The Wayback Machine - https://web.archive.org/web/20240910123505/https://github.blog/changelog/

Skip to content

/ Blog

Try GitHub Copilot Contact sales

AI & ML
- AI & ML
  Learn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry.
  - Generative AI
    Learn how to build with generative AI.
  - GitHub Copilot
    Change how you work with GitHub Copilot.
  - LLMs
    Everything developers need to know about LLMs.
  - Machine learning
    Machine learning tips, tricks, and best practices.
- How AI code generation works
  Explore the capabilities and benefits of AI code generation and how it can improve your developer experience.
  Learn more
Developer skills
- Developer skills
  Resources for developers to grow in their skills and careers.
  - Application development
    Insights and best practices for building apps.
  - Career growth
    Tips & tricks to grow as a professional developer.
  - GitHub
    Improve how you use GitHub at work.
  - GitHub Education
    Learn how to move into your first professional role.
  - Programming languages & frameworks
    Stay current on what’s new (or new again).
- Get started with GitHub documentation
  Learn how to start building, shipping, and maintaining software with GitHub.
  Learn more
Engineering
- Engineering
  Get an inside look at how we’re building the home for all developers.
  - Architecture & optimization
    Discover how we deliver a performant and highly available experience across the GitHub platform.
  - Engineering principles
    Explore best practices for building software at scale with a majority remote team.
  - Infrastructure
    Get a glimpse at the technology underlying the world’s leading AI-powered developer platform.
  - Platform security
    Learn how we build security into everything we do across the developer lifecycle.
  - User experience
    Find out what goes into making GitHub the home for all developers.
- How we use GitHub to be more productive, collaborative, and secure
  Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
  Learn more
Enterprise software
- Enterprise software
  Explore how to write, build, and deploy enterprise software at scale.
  - Automation
    Automating your way to faster and more secure ships.
  - CI/CD
    Guides on continuous integration and delivery.
  - Collaboration
    Tips, tools, and tricks to improve developer collaboration.
  - DevOps
    DevOps resources for enterprise engineering teams.
  - DevSecOps
    How to integrate security into the SDLC.
  - Governance & compliance
    Ensuring your builds stay clean.
- How enterprise engineering teams can successfully adopt AI
  Learn how to bring AI to your engineering teams and maximize the value that you get from it.
  Learn more
News & insights
- News & insights
  Keep up with what’s new and notable from inside GitHub.
  - Company news
    An inside look at news and product updates from GitHub.
  - Product
    The latest on GitHub’s platform, products, and tools.
  - Octoverse
    Insights into the state of open source on GitHub.
  - Policy
    The latest policy and regulatory changes in software.
  - Research
    Data-driven insights around the developer ecosystem.
  - The library
    Older news and updates from GitHub.
- Unlocking the power of unstructured data with RAG
  Learn how to use retrieval-augmented generation (RAG) to capture more insights.
  Learn more
Open Source
- Open Source
  Everything open source on GitHub.
  - Git
    The latest Git updates.
  - Maintainers
    Spotlighting open source maintainers.
  - Social impact
    How open source is driving positive change.
  - Gaming
    Explore open source games on GitHub.
- An introduction to innersource
  Organizations worldwide are incorporating open source methodologies into the way they build and ship their own software.
  Learn more
Security
- Security
  Stay up to date on everything security.
  - Application security
    Application security, explained.
  - Supply chain security
    Demystifying supply chain security.
  - Vulnerability research
    Updates from the GitHub Security Lab.
  - Web application security
    Helpful tips on securing web applications.
- The enterprise guide to AI-powered DevSecOps
  Learn about core challenges in DevSecOps, and how you can start addressing them with AI and automation.
  Learn more

