OpenAI’s latest model, o3-mini, is now available in GitHub Copilot and GitHub Models, bringing OpenAI’s newest reasoning model to your coding workflow.
The o3-mini reasoning model outperforms o1 on coding benchmarks with response times that are comparable to o1-mini, meaning you’ll get improved quality at nearly the same latency.
This cutting-edge model is rolling out gradually and will be available to GitHub Copilot Pro, Business, and Enterprise users today via the model picker in Visual Studio Code and github.com chat (support in Visual Studio, and JetBrains are coming soon). To accelerate your workflow, whether you’re debugging, refactoring, modernizing, testing, or just getting started, simply select “o3-mini (Preview)” to begin using it.
Paid Copilot subscribers get up to 50 messages every 12 hours. Business or Enterprise admins can enable o3-mini access for org members through their org and enterprise admin settings pages.
GitHub Models users with a paid Copilot plan will also be able to leverage the o3-mini model to enhance their AI applications and projects later today. In the GitHub Models playground, you can explore o3-mini’s versatility as you experiment with sample prompts, refine your ideas, and iterate as you build. You can also try it alongside other models available on GitHub Models including models from Cohere, DeepSeek, Meta, and Mistral.
We’re releasing various improvements to security campaigns to help security teams and developers collaborate more effectively to resolve security debt with the help of Copilot Autofix.
Security campaigns with Copilot Autofix were released in public preview at GitHub Universe.
Available as part of GitHub Advanced Security, security campaigns help you rapidly reduce your backlog of application security debt. With security campaigns, you can make sure your developers focus on the most important security alerts across your portfolio. Copilot Autofix also automatically generates contextual explanations and suggests fixes for alerts in a campaign.
Today we are announcing multiple improvements based on the customer feedback we have received during the security campaigns public preview:
* The repository limit for security campaigns has increased from 100 to 1000, making it easier to create campaigns from more of your critical repositories.
* Multiple users or teams can now be specified as campaign managers, giving application security teams greater flexibility in assigning responsibility for monitoring campaign progress and collaborating with developers on fixing alerts.
* We’ve added a new contact link field in the security campaigns user interface to facilitate better communication between security teams and developers during campaigns.
* Email notifications are now consolidated when security campaigns are created or closed. Developers watching multiple repositories included in the same campaign will receive a single email including details of all relevant repositories rather than one email per repository.
Security campaigns are available for users of GitHub Advanced Security on GitHub Enterprise Cloud. For more information about security campaigns, see About security campaigns in the GitHub documentation.
GitHub Actions is excited to announce new enhancements to our suite of larger hosted runners.
Edit the size of a runner
Starting today, you can edit the size of your larger hosted runners. For customers using static IPs, you can size up or down while keeping your IP addresses the same. To edit your runners, follow the steps outlined in our documentation.
Windows Server 2025 4vCPU runner
We now offer Windows Server on a 4vCPU machine using the Windows 2025 image. The Windows Server 2025 image is still in public preview and subject to change. For more information on the Windows Server 2025, visit our runner-images repository. To set up a 4vCPU runner, follow the guide in our documentation.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
The latest trending AI model DeepSeek-R1 is now available in GitHub Models.
DeepSeek-R1 is a 671B parameter AI model designed to enhance deep learning, natural language processing, and computer vision capabilities. It offers a wide range of possibilities, provides quick insights, and allows users to explore the potential of AI in various applications.
GitHub Models makes it easy for every developer to build AI features and products on GitHub.
Today, Actions larger runner REST APIs are now generally available. These new APIs empower you to programmatically create larger runners, assign them to a runner group, configure network settings for Azure private networking, and apply these configurations to specific runner groups.
With this release, you can now create and manage runners at scale without using the GitHub interface, saving time and reducing manual effort. Additionally, the APIs offer flexibility to apply network configurations to specific runner groups for Azure private networking, ensuring the desired configurations are available to your development teams.
With this preview, GitHub Enterprise Cloud accounts with Enterprise Managed Users (EMU) can decide to allow EMU enterprise traffic to github.com only via their existing corporate proxies. Unapproved traffic would be blocked.
With enterprise access restrictions via corporate proxies, you can now configure your network proxy or firewall to inject a header into your users’ web and API requests to github.com. This signal tells GitHub to block the request if it is from a user outside of your EMU enterprise – helping ensure that only the accounts you control are used on your corporate network. This enables highly regulated EMU customers to define a secure network strategy in order to reduce the risk of intentional or accidental data leaks by allowing access only to a strictly governed EMU enterprise.
This new network restriction covers API and UI access to github.com and will work in tandem with access rules that enable Copilot traffic to flow properly for enterprise managed users. Copilot access is managed using a different network policy that helps control which version of Copilot (Enterprise, Business, or Individual) is allowed on your network. See Configuring your proxy server or firewall for Copilot for detailed guidance on that GA feature.
This feature is currently available by request to EMU enterprises with licensed users. To request access, contact your account manager in GitHub’s Sales team or sign up here.
