Code review is one of the most critical parts of software development, but manual code reviews can be time-consuming. Copilot code review helps you offload basic reviews to a Copilot agent that finds bugs, potential performance problems, and even suggests fixes. This means you can start iterating on your code while waiting for a human review, helping you keep your code repositories more maintainable and focused on quality.
In just over a month since we launched the public preview, over 1 million developers have already used Copilot code review, and the response has been incredible.
Check it out in action, in both Visual Studio Code and GitHub:
To request a code review from Copilot, you can set up automatic reviews in a repo through repository rules. Or, you could ask Copilot to review a pull request on demand.
Copilot code review is available to all paid Copilot subscribers. Organizations and enterprises can enable it through the Copilot in github.com policy.
What’s next
We’re continuously improving Copilot code review. Today we’ve added support for C, C++, Kotlin, and Swift in public preview and we’ll add support for HTML and txt early next week.
Today, we’re introducing GitHub Copilot Pro+, a new individual tier for developers who want to take their coding experience to the next level.
Enjoy all the features you love from GitHub Copilot Pro along with exclusive access to the latest models (GPT-4.5 is available today), priority access to previews, and 1500 premium requests per month when they go live on May 5th. This is in addition to the unlimited requests for agent mode, context-driven chat, and code completions that all paid plans have when using our base model.
Anthropic Claude 3.7 Sonnet, Claude 3.5 Sonnet, OpenAI o3-mini, and Google Gemini Flash 2.0 are now generally available in GitHub Copilot. With this change, these models are promoted from preview release terms to generally available release terms. This extends indemnification for IP infringement to code generated using these models in Copilot Chat and agent mode.
Claude 3.7 Sonnet, Anthropic’s most advanced model to date, excels in development tasks that require structured reasoning across large or complex codebases.
Claude 3.5 Sonnet remains a good choice for everyday coding support.
OpenAI o3-mini is a fast, cost-effective reasoning model designed to deliver coding performance while maintaining lower latency and resource usage.
Gemini 2.0 Flash is Google’s model optimized for fast responses and multimodal interactions.
Today we’re releasing a new open source, official, local GitHub MCP Server. We’ve worked with Anthropic to rewrite their reference server in Go and improve its usability. The new server contains 100% of the old server’s functionality plus the ability to customize tool descriptions, support for code scanning and a new get_me function that improves the natural language user experience when asking the LLM things like: “Show me my private repos.”
To get started, visit the repository and learn how to set up the GitHub MCP Server, which is now supported natively in VS Code.
Model Context Protocol (MCP) is an AI tool calling standard that has been rapidly gaining adoption over the past few months. MCP tools give LLMs a standardized way to call functions, look up data, and interact with the world. Anthropic created the protocol and built the first GitHub MCP server, which grew to be one of the most popular MCP servers in the expanding ecosystem. We are excited to take ownership of the server and continue its development.
The latest updates to GitHub Copilot in the March 2025 release of Visual Studio Code (v1.99) include upgrades to agent mode, such as the addition of MCP support, enabling the use of models through API keys, and more. Read on for more release highlights.
Agent mode is now available in VS Code stable
Rolls out to users starting today and continuing through the coming weeks. Make sure you’re on the latest VS Code version. Can’t wait? Update to the latest of version of VS Code and manually enable agent mode.
GitHub’s dependency graph now supports a wider range of package ecosystems, including transitive path information and the registered name of the ecosystem. This change increases the accuracy and usefulness of GitHub’s dependency insights, SBOMs, and API results.
The Package URL project provides a registry of software package ecosystems, with a standardized format for package type, namespace, version, and human-readable identifiers. With this release, graphs posted to the dependency submission API that include purl identifiers will now:
Correctly preserve transitive and direct relationships, if they were submitted.
Show the package ecosystem name in the Dependency Graph insights page.
Include the submitted package url in the GraphQL DependencyGraphDependency object, in the field packageUrl.
For searching and filtering, note that the top-level ecosystem type for all purl-identified packages is now other. These packages used to have the unknown type.
To begin using this feature, add a dependency submission action for a purl-supported package ecosystem you’re using in your repository. Then navigate to the repository’s Insights tab and select Dependency graph.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
VMware ESXi 8.0 hypervisor support is now available for GitHub Enterprise Server (GHES) 3.16.0, 3.15.4, 3.14.9, 3.13.12, and later. Until now, GHES was supported on ESXi versions 5.5 to 7.0. However, ESXi 7.0 is reaching the end of general support by October 2025.
If your GHES installation is on VMware ESXi 7.x or an earlier version, you can now use the ESXi 8.0 hypervisor. For more information about installing GHES on VMware, see install on VMware.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
You can now choose to show the list of status checks as a single flat list or grouped by status. Click the settings gear and choose either “Group by status” (the default) or “No grouping“.
