the new Copilot Workspace experience in the context of the pull request to refine and validate Copilot’s suggestions. Learn more in the changelog.

Copilot can also review your code in Visual Studio Code before you push; see the changelog for more details.

To learn more about GitHub Copilot Code review, head over to the docs. To ask questions or share feedback, head to our discussion on the GitHub Community.

See more

As a GitHub Enterprise Cloud organization owner, you and your designated users can now use API insights to visualize REST API activity for your entire organization or specific apps and users. This new feature, currently in public preview, helps you understand the sources of your REST API activity and manage against your primary rate limits—giving you visibility into the timeframe, apps, and API endpoints involved.

Who can access it

The API insights feature is available only at the organization level. By default, only organization owners can access it. However, organization owners can grant access to non-owners by creating a custom role at the organization level, assigning the permission named View organization API insights to the custom role, and then assigning the custom role to an organization member or team. See the documentation for managing organization custom roles.

Where to find it

The API insights public preview feature is enabled for all GitHub Enterprise Cloud organizations. To access it on your organization home page, select Insights near the top of the page, and then select REST API on the left side of the page.

An image of an organization homepage where selecting Insights and then REST API will navigate to the new API insights feature.

How to use it

Use the Period and Interval drop-downs to choose the range of time displayed in the chart and how granularly to display REST API requests on the chart. These drop-downs also set the time range for the “Total REST requests,” the “Primary-rate-limited requests,” and the Actors table below the chart.

An image of the API insights feature page showing the Period drop-down expanded for selecting the time period of REST API activity to include.

The Actors table displays the GitHub Apps and users that made REST API requests in the current organization within the selected time period. Select a GitHub App to display its REST API activity and any primary-rate-limiting. Select a user to display their personal REST API activity from personal access tokens (PATs) and OAuth apps acting on their behalf.

An image of the API insights feature page showing a table of actors, including GitHub Apps and users, that created REST API activity in the selected time period.

Tell us what you think

We welcome your feedback in this community discussion.

Refer to the documentation for API insights for more details about understanding your organization’s REST API activity and investigating primary-rate-limiting.

See more

GitHub Models has entered public preview! GitHub Models provides every GitHub developer with access to top AI models via a playground, API, and more.

GitHub Models product screenshot showing the model playground

Since the announcement of GitHub Models almost three months ago, we’ve shipped a number of enhancements and new models.

New features include:

  • Side-by-side comparisons – Compare the output of two models as they respond to the same prompt in real time.
  • Model presets – Save prompts, parameters, and messages to use later or share with a friend.
  • Multimodal support – Provide images in the playground to models that support multimodal capabilities.
  • Streamlined deployment process – Quickly move your application from development to production with an Azure production key.

New surfaces to use models include:

  • Models CLI extension – Use any model from the command line by extending the GitHub CLI with `gh extension install https://github.com/github/gh-models`.
  • Models Copilot extensionInstall the GitHub Models Copilot Extension and call GitHub Models with @models in GitHub Copilot Chat.
  • Azure AI Toolkit for VS Code – Access GitHub Models in VS Code with the pre-release of Azure AI Toolkit, available on the VS Code Marketplace.

New model ships include:

To learn more about GitHub Models, check out the docs.

Join our Community

Join our dedicated Community Discussions to discuss this update, swap tips, and share feedback.

See more

Copilot Autofix for Dependabot is now available in private preview for TypeScript repositories.

This new feature combines the power of GitHub Copilot with Dependabot, making it easier than ever to automatically fix breaking changes introduced by dependency updates. With Copilot Autofix, you can save time and minimize disruptions by receiving AI-generated fixes to resolve breaking changes caused by dependency upgrades in Dependabot-authored pull requests.

Why Copilot Autofix for Dependabot?

Dependency updates can introduce breaking changes that lead to failing CI tests and deployment delays. Identifying the exact cause of these breaks and implementing the correct fix can require significant time and effort, making it challenging to stay on the most up-to-date and secure version of a dependency.

Dependabot can now leverage the power of Copilot Autofix to analyze dependency updates that fail CI tests and suggest fixes, all within the pull request. Copilot Autofix for Dependabot not only helps keep your dependencies up to date, but also keeps your CI green. Staying up-to-date on dependencies upgrades with breaking changes is now easier and faster than ever.