Categories

AI & ML
- AI & ML
  Learn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry.
  - Generative AI
    Learn how to build with generative AI.
  - GitHub Copilot
    Change how you work with GitHub Copilot.
  - LLMs
    Everything developers need to know about LLMs.
  - Machine learning
    Machine learning tips, tricks, and best practices.
- How AI code generation works
  Explore the capabilities and benefits of AI code generation and how it can improve your developer experience.
  Learn more
Developer skills
- Developer skills
  Resources for developers to grow in their skills and careers.
  - Application development
    Insights and best practices for building apps.
  - Career growth
    Tips & tricks to grow as a professional developer.
  - GitHub
    Improve how you use GitHub at work.
  - GitHub Education
    Learn how to move into your first professional role.
  - Programming languages & frameworks
    Stay current on what’s new (or new again).
- Get started with GitHub documentation
  Learn how to start building, shipping, and maintaining software with GitHub.
  Learn more
Engineering
- Engineering
  Get an inside look at how we’re building the home for all developers.
  - Architecture & optimization
    Discover how we deliver a performant and highly available experience across the GitHub platform.
  - Engineering principles
    Explore best practices for building software at scale with a majority remote team.
  - Infrastructure
    Get a glimpse at the technology underlying the world’s leading AI-powered developer platform.
  - Platform security
    Learn how we build security into everything we do across the developer lifecycle.
  - User experience
    Find out what goes into making GitHub the home for all developers.
- How we use GitHub to be more productive, collaborative, and secure
  Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
  Learn more
Enterprise software
- Enterprise software
  Explore how to write, build, and deploy enterprise software at scale.
  - Automation
    Automating your way to faster and more secure ships.
  - CI/CD
    Guides on continuous integration and delivery.
  - Collaboration
    Tips, tools, and tricks to improve developer collaboration.
  - DevOps
    DevOps resources for enterprise engineering teams.
  - DevSecOps
    How to integrate security into the SDLC.
  - Governance & compliance
    Ensuring your builds stay clean.
- How enterprise engineering teams can successfully adopt AI
  Learn how to bring AI to your engineering teams and maximize the value that you get from it.
  Learn more
News & insights
- News & insights
  Keep up with what’s new and notable from inside GitHub.
  - Company news
    An inside look at news and product updates from GitHub.
  - Product
    The latest on GitHub’s platform, products, and tools.
  - Octoverse
    Insights into the state of open source on GitHub.
  - Policy
    The latest policy and regulatory changes in software.
  - Research
    Data-driven insights around the developer ecosystem.
  - The library
    Older news and updates from GitHub.
- Unlocking the power of unstructured data with RAG
  Learn how to use retrieval-augmented generation (RAG) to capture more insights.
  Learn more
Open Source
- Open Source
  Everything open source on GitHub.
  - Git
    The latest Git updates.
  - Maintainers
    Spotlighting open source maintainers.
  - Social impact
    How open source is driving positive change.
  - Gaming
    Explore open source games on GitHub.
- An introduction to innersource
  Organizations worldwide are incorporating open source methodologies into the way they build and ship their own software.
  Learn more
Security
- Security
  Stay up to date on everything security.
  - Application security
    Application security, explained.
  - Supply chain security
    Demystifying supply chain security.
  - Vulnerability research
    Updates from the GitHub Security Lab.
  - Web application security
    Helpful tips on securing web applications.
- The enterprise guide to AI-powered DevSecOps
  Learn about core challenges in DevSecOps, and how you can start addressing them with AI and automation.
  Learn more

Contact sales Try GitHub Copilot

Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

→ ~ cd github-changelog

→ ~/github-changelog|main git log main

showing all changes successfully

Larger context window, improved test generation, and more in VS Code’s Copilot Chat

September 9, 2024

VS Code August recent updates

Since last month’s upgrade to GPT-4o, we now increased the available Chat context, so you can reference larger files and have longer chat conversations with GitHub Copilot Chat in VS Code. Additionally, you can now click Attach Context in Inline and Quick Chat to add more relevant context to your queries.

This month’s release also brings the following improvements to Copilot Chat in VS Code:

Easily generate tests using the Generate Tests using Copilot action or the /tests slash command. Copilot will now update and append tests to existing files or create a new test file if none exists. Learn more.
Revisit previous chat sessions with the Show Chats button. Sessions now have AI-generated names and can be manually renamed. Entries are sorted by the date of the last request and grouped by date buckets. Learn more.
Provide specifics on unsatisfactory Chat responses by selecting the Thumbs down button. A dropdown with detailed options helps you pick a problem type or report it as an issue to us, helping us improve Copilot. Learn more.
Code Actions now have clearer names: Generate Tests using Copilot and Generate Documentation using Copilot. Just place the cursor on an identifier and choose the action. Learn more.