If you’re currently trialing EMU or are early in adopting an existing EMU environment, we recommend exploring GitHub Enterprise Cloud with data residency which offers a unique subdomain of GHE.com, so the proxy header is not required to differentiate traffic to your enterprise’s resources. This is the optimal solution for customers who have data residency needs in addition to applying network controls on public github.com access.
You can now access a new prompt editor within GitHub Models, purpose-built to help you iterate, refine, and perfect your prompts. This powerful tool is designed to provide a focused and intuitive experience for crafting and testing your inputs, enabling you to optimize prompts for maximum performance and relevance in your projects. Whether you’re fine-tuning for precision or experimenting with different approaches, this editor empowers you to unlock the full potential of the models with ease and efficiency.
This addition empowers you to:
– Quickly test and refine prompts without the complexity of multi-turn interactions.
– Utilize a dedicated space for single-turn message scenarios to ensure consistent results.
Repository administrators and organization owners with a Copilot Business or Copilot Enterprise license can use content exclusions to configure Copilot in GitHub.com to ignore certain files. For example, ignore files called “secrets.json”, ignore files with the “*.cfg” extension, or ignore all files in the “/scripts/**” directory. Content exclusions can be applied through Settings > Copilot > Content exclusion.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
GitHub will deprecate the Docker registry for GitHub Packages on Feb 24th, 2024 in favor of the GitHub Container Registry, which supports Docker packages. All packages in the Docker registry will be deleted and cannot be fetched past the deprecation date.
When GitHub Container Registry (GHCR) became generally available in 2021, we automatically migrated packages in the Docker registry over, with the exception of packages that encountered namespace conflicts due to the same package name in both registries. To see if you are impacted, use our API endpoint to check for any affected packages that will need to migrate from the legacy Docker registry to GHCR.
If you are not in the small group with conflicting packages, no action is needed, as all requests will automatically forward to GHCR.
With this update, developers can review edited files and open a pull request from an existing branch anytime, anywhere, making your workflow smoother when moving between desktop and mobile.
Simply tap the + button on the repository or pull request view, select a branch, review the code and create a pull request if everything looks good. You can then continue testing or making adjustments on the desktop, making the development process more flexible and efficient.
GitHub Models makes it easy for every developer to build AI features and products directly on GitHub. Try and compare models for free in the playground, or integrate all 40+ models into your app with just one API key.
In order to improve navigation thorugh our growing catalog of models, you can now sort models by:
Alphabetical
Recently added
Output token limit (maximum text generated by the model)
Input token limit (maximum text length model can process)
Copilot chat on GitHub.com just leveled up! It now supports repository-specific custom instructions, giving you a more tailored and personalized chat experience. This means you can provide Copilot with important details about your development stack, coding standards, or even how you prefer to chat. 🎉
Now, you can use repository-specific custom instructions when chatting with Copilot in Visual Studio, VS Code and on GitHub.com
🚀Getting Started
Create a .github/copilot-instructions.md file in your repository (if .github doesn’t exist yet, go ahead and create it).
Add your custom instructions to the file.
That’s it! Copilot chat will automatically apply these instructions whenever you’re chatting about that repository.
💡Looking for ideas? Here are some examples to kick things off:
JavaScript: “Omit semicolons in code examples.”
Python: “We use Poetry for dependencies, not pip. Share instructions using Poetry.”
General style preference: “Use arrow functions instead of traditional function expressions.”
Start customizing and make Copilot chat feel like an extension of your team! 🛠
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
GitHub Code Scanning powered by CodeQL now supports dependency caching for Java, Go, and C# projects. This feature ensures that scans can deliver meaningful results even if registries are temporarily unavailable, while also reducing overall scanning time after the cache is established.
Dependency Caching Availability:
Default Setup: For repositories using GitHub-hosted runners, dependency caching is automatically enabled for both public and private repositories during scans.
Advanced Setup: Users with custom configurations can manually enable dependency caching as needed.
As of January 20th, 2025, Dependabot no longer supports npm version 6, which has reached its end-of-life. If you continue to use npm version 6, Dependabot will be unable to create pull requests to update dependencies. If this affects you, we recommend updating to a supported release of npm. As of December 2024, npm 11 is the newest supported release.
Starting Tuesday, February 18th, 2025, we will be updating our retention policy so that the last_activity_at field will only be actively stored by GitHub for 90 days. Previously, this contents of this field were retained indefinitely.
What’s Changing
Old Policy: Unlimited retention of the last_activity_at value.
New Policy: A rolling 90-day retention period. If your data’s last_activity_at exceeds 90 days, its value will be set to nil.
Expected Impact
The vast majority of our users will see little or no impact because the last_activity_at field should always display the most recent activity date.
Only users with no new activity within a 90-day window will have their last_activity_at value replaced by nil. In practice this means that on the changeover date, users whose last activity with Copilot took place prior to 11/20/2024 will have the value for their last_activity_at replaced on a rolling-forward basis.