How to join the private preview

To sign up for the feature waitlist, fill out the form to express your interest. We’ll notify selected participants as we roll out the feature over the coming weeks.

This feature is available in private preview to GitHub Advanced Security customers on cloud deployments. Starting today, we support TypeScript repos with tests set up in GitHub Actions. As we continue to develop this feature, we will expand coverage for additional languages and testing requirements.

Learn more

Please keep an eye on future changelogs for more updates as the feature moves to public preview and general availability.

To learn more, please join the waitlist or check out the latest GitHub feature previews.

To hear what others are saying and offer your own take, join the discussion in the GitHub Community.

See more

Security campaigns with Copilot Autofix are now in public preview. Available as part of GitHub Advanced Security, security campaigns rapidly reduce your backlog of application security debt. By using Copilot Autofix to generate contextual explanations and code suggestions for up to 1,000 historical code scanning alerts at a time, security campaigns help developers and security teams collaborate to fix vulnerabilities with speed and confidence.

Code scanning detection engines such as GitHub’s CodeQL are incredibly effective at automatically notifying developers about potential security vulnerabilities in their code in the form of code scanning alerts. Most developers fix these vulnerabilities with the help of Copilot Autofix when they’re flagged pull requests. However, in situations where these alerts aren’t remediated in a timely manner, security debt can build up and pose a serious risk to deployed applications. Using security campaigns, security teams and developers can easily collaborate to remediate and eradicate security debt at scale, with the help of Copilot Autofix.

A security campaign on GitHub can contain a large number of code scanning alerts, prioritized by your security team to be fixed within a chosen timeframe. When a campaign is created, Copilot Autofix automatically suggests fixes for all supported alerts, and developers who are most familiar with the code are notified. From there, they can review the fixes, open pull requests, and remediate the security debt.

Security teams can monitor the progress of the campaign and track the number of alerts that have been fixed. Using security campaigns, security and developer teams work together with Copilot Autofix to remove security debt in targeted efforts aimed at maximizing impact by focusing on the alerts that matter.

Organization-level view of a security campaign to remediate SQL injection alerts

Security campaigns are available for users of GitHub Advanced Security on GitHub Enterprise Cloud. For more information about security campaigns, see About security campaigns in the GitHub documentation.

If you have any feedback on security campaigns: join the discussion in the GitHub Community.

See more

GitHub Copilot code completion in Xcode

We are excited to announce that GitHub Copilot for Xcode is now available in public preview. This is a major milestone in our ongoing mission to make Copilot an essential tool for developers across a wide variety of platforms. Now, Apple developers can enjoy the same intelligent coding assistance, seamlessly integrated into their favorite IDE. With this public beta, Xcode users can boost productivity, speed up development, and enhance their overall coding experience using Copilot. We’re excited to bring the power of Copilot to even more developers, empowering them to innovate and build faster.

Key features of GitHub Copilot for Xcode:

  • Code completions: Copilot is now seamlessly embedded within Xcode, providing real-time code suggestions as you type.
  • Multi-language support: GitHub Copilot for Xcode supports multiple programming languages commonly used in the Apple ecosystem, including Swift and Objective-C. This broad language support ensures that all developers, regardless of their preferred language, can benefit from Copilot’s intelligent assistance.
  • Multiline suggestions: By default, you’ll see a single-line suggestion, but if multiple-line suggestions are available, you can access them by holding the Option key and pressing Option + Tab to accept the full suggestion.
  • Content filtering: Copilot includes advanced filters to screen out harmful or inappropriate content from its suggestions. This ensures that all code recommendations adhere to professional standards and contribute to a safe, respectful coding environment.
  • Block suggestions matching public code: You have the option to activate our duplicate detection filter that blocks suggestions matching public code on GitHub.

Video of code completion in Xcode

How to get started

You need to have a Copilot license to get access to Copilot for Xcode. All Copilot individual, business, and enterprise users have access to the public beta. To install the extension, simply follow the steps outlined in our getting started guide.