Experimental New Features

Experimental settings are available in VS Code to gather your feedback and influence the future development of Copilot. Share your thoughts in our issues.

Define instructions for code generation (e.g., always use underscore for private field names) in settings or import from a file. Edit them in github.copilot.chat.experimental.codeGeneration.instructions, either as a user setting for yourself or as a workspace setting for your team. Learn more.
Use recently seen or edited coding files as inline Chat context for more relevant suggestions. Enable via github.copilot.chat.experimental.temporalContext.enabled in VS Code. Learn more.
Use the /startDebugging slash command to create a launch configuration and start debugging. Enable via github.copilot.advanced.startDebugging.experimental.enabled in VS Code. Learn more.

Check out the full release notes for VS Code’s August release (version 1.93) for more details and to learn more about the features in this release.

See more See more

Lower permissions for GitHub Enterprise Cloud Team Sync for Microsoft Entra ID

September 5, 2024

You can now use GitHub Enterprise Cloud Team Sync for Microsoft Entra ID with a new lower permission, GroupMember.Read.All, to sync group state into GitHub.

The new permission provides the least privileged permissions needed in order to access data and function correctly. New installations will request the new permission while existing installations will continue to work without interruption.

Administrators who wish to reduce the permissions of their existing installation can reinstall the application, or use the App Role Assignments API to modify the permissions of their existing service.

Learn more about team synchronization.

See more See more

Deprecation notice: Dependabot dropping support for Bundler v1

September 5, 2024

As of October 7, 2024, Dependabot will no longer support Bundler version 1, which has reached its end-of-life. If you continue to use Bundler version 1, there’s a risk that Dependabot will not create pull requests to update dependencies. If this affects you, we recommend updating to a supported release of Bundler. As of September 2024, the newest supported version of Bundler is 2.5. View Bundler’s official support policies for more information about supported releases.

See more See more

Pull request commits page refresh (public beta)

September 5, 2024

The pull request commits page has been refreshed to improve performance, improve consistency with other pages, and to make the experience more accessible!

Screenshot of the updated PR commits page showing a list of commits for a PR

To minimize disruptions, the capabilities of the classic commits page have been maintained, with a few exceptions: you can now use arrow keys to navigate the list of commits (instead of j and k) and focus indicators have been improved for better visual distinction.

Opt out

To switch back to the classic commits page, disable the “New Pull Request Commits Experience” feature preview (learn more).

Feedback

To provide feedback, ask questions, learn about known issues, visit the GitHub Community feedback discussion!

See more See more

Copilot Chat in GitHub.com is now contextually aware of GitHub Advanced Security alerts

September 5, 2024

You can now use Copilot Chat in GitHub.com to search across GitHub to find and learn more about GitHub Advanced Security Alerts from code scanning, secret scanning, and Dependabot. This change helps you to better understand and seamlessly fix security alerts in your pull request. ✨

Try it yourself by asking questions like:
– How would I fix this alert?
– How many alerts do I have on this PR?
– What class is this code scanning alert referencing?
– What library is affected by this Dependabot alert?
– What security alerts do I have in this repository?

Learn more about asking questions in Copilot Chat on GitHub.com or about GitHub Advanced Security.

See more See more

Enterprise audit logs can be streamed to two endpoints (private beta)

September 3, 2024

You can now stream your Enterprise’s audit log to two of GitHub’s supported streaming endpoints.

This update allows you as an Enterprise owner to easily employ your choice of tools for log storage and analysis. When managing your Enterprise, you may need to employ multiple tools to ensure compliance and maintain a strong security posture. This can involve different teams, requiring different levels of access, employing different technology to accomplish their objectives in supporting your Enterprise’s security and compliance requirements. By streaming your audit logs to two endpoints, you can employ multiple log storage and analysis tools without the need for a complex log routing architecture or deal with increased latency.