Detail
Clarifying the behavior of last_activity_at in the context of the current changes:
Assigning a Seat: When you assign a seat to a user, the last_activity value for that seat will be nil until the user interacts with it for the first time. This is true even if the user had previous activity from a different seat assignment in another organization.
Removing a Seat: When you remove a seat from a user, the last_activity data for that user is set to nil in the revoking org. Their data is unaffected for other admins who have granted that user a seat in other orgs, when pulled for those orgs.
Reassigning a User to Seat: If you remove a seat from a user and later assign a new seat to the same user, the last_activity value for the new seat will again be nil until the user’s next interaction, regardless of whether the seat was previously assigned to them.
Deleting a User: If you delete a user, all associated last_activity data for that user is immediately deleted.
Determining Dormancy: When retrieving activity data for a seat, you can use the created_at and last_activity values to determine dormancy. For example, if created_at is more than 30 days ago and last_activity is either more than 30 days ago or nil, the seat may considered dormant.
Activity Data for Assigned Seats: When retrieving last_activity data for assigned seats, you will receive a nil value if the assignee’s most recent activity record is older than 90 days.
Note: Behavior of the data will remain consistent with the Activity Report, available in Admin UI.
Why We’re Making This Change
Our external data surfaces must be quality first. Retaining data of this volume for multi-year retention periods increases storage and backup overhead significantly, as well as the cost and complexity of quality checks. A time-bound retention policy allows us to maintain efficiency while still offering relevant, up-to-date information. This will allow us to further improve the resilience of the data that is returned by the endpoint, while limiting the impact only to very old records.
Next Steps
You don’t need to take any action if you rely on the last_activity_at field for current activity records.
However, if for any reason you have workflows or reports that depend on usage dates for active seats that have been dormant for 90 or more days, please be aware that these values will become nil for records older than 90 days, for dates on or before November 20th, 2024, as of Tuesday, February 18th, 2025. While exceptionally rare, we encourage you to store API responses for cases where this will become problematic.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
A setup user is responsible for configuring an identity provider for any new Enterprise Managed User (EMU) enterprise account. After your first login to this user account, we strongly recommend you setup 2FA in addition to saving your enterprise recovery codes.
All subsequent login attempts for the setup user account will require a successful 2FA challenge response or the use of an enterprise recovery code to complete authentication. If you do not at least save your enterprise recovery codes, you will be locked out of the account.
GitHub Marketplace will be deprecating the “Featured Customers” section from app listing pages. This change will not cause any breaking changes. Here’s what publishers need to know:
Timeline:
January 27, 2025: Featured Customers sections will no longer be visible on public Marketplace listings
March 3, 2025: The Featured Customers section in publisher dashboards will be completely removed
Publishers can continue showcasing customer success stories directly in their app listing descriptions. However, GitHub will not review or approve customer lists provided in listing descriptions. Publishers are responsible for:
Obtaining explicit permission from customers before featuring them
Ensuring all customer usage claims are accurate and truthful
If a customer reports that they are falsely listed as a user of an app/extension, GitHub may review the authenticity of these claims. Listings found to be making false claims about customer usage will be notified, and may be removed from GitHub Marketplace.
Publishers with existing Featured Customers sections should save this information from the publisher settings before March 3rd if they wish to migrate it to their listing description.
This change helps streamline the Marketplace experience and aligns with our ongoing improvements to listing pages.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
This week’s Copilot Workspace updates are focused on improvements to navigation and file management. As ever, drop your feedback into this discussion.
Simpler file tree navigation
When folders don’t have any direct file children but only have other folders as children, we now combine those into one folder to reduce the amount of nesting in the file tree.
In addition, when you open the file tree and have generated files, we now show Changed files as the default viewing mode.
Delete a file from the actions menu
By clicking on the ellipses in a file, you’re now able to delete a file directly from the actions menu of Copilot Workspace.
Opening files now opens them in an ephemeral tab
When you click a file in the tree, a new ephemeral tab is opened. When you double-click a file in the tree, it opens as a new regular tab. This aligns with the experience of most other IDEs and keeps your open tab list to just the ones you need.
Forwarded ports are easier to access
Now, when a command action uses port forwarding, a globe icon is added next to the command row, allowing you to view a live preview of the running port.
Improved screen layout in pull requests for smaller devices
Now, when working on smaller screens, the commit panel and suggestions pane will close as necessary, to better fit within your screen.
We want to hear from you
Please drop any and all feedback in our GitHub Discussion. We appreciate any and all feedback you have!
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
On March 31, 2025, GitHub Copilot Extensions will require an updated header format for agent requests. Both updated and previous versions of the request headers will be supported until then. These headers denote requests that come from GitHub and enable your extension to communicate with GitHub.
Previous headers, to be deprecated on March 31, 2025:
– Github-Public-Key-Identifier
– Github-Public-Key-Signature
Please update your relevant checks to the correct headers by March 31, 2025 for a consistent experience and to avoid breaking changes. To learn more, visit this page.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