Feedback

To provide feedback or report issues, please open an issue on GitHub at https://github.com/github/CopilotForXcode/issues. If you’re experiencing a similar problem, please check existing issues and add a comment to share your experience or ask questions.

Join the Community

Connect with other developers, share tips, and discuss other updates to Copilot in our dedicated Copilot Community Discussions.

See more

With GitHub Copilot code review in Visual Studio Code, you can now get fast, AI-powered feedback on your code as you write it, or request a review of all your changes before you push.

There are two ways to use Copilot code review in VS Code:

  • Review selection: highlight code in VS Code and ask for an initial review. (Available now to all Copilot subscribers)
  • Review changes: ask Copilot for a deeper review of all your changes before you push from the “Source Control” tab, which you can also do in your pull request on GitHub.com. (Join the waitlist, open to all Copilot subscribers)

Copilot’s feedback shows up as comments in the editor, attached to lines of your code. Where possible, the comments include actionable code suggestions, which you can apply in one click.

A comment from Copilot in Visual Studio Code

To learn more about Copilot code review, head to the docs.

See more

Copilot Autofix now supports fix suggestions for problems detected by ESLint, a partner code scanning tool. Autofixes are available both in pull requests and for historical alerts.

Setting up ESLint using a starter workflow

ESLint is the first partner tool supported by Copilot Autofix. Support for additional partner tools, such as JFrog SAST and Black Duck’s Polaris™ platform powered by Coverity®, will be announced by future changelogs when available. To opt out of fix suggestions for third-party tools, you can disable this feature from the code scanning settings page.

Example of a fix suggestion for an existing ESLint alert

In order for Copilot Autofix to pick up ESLint alerts, you need to enable ESLint as a code scanning tool in the target repository. For reference, you can select an updated starter workflow when setting up a new GitHub Actions workflow in your repository. You can use both ESLint scanning and the CodeQL analysis in the same repository.

Disabling fix suggestions for third-party tools

For more information, see: Responsible use of Copilot Autofix for code scanning. If you have feedback for Copilot Autofix for code scanning, please join the discussion here.

See more

Screenshot of Copilot Extensions on GitHub Mobile

GitHub Copilot Extensions are now available in public preview for GitHub Mobile!

With Copilot Extensions, you can extend GitHub Copilot’s capabilities on the go with GitHub Mobile. Use extensions to query third-party tools or private data in natural language.

How to join the preview program:

• On iOS: Install TestFlight and follow the prompts to join the GitHub Mobile beta program.
• On Android: Become a beta tester on Google Play and follow the prompts to download the beta version of GitHub Mobile.

You can also build your own private extensions for internal use or publish extensions to the GitHub Marketplace. For more info, see our docs on building Copilot Extensions.

Notice: We have temporarily rolled back support for GitHub Copilot Extensions on JetBrains IDEs to perform maintenance. Extensions are not currently supported on JetBrains, but we’re working to restore access as soon as possible. Further updates will be posted to the GitHub Changelog.


Learn more about GitHub Mobile and share your feedback to help us improve.

See more

OpenAI o1-preview and o1-mini are now available to all users in GitHub Copilot Chat in VS Code, Visual Studio, and on github.com/copilot.

OpenAI o1 is a new series of AI models equipped with advanced reasoning capabilities, trained to think through complex tasks using an internal thought process. During our exploration of o1-preview with GitHub Copilot, we found the models better understood code constraints and edge cases, producing more efficient and higher quality results.

Now, you can test these models for yourself. You can power GitHub Copilot Chat with o1-preview, o1-mini, or the default GPT-4o model. By switching models during a conversation, you can quickly move from explaining APIs or generating boilerplate code to designing complex algorithms or analyzing logic bugs.

With this preview, we’re excited to bring OpenAI’s latest advancements to you, whether you’re developing software with Copilot or building the next great LLM-based product. We can’t wait to see what you build!

Join the discussion within GitHub Community.

See more

Code reviews and suggestions from colleagues, integrators, and AI agents like Copilot code review and Copilot autofix increase your code’s quality, but at times they can get overwhelming. You can now use Copilot Workspace directly in the context of your pull request to quickly refine, test, and incorporate code review feedback and suggestions from teammates and AI agents. Ship faster without compromising quality.