Interested in signing up? Please reach out to your GitHub account manager or contact our sales team to have this feature enabled for your Enterprise. Once enabled, you can follow our documents setting up audit log streaming to set up a second stream.

See more See more

GitHub Actions: arm64 Linux and Windows runners are now generally available

September 3, 2024

actions

Arm64 Linux and Windows GitHub-hosted runners for Actions are now generally available. This new addition to our suite of hosted runners provides power, performance & sustainability improvements for all your Actions jobs. Arm64 runners are available to customers on our Team and Enterprise Cloud plans.

“We switched to the GitHub arm64 runners from a custom, self-managed setup on AWS Graviton instances. Switching to GitHub runners has saved us over 75% on our monthly fees and removed all the management overhead, which is particularly important given we’re a seed stage startup. The ARM runners have significantly improved build times from over 30 minutes on x86 runners to around 4 minutes on ARM. This allows us to iterate on pull requests much faster, and run the build process for ARM and x86 in parallel as part of the same GitHub Actions workflow, simplifying the process of getting code to production for our development team.” -David Mytton, Founder, Arcjet

Head over to the GitHub blog to read more about the benefits of arm64 runners and how to get started.

See more See more

Add repository permissions to custom organization roles

August 29, 2024

You can now add repository permissions to custom organization roles, granting a specific level of access to all the repositories in your organization.

This builds on the release of organization-wide permission grants in GitHub’s pre-defined organization roles. These updates enable admins to easily scale access management across large teams and organizations.

Creating a custom organization role using the new repository permissions. The role is based on the Write base role, and adds 3 permissions - delete issues, request solo merge, and update repo properties

Using repository permissions in organization roles

Organization roles do not have to contain organization permissions (i.e. read_org_audit_log) in order to include a repository role and permissions (i.e. close_issue). This lets you create your own versions of the pre-defined organization base roles like Write or Triage, assigning those roles to everyone in your organization to ensure a set standard of access that matches your requirements.

A popular use case is to create elevated roles for your on-call rotation. For instance, a role based on Write with the “Jump the merge queue” and “Request a solo merge” repository permissions added so that your on-call team can get that fixed quickly. Using the APIs you can automate assignment of this role to your current on-call, granting them those elevated permissions as a break-glass or shift-based privilege.

Managing repository access

Both the UI for organization role creation and the REST API have been updated to support repository permissions.

In addition, we’ve updated the repository access management page to distinguish between access granted by the repository owner to a user or team versus organization-wide grants made by the organization owner. This helps explain how a user got access to a specific repository.

The new repository collaborators view, showing the organization based access.

For more information, see GitHub’s documentation as well as the REST API methods for automating role creation and assignment.

See more See more

Unkey is now a GitHub secret scanning partner

August 29, 2024

For Unkey users, GitHub secret scanning now scans for Unkey tokens to help secure your public repositories. Unkey’s Root API Key enables users to create and manage Unkey resources including APIs, API keys, global rate limiting, and access controls. GitHub will forward any exposed tokens found in public repositories to Unkey, who will then revoke the compromised tokens and notify the affected users. Read more information about Unkey tokens.

GitHub secret scanning protects users by searching repositories for known types of secrets such as tokens and private keys. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

GitHub Advanced Security customers can also scan for and block Unkey tokens in their private repositories.

See more See more

Secret scanning fine-grained permissions for bypasses

August 29, 2024

You can now grant fine-grained permissions to review and manage push protection bypass requests within your organization.

Anyone with this permission will have the ability to approve and manage the list of bypass requests. You can still also grant these permissions by adding roles or teams to the “Bypass list” in your code security and analysis settings.

Next month, GitHub will be removing custom role support from the bypass list along with this change. To avoid disruption, existing custom roles that were added as bypass reviewers previously will be granted the fine grained permissions to review and manage bypass requests.

Delegated bypasses for secret scanning push protection allow organizations and repositories to control who can push commits that contain secrets. Developers can request approval from authorized users to push a blocked secret.

Learn more

Learn more about how to secure your repositories with secret scanning. Let us know what you think by participating in a GitHub community discussion or signing up for a 60 minute feedback session.

See more See more

What’s New in GitHub Sponsors

August 29, 2024

sponsors

View all your organization’s Sponsors activity in one place.

It’s now easier for organizations to view GitHub Sponsors related activities in one place. From the Sponsors dashboard you can view your current and past sponsorships, create bulk sponsorships, and view your dependencies. You can search for a specific project or export all of your dependencies to easily find maintainers to sponsor.

Learn more about the Sponsors dashboard.

Share Sponsorships on Social Media

Maintainers and sponsors can share and celebrate sponsorships on social media with a click of a button. Maintainers can connect with their sponsors and share their goals.

Learn more about sharing on social.

See more See more

Copilot Chat in GitHub.com now can search across GitHub entities

August 29, 2024

With this change, you can now use natural language within Copilot Chat in GitHub.com to search across GitHub to find commits, issues, pull requests, repositories, and topics.

Try it yourself:
– What are the most recent issues assigned to me?
– What repos are related to [insert topic]?
– What is the most recent PR from @user?

We’ve also made some changes under the hood to make Copilot more efficient with how it stores conversation histories. This means that Copilot can now remember more of the history of your conversation which should result in more informed and reliable responses ✨.

Join the discussion within GitHub Community.

See more See more

GitHub Enterprise Server 3.14 is generally available

August 29, 2024

GitHub Enterprise Server 3.14 is generally available

GitHub Enterprise Server 3.14 gives customers enhanced deployment requirements and security controls. Here are a few highlights in the 3.14 release:

SCIM for GHES is a popularly requested enterprise identity management feature, now available in public beta! SCIM stands for “System for Cross-domain Identity Management” and is a leading standard for user lifecycle management in SaaS applications. Enterprise administrators can configure SCIM for their GitHub Enterprise Server instance, which supports automatic provisioning of new user accounts and groups through our SCIM API. We support several paved path applications such as Entra ID and Okta that combine SAML and SCIM support in one place. Additionally, you may bring your own SAML identity provider and SCIM implementation to GitHub Enterprise Server to satisfy your unique identity and user lifecycle management needs. To get started, visit our SCIM documentation for GitHub Enterprise Server. While in public beta, we recommend testing SCIM support for your identity system in a non-production GHES environment before adding SCIM to your current setup. SCIM support can be added onto existing SAML implementations, but it will require using a new application that supports automated provisioning via SCIM in your IdP. Existing private beta customers should also reconfigure their implementation with updated IdP applications.
SAML settings are now visible as a read-only configuration in the enterprise settings page. Enterprise administrators are able to view these settings in the same place where SCIM support is configured for your enterprise instance.
We’re introducing custom organization roles, allowing you to delegate some of the organization’s administrative duties to trusted teams and users. Organization admins will have both the UI and API to manage these custom roles. See custom organization roles.
Code scanning option for repository rules is now available in public beta in GHES. Now, you can create a dedicated code scanning rule to block pull request merges instead of relying on status checks. This makes it easier than ever to prevent new vulnerabilities from being introduced into a code base. See set code scanning merge protection.
Dependabot grouped security updates are now generally available. This feature automatically groups Dependabot pull requests and lets you specify several additional options to fine tune groupings. You can enable grouped security updates for Dependabot at the repository or organization-level. If you would like more granular control over Dependabot’s grouping, you can also configure the dependabot.yml file in a repository.
With Generation 2 VM support, Operators can scale the GHES appliance vertically. New installs of 3.14 and later will boot on newer generation hardware by supporting both boot firmwares, BIOS, and UEFI. See Generation 2 VMs.
On an instance with multiple replica nodes, to start or stop replication for all nodes in a single configuration run, Operators can use the ghe-repl-start-all and ghe-repl-stop-all commands.

Read more about GitHub Enterprise Server 3.14 in the release notes, or download it now. If you have any issues upgrading your GitHub Enterprise Server Appliance to version 3.14, or problems using new features, please contact our Support team.

Join the community discussion to share your feedback and ask questions.

See more See more

CodeQL code scanning can analyze Java and C# codebases without needing a build (GA)

August 28, 2024

CodeQL code scanning can now analyze Java and C# code without having to observe a build. This makes it easier to roll out the security analysis on large numbers of repositories, especially when enabling and managing repositories with GHAS security configurations.