To get access, sign up for the waitlist here. This will also give you access to Copilot code review.

Copilot workspace with Copilot Review task

Using Copilot Workspace in your PRs, you can:

  • Review and incorporate code suggestions from teammates and AI agents in the context of the PR with an improved diff-viewing experience.
  • Refine and address merge-blocking feedback from directly within the PR with an improved code editing experience complete with language services and Copilot completions.
  • Build, test, and run proposed changes in the PR without affecting your personal build and test environment.

Validating an applied security autofix in Copilot Workspace

For more information see our documentation, or join the discussion within GitHub Community.

See more

In the latest versions of Visual Studio 2022, GitHub Copilot Completions now automatically considers semantically relevant C# files as additional context, even if those files are not open in your editor. This enhancement helps reduce hallucinations and provides more accurate, relevant suggestions.

GitHub Copilot provides autocomplete suggestions inline as you code. These suggestions are generated based on the content in your currently active file and any other open files in your editor. However, we’ve found that incorporating more relevant context leads to better suggestions.

To get started in Visual Studio 2022, ensure you’re using version 17.11 or later and have an active GitHub Copilot subscription. We hope this enhancement improves your experience with GitHub Copilot in Visual Studio. Our team is committed to improving Copilot support for C# developers in both Visual Studio and VS Code, with similar updates coming to VS Code soon.

For more details, visit the .NET team blog here.

Join our dedicated Community Discussions to discuss this update, share tips, and connect with other coders.

See more

Announcing the general availability of GitHub Enterprise Cloud with data residency in the EU

Today, GitHub Enterprise Cloud with data residency in the EU is generally available. GitHub Enterprise Cloud offers customers a robust, enterprise-grade development platform designed to enhance productivity, collaboration, and agility in software development, while providing the flexibility and control to choose where your code is stored, starting with the European Union (EU) and expanding to more regions in the future. Customers will also be able to monitor the status and availability of our services by region via the GitHub status webpage.

What is GitHub Enterprise Cloud with data residency?

GitHub Enterprise Cloud is a multi-tenant, enterprise SaaS deployment option of GitHub Enterprise with enhanced enterprise-grade capabilities and powered by Microsoft Azure. Customers experience a cloud-based unified platform that includes a suite of tools and capabilities to enhance the developer experience, so you can focus on building innovative software at scale without the complexities of having to manage updates and infrastructure.

GitHub Enterprise Cloud empowers you with the flexibility to choose where your code is stored, starting with the EU and expanding to more regions in the future. This enhanced control allows you to manage your data residency preferences to meet the unique needs of your business, whether for compliance, performance, availability, or other reasons. Powered by Microsoft Azure’s enterprise-grade infrastructure and security, GitHub Enterprise Cloud with data residency protects your code both in transit and at rest.

Who is this available for?

GitHub Enterprise Cloud is available to customers who need their code and repository data to reside in the EU. Support for data residency in additional regions will be released as they become available.

How can I access GitHub Enterprise Cloud with data residency?

Get started today by contacting our sales team. You can also learn more by visiting our docs.

Join our Community

Discuss this and other updates and swap tips with other Github Enterprise customers in our dedicated Community Discussions.

See more

A list of the GitHub Copilot Chat updates in the October VS Code release.

In the latest Visual Studio Code release, you will find a suite of enhancements to GitHub Copilot Chat, designed to streamline your coding, debugging, and testing processes. These features are now available for you to try out in the latest version of Visual Studio Code.

Start a code editing session with multi-file editing (Preview)

Setting: github.copilot.chat.edits.enabled

With multi-file editing, currently in preview, you can start an AI-powered code editing session where you can quickly iterate on code changes. Use multi-file editing to prompt GitHub Copilot to propose code changes across multiple files in your workspace. These edits are applied directly in the editor, so you can quickly review them in place, with the full context of the surrounding code.

Multi-file editing is great for iterating on large changes across multiple files. It brings the conversational flow of Copilot Chat and fast feedback from inline chat together in one experience. You can have an ongoing, multi-turn chat conversation on the side, while benefiting from inline code suggestions.