CodeQL is the analysis engine that powers GitHub code scanning. When analyzing source code, it is important that the analysis engine has detailed knowledge of all aspects of the codebase. Now, the analysis engine no longer depends on observing the build process for Java and C# code, resulting in higher setup success and adoption rates for CodeQL code scanning (Java and C#).

During the testing of this feature, we validated that the analysis results were as accurate as the previous methodology. This feature was previously in public beta earlier this year (Java, C#), when it became the new default analysis mode for new users of CodeQL code scanning for these languages. Some customers experienced time significant savings as some tasks that previously took weeks now are achievable in minutes.

CodeQL’s new zero-configuration analysis mechanisms for both Java and C# are available on GitHub.com. If you are setting up CodeQL code scanning for these repositories, you will benefit from this analysis mechanism by default. If you set up CodeQL code scanning for Java or C# before their respective public beta releases of this feature, your analysis will remain unchanged (but can be migrated by disabling the current configuration and re-enabling code scanning using default setup). This new functionality will also be released to our GitHub Enterprise Server (GHES) customers starting with version 3.14 for Java and 3.15 for C#.

Repositories that use code scanning advanced setup will continue to use whichever analysis mechanism is specified in the Actions workflow file. The template for new analysis configurations now uses the new analysis mechanism by specifying `build-mode: none`. The old analysis mechanisms remain available. Users of the CodeQL CLI can find more documentation here.

Learn more about GitHub code scanning. If you have any feedback about these new analysis mechanisms for Java and C#, please join the discussion here.

See more See more

Custom models for GitHub Copilot are now in Limited Public Beta

August 27, 2024

Custom models for GitHub Copilot are now available in Limited Public Beta for Copilot Enterprise. This new capability lets you fine-tune Copilot to better understand and align with your organization’s unique coding practices, improving the relevance and accuracy of code suggestions across your projects.

What are custom models?

Custom models are large language models (LLMs) that have been fine-tuned using your organization’s codebases. By training a model on your proprietary libraries, specialized languages, and internal coding patterns, Copilot delivers code suggestions that are more context-aware and tailored to your organization’s needs.

During this beta, you can create a custom model using your GitHub repositories. Optionally, you may also enable the collection of code snippets and telemetry from developers’ Copilot prompts and responses to further fine-tune the model. This process closely aligns Copilot’s suggestions with your coding practices, making them more relevant and accurate. As a result, your development teams will spend less time on code reviews, debugging, and manual code adjustments, ultimately boosting team productivity and ensuring more consistent code quality.

Custom-Model-Training-Config

Importantly, your data remains entirely yours. It is never used to train another customer’s model, and your custom model is kept private, ensuring full control, security, and privacy.

When to Use Custom Models

Custom models enable you to make Copilot’s suggestions more relevant to your specific needs, which can lead to higher acceptance rates of the code suggested by Copilot among your developers. Consider using custom models in the following scenarios:

Enhance Library and API Usage: When your organization relies heavily on custom libraries or APIs that aren’t well-represented in public datasets, a custom model can prioritize these in its suggestions, making it easier for your developers to follow internal standards.
Improve Support for Specialized Languages: If your team works with less common or proprietary languages, custom models can make Copilot much more effective. Fine-tuning helps Copilot understand these languages better, reducing friction and improving productivity.
Adapt to Evolving Codebases: As your codebase changes, you have full control over when and how often to retrain your custom model. By regularly retraining, you can ensure that Copilot keeps up with the latest coding patterns, so it continues to provide relevant and accurate suggestions.

How to Get Started

Sign Up for the Beta:
Sign up here to participate in the Limited Public Beta and make sure your organization is on the Copilot Enterprise plan.
Prepare Your Repositories:
Choose the repositories that best reflect your organization’s coding standards. Include those with proprietary libraries, specialized languages, or key internal frameworks to get the most out of fine-tuning. If your enterprise has multiple GitHub organizations, note that only one organization and its repositories can be used for training during this beta.
Enable Telemetry Collection:
To further customize your model, consider enabling the collection of code snippets and telemetry related to developers’ prompts and Copilot’s suggestions. This data will be securely collected and used for additional fine-tuning, improving the accuracy and relevance of Copilot’s output for your team. Your data will only be used to enhance your custom model and will not be shared with others. For more details about our data-handling practices, please visit the Trust & Security Center or review GitHub’s data protection agreement.
Training and Usage:
After setup, your custom model will be trained using the selected repositories. Once it’s ready, your developers’ IDEs will automatically start using the custom model, which will inform all in-line code completions.
Monitoring & Quality Assessment:
Regularly retrain your custom model to keep it aligned with new code and evolving practices. Use the Copilot Usage Metrics API to track metrics like suggestion acceptance rates and see how much it’s improving.

Additional Resources

Join the custom models waitlist.
For more information about custom models, see the documentation.
Questions or suggestions? Join the conversation in the community discussion.

See more See more

Secret scanning displays branch and file paths for push protection bypasses

August 26, 2024

Push protection bypass requests will now show file path and branch information for the secret. This improvement helps you more effectively triage any secrets for which you’ve requested push protection bypasses. Branch information is only available for pushes to single branches.

Delegated bypasses for secret scanning push protection allow organizations and repositories to control who can push commits that contain secrets. Developers can request approval from authorized users to push a blocked secret.

Learn more

Learn more about how to secure your repositories with secret scanning. Let us know what you think by participating in a GitHub community discussion or signing up for a 60 minute feedback session.

See more See more

Client IDs are now included in App API responses

August 23, 2024

The client_id field is now included in all API responses that describe a GitHub App. We are shifting to use the client ID as the primary identifier for an app, as client IDs are globally unique while application IDs and names are not.

Historically GitHub has used the app_name (aka slug) or the app_id (a database ID) to identify applications in our APIs. However, the app name is not immutable and the app ID is not sufficiently globally unique. We are gradually moving all App-related APIs to support the use of the client_id of an application as their primary identifier instead of the name or database ID – this was first seen in our change to support using the client ID to mint JWTs used for installation tokens.

We are making this change to prepare for upcoming features that allow programmatic management of applications in your enterprise. This additional data will make it easier to find the client ID of an application that you are interested in.

For more information about how to get application information, see our REST API documentation.

See more See more

Secret scanning non-provider patterns inclusion in recommended security configuration

August 23, 2024

Now, secret scanning non-provider patterns are included in the GitHub-recommended security configuration. Non-provider patterns have also been automatically enabled for any repositories with the recommended configuration previously attached.

Secret scanning non-provider patterns are generic detectors which help you uncover secrets outside of patterns tied to specific token issuers, like HTTP authentication headers, connection strings, and private keys.

Learn more

Learn more about how to secure your repositories with secret scanning. Let us know what you think by participating in a GitHub community discussion or signing up for a 60 minute feedback session.

See more See more

Secret scanning now deduplicates non-provider patterns

August 22, 2024

To help you triage and remediate secret leaks more effectively, GitHub secret scanning now dededuplicates non-provider patterns (generic patterns) against provider patterns.

Secret scanning non-provider patterns are generic detectors that help you uncover secrets outside of patterns tied to specific token issuers, like HTTP authentication headers, connection strings, and private keys.

Note: Custom patterns are not deduplicated, as removing a custom pattern will also delete those alerts. We recommend adjusting your custom patterns to avoid overlap with any GitHub-defined detectors.

Learn more

Learn more about how to secure your repositories with secret scanning. Let us know what you think by participating in a GitHub community discussion or signing up for a 60 minute feedback session.

See more See more

Secret scanning non-provider patterns are included in security configurations

August 20, 2024

You can now enable non-provider patterns (generic patterns) through security configurations at the organization level.

Non-provider patterns will also be included in the GitHub-recommended security configuration on August 23, 2024. At that time, non-provider patterns will be automatically enabled for any repositories with the recommended configuration attached.

Learn more about how to secure your repositories with secret scanning.

Let us know what you think by participating in a GitHub community discussion or signing up for a 60 minute feedback session.

See more See more

View more changes