Get started with multi-file editing with these steps:

  1. Start an edit session by selecting Open Copilot Edits from the Chat menu.

Screenshot showing the Copilot menu in the Command Center, highlighting the Open Edit Session item

  1. Add relevant files to the working set to indicate to GitHub Copilot which files you want to work on.
  2. Enter a prompt to tell GitHub Copilot about the edit you want to make! For example, Add a simple navigation bar to all pages or Use vitest instead of jest.

Get more details about multi-file editing in the VS Code documentation. Try it out now and provide your feedback through our issues!

A new place to chat: Secondary Side Bar

The new default location for GitHub Copilot Chat view is the Secondary Side Bar. By using the Secondary Side Bar, you can have chat open at any time, while you still have other views available to you like the File Explorer or Source Control. This provides a more integrated AI experience in VS Code. You can quickly get to chat by using the Chat menu in the Command Center.

Chat view in its new location after having moved

With the introduction of the new Chat menu next to the Command Center, bringing up the Secondary Side Bar with chat is just a click away:

The Chat menu gives you access to the most common tasks for Copilot Chat. We provided a new setting, chat.commandCenter.enabled, that you can use to hide this menu if you wish.

Chat Menu

Note: If you had previously installed GitHub Copilot, a view will show up at the location you had Copilot Chat before that enables you to restore the Chat view to the old location.

Chat view in its old location after having moved

Code review (Preview)

With Copilot-powered code review in Visual Studio Code, you can now get fast, AI-powered feedback on your code as you write it, or request a review of all your changes before you push. Code review in Visual Studio Code is currently in preview. Try it out and provide feedback through our issues.

There are two ways to use code review in VS Code:

  • Review selection: For a quick review pass, select code in the editor and either select Copilot > Review and Comment from the editor context menu, or use the GitHub Copilot: Review and Comment command from the Command Palette. (This feature is in preview.)
  • Review changes: For a deeper review of all uncommitted changes, select the Copilot Code Review button in the Source Control view, which you can also do in your pull request on GitHub. (Join the waitlist, open to all Copilot subscribers)

Request review of uncommitted changes

Copilot’s feedback shows up as comments in the editor, attached to lines of your code. Where possible, the comments include actionable code suggestions, which you can apply.

Screenshot showing a comment reviewing a code selection

Head to the code review documentation to learn more.

GitHub Copilot’s quick review on code selection can provide feedback that matches the specific practices of your team or project, provided you give it the right context. When reviewing selections with custom review instructions, you can define those specific requirements via the github.copilot.chat.reviewSelection.instructions setting. Similar to code-generation and test-generation instructions, you can either define the instructions directly in the setting, or you can store them in a separate file and reference it in the setting.

The following code snippet shows an example of review instructions:

"github.copilot.chat.reviewSelection.instructions": [
{
"text": "Logging should be done with the Log4j ."
},
{
"text": "Always use the Polly library for fault-handling."
},
{
"file": "code-style.md" // import instructions from file `code-style.md`
}
],

Here is an example of the contents of the code-style.md file:

Private fields should start with an underscore.

A file can only contain one class declaration.

Sort by relevance in semantic search (Experimental)

Setting: github.copilot.chat.search.semanticTextResults

Last milestone, we introduced the ability to perform a semantic search using GitHub Copilot to get search results that are semantically relevant to your query. We have now improved the search results by sorting them by their relevance. Keyword matches from more relevant snippets are deemed more relevant overall.

File-based custom instructions enabled by default (Preview)

Setting: github.copilot.chat.codeGeneration.useInstructionFiles

The newly introduced .github/copilot-instructions.md file lets you document code-specific conventions for GitHub Copilot in your workspace or repository. With this release, the setting is enabled by default in VS Code, so chat conversations automatically include this file if it is present in the workspace. You can verify which instructions are added to a chat request in the Used references list. Learn more about customizing Copilot with instructions.

Intent detection in Copilot Chat

Setting: chat.experimental.detectParticipant.enabled

GitHub Copilot has several built-in chat participants, such as @workspace, which also contribute commands to the Chat view. Previously, you had to explicitly specify the chat participant and command in a chat prompt. To make it easier to use chat participants with natural language, we’ve enabled Copilot Chat to automatically route your question to a suitable participant or chat command.

Screenshot of Chat view that shows how the '@workspace' participant is automatically detected.

If the automatically selected participant is not appropriate for your question, you can select the rerun without link at the top of the chat response to resend your question to GitHub Copilot.

Control current editor context

Copilot Chat has always automatically included your current selection or the currently visible code as context with your chat request. Large Language Models (LLMs) are generally good at understanding whether a piece of context is relevant. But sometimes, when you ask a question that is not about your current editor, including this context might affect how the model interprets your question.

We now show a special attachment control in the chat input that gives a hint about the editor context. It also enables you to toggle whether or not to include the editor context.

The current editor context control in the chat input, which shows that the context is not included.

There are no changes to the behavior of the editor context. When the active editor has a selection, then just the selection is included. Otherwise, just the code that is scrolled into view is included. You can still attach other files or the full file by using the paperclip button or by typing # in the chat prompt.

A common use case of Copilot Chat is asking questions about the code in your workspace, such as using /tests to generate new unit tests for the selected code or asking @workspace to find some specific class or function in your project. This milestone, we added enhanced links for any workspace symbols that GitHub Copilot mentions in chat responses. These symbol links can help you better understand Copilot responses and learn more about the symbols used in them.

Symbol links are rendered as little pills in the response, just like the file links we added last milestone. To learn more about a symbol, select the symbol link to jump to that symbol’s definition:

You can also hover over the symbol link to see which file the symbol is defined in:

Hovering over a symbol link to see the file it's defined in

To start exploring a symbol in more detail, right-click on the symbol link to bring up a context menu with options, such as Go to Implementations or Go to References:

Using the context menu on a symbol link to learn more about a symbol

Basic symbol links should work for any language that supports Go to Definition. More advanced IntelliSense options, such as Go to Implementations, also require support for that language. Make sure to install language extensions to get the best symbol support for any programming languages used in GitHub Copilot responses.

Workspace indexing

@workspace lets you ask questions about code in your current project. This is implemented using either GitHub’s code search or a smart local index that VS Code constructs. This milestone, we added a few more UI elements that let you understand how this workspace index is being used.

First up, the new GitHub Copilot: Build Local Workspace index command lets you explicitly start indexing the current workspace. Normally, this indexing is automatically kicked off the first time you ask a @workspace question. With the new command, you can start indexing at any time. The command also enables indexing larger workspaces, currently up to 2000 files (not including ignored files, such as the node_modules or out directories).

While the index is being built, we now show a progress item in the status bar:

A status bar item showing the progress of indexing the current workspace

Indexing workspaces with many hundreds of files can take a little time. If you try to ask an @workspace question while indexing is being constructed, instead of waiting, GitHub Copilot will try to respond quickly by using a simpler local index that doesn’t take as long to build. We now show a warning in the response when this happens:

A warning showing on a response telling the user the Copilot user

Notice that Copilot was still able to answer the question in this case, even though it used the simpler local index. That’s often the case, although more ambiguous or complex questions might only be answerable once the more complex index has been constructed. Also keep in mind that if your workspace is backed by a GitHub repository, we can instead use GitHub’s code search to answer questions. In this case, GitHub Copilot uses code search instead of the simpler local index.

Fix using Copilot action in the Problem hover

The Problem hover now includes the action to fix the problem using GitHub Copilot. You can use this action with problems that have a fix available, and the fix is generated by Copilot.

The Problem hover showing a fix using Copilot action

Chat settings updates

As we continue to add new features to GitHub Copilot, we want to make it easier to check out what’s new and ready to try out. We’ve restructured our settings and added support for tagging preview and experimental settings.

New features may go through the following early access stages, which are described in the settings editor as follows:

Experimental: This setting controls a new feature that is actively being developed and may be unstable. It is subject to change or removal.

Preview: This setting controls a new feature that is still under refinement but is ready to use. Feedback is welcome.

You can check out all of GitHub Copilot’s preview features using @tag:preview in the Settings editor and all of the experimental features using @tag:experimental.

Discuss this and more in our dedicated community discussion.

See more

To reduce hallucinations, improve contextually-relevant suggestions, and provide a consistent C++ experience across Visual Studio and Visual Studio Code, related files such as headers are now automatically considered when gathering additional context for Copilot completions, even if they’re not open in the editor.

This is available to C++ users with an active GitHub Copilot subscription on Visual Studio 2022 17.12 or greater.

Discuss this update and swap tips with other developers in our dedicated Community Discussions.

See more

Secret scanning now supports delegated bypass controls for repository file uploads from the browser.

If delegated bypass is configured for an organization or repository, anyone without bypass permissions will need to submit a bypass request to approved reviewers in order to upload a file that contains a secret. This helps ensure that secrets are not accidentally committed to a repository.

For more information, see “About secret scanning” and “About delegated bypass for push protection.”

See more

Public leak and multi-repository indicators are now included in webhook and audit log event payloads for secret scanning alerts.

What are public leak and multi-repo labels?

To help you triage and remediate secret leaks more effectively, GitHub secret scanning indicates if a secret detected in your repository has also leaked publicly with a public leak label on the alert. The alert also indicates if the secret was exposed in other repositories across your organization or enterprise with a multi-repo label.

These labels provide additional understanding into the distribution of an exposed secret, while also making it easier to assess an alert’s risk and urgency. For example, a secret which has a known associated exposure in a public location has a higher likelihood of exploitation. Detection of public leaks is only currently supported for provider-based patterns.

The multi-repo label makes it easier to de-duplicate alerts and is supported for all secret types, including custom patterns. You can only view and navigate to other enterprise repositories with duplicate alerts if you have appropriate permissions to view them.

Both indicators currently apply only for newly created alerts.

Learn more

Learn more about reviewing alert labels and how to secure your repositories with secret scanning. Let us know what you think by participating in our GitHub community discussion or signing up for a 60 minute feedback session.

See more

GitHub Enterprise Cloud enterprise and organization administrators can now configure policies to restrict the usage of deploy keys across all the repositories of their organizations, giving you more control and greater security over your deploy keys.

Deploy keys provide SSH access to a single repository and are often used by integrations with external servers to a repository without using a personal GitHub account. However, this makes it hard to track the lifecycle of deploy keys across your repositories, as they exist outside of a user context and have no timed expiration capability. Now with the ability to set deploy key policies, you can more easily track and manage your deploy keys across your repositories.

All new enterprises and organizations will have the deploy key policy disabled by default.

For compatibility reasons, the deploy key policy will be enabled by default for all existing enterprises and organizations. You may want to explicitly disable the setting after evaluating and replace your deploy key usage with more secure alternatives like GitHub Apps.

For more details, learn more about the new policy for managing deploy keys.

See more

Now, verified nonprofits can access the GitHub Team plan for free or receive 25% off the GitHub Enterprise Cloud plan through GitHub for Nonprofits. This includes nonprofit organizations that are 501(c)(3) or equivalent and are non-governmental, non-academic, non-commercial, non-political in nature, and have no religious affiliation.

You can sign up here to get exclusive discounts automatically applied to your account. Join GitHub for Nonprofits, where technology meets purpose, and together, let’s create a more sustainable and equitable future for all.

Join the discussion within GitHub Community.

See more

Secret scanning bypass privileges for push protection are now generally available.

These controls allow you to choose who is allowed to bypass push protection, and introduce a review and approval cycle for pushes containing secrets from all other contributors. This can ensure push protection blocks are not accidentally bypassed and prevent secrets from being committed to your repositories.

Controls for bypass privileges can be set as part of your organization’s security configurations or at the repository level in your code security settings. You can add specific roles or teams to your bypass list. The individuals in these roles and teams will be able to bypass push protection themselves, and will act as reviewers for any bypass requests submitted by another contributor. The requests can be approved or denied, determining whether the commit can proceed into the repository.

screenshot of bypass privileges within security configurations

Reviewers can view the requests under the Security tab at either the organization level or repository level. Requests can also be accessed through audit log and webhook events.

Learn more about secret scanning and push protection, or join the discussion in the GitHub Community.

See more