Recent fixes
Some of the noteworthy fixes that have landed in the last few weeks:
The time since a status check started (e.g. Started 2s ago) now updates consistently.
The Draft section was previously hidden for users without write access, making it difficult to know that the pull request was not ready for review.
A tooltip was previously not appearing when hovering over a truncated status check’s name, making it difficult to differentiate status checks with similar, long names.
Various fixes related to updating the pull request branch by rebasing.
Various improvements to performance, especially when there were a significant number of status checks.
Get help
To ask questions or provide feedback, join the discussion within GitHub Community.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
You’ll now see an updated Issues dashboard page at github.com/issues, allowing you to easily find and create issues across repositories and organizations. This page can be accessed through the global navigation menu under Issues.
These improvements include:
A new filter bar with autocomplete and syntax highlighting to make building searches fast and easy.
The ability to perform advanced searches using AND and OR keywords as well as nested searches. For example, (org:github AND type:bug) OR (org:dizzbot AND has:sub-issue) allows you to find issues across multiple organizations. Note that a space between filter fields acts as an AND search.
The ability to create issues directly from this page by selecting New issue and choosing a repository.
A new Recent activity view in addition to the Created by me, Assigned to me, and Mentioned views. This view finds relevant issues that involve you.
The immersive mode of Copilot Chat on GitHub now supports image upload and analysis when using 4o, adding powerful multimodal capabilities to your development workflow. This feature was previously exclusively available on VS Code and Visual Studio.
✨ What’s new?
🔗 Image upload & analysis: Upload, paste, or drag images directly into Copilot conversations.
🧠 Visual context understanding: Ask questions about code screenshots, UI designs, system diagrams, and more.
With so much of the software development lifecycle happening through images, diagrams, and other visual artifacts, we hope this release brings you closer to communicating and collaborating with Copilot in ways that mirror how you naturally think and work.
💬 Let us know what you think using the in-product feedback option or pop into the GitHub Community at any time.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
Codespaces will be undergoing maintenance in all regions starting from 17:00 UTC on Wednesday, April 2 to 17:00 UTC on Thursday, April 3. Maintenance will begin in Southeast Asia, Central India, Australia Central, and Australia East regions. Once it is complete, maintenance will start in UK South and West Europe, followed by East US, East US2, West US2, and West US3. Each batch of regions will take approximately three to four hours to complete.
During this time period, users may experience connectivity issues with new and existing Codespaces.
If you have uncommitted changes you may need during the maintenance window, you should verify they are committed and pushed before maintenance starts. Codespaces with any uncommitted changes will be accessible as usual once maintenance is complete.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
Copilot Chat on GitHub Mobile now supports the OpenAI o3-mini, Anthropic Claude 3.5 Sonnet, and Google Gemini 2.0 models for free users. Copilot Pro subscribers also have access to the OpenAI o1 model. You can use the model picker in Copilot Chat to choose your favorite models, giving you a customized experience and helping you optimize your workflow wherever you are.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
At GitHub, we believe that investing in the security of your codebases should be straightforward, affordable, and scalable. Today, we’re rolling out standalone GitHub Advanced Security products for GitHub Enterprise customers. This aligns with our ongoing mission to help organizations of all sizes secure their code with the flexibility they seek.
Getting started as an existing GitHub Advanced Security customer
Existing GitHub Advanced Security customers with plans subscription-based plans can choose to transition at renewal. Customers with pay-as-you-go, metered-based plans can transition at any time. Please reach out to your GitHub or Microsoft sales account team for details.
Customers on subscription billing can migrate to either a standalone subscription or a standalone metered plan. For pricing details, please contact your account representatives.
How do I right-size enablement for my enterprise?
Customers transitioning before May 2025 can work with their account teams on right-sizing enablement for their enterprise across both Secret Protection and Code Security. All repositories will have both Secret Protection and Code Security enabled at the time of transition, regardless of your contractual plan.
Customers on contractual plans limited to secret scanning features will be able to optionally choose to transition with only Secret Protection enabled (and Code Security disabled) for their enterprise starting in May 2025.
When will the standalone plans be available for Enterprise Server?
Standalone SKUs will be available for Enterprise Server customers starting with GHES 3.17. To use metered billing, GitHub Connect is required.
Getting started as an existing GitHub Advanced Security self-serve customer
For existing self-serve customers, instructions on how to transition to the new GitHub Advanced Security plans will be announced over the next 30 days. You’ll receive an email notification when the new plans are available to your enterprise. Transitioning to the standalone plans will be self-serve and optional.
Getting started for new customers
Starting today, GitHub Enterprise customers without an existing GitHub Advanced Security plan can self-serve purchase both Secret Protection and Code Security. To get started, admins can navigate to Advanced Security under their enterprise, organization, or repository settings. From this page, you can choose to enable and purchase Secret Protection or Code Security features.
You can try the new standalone SKUs before committing. Contact your account team for more details. Alternatively, you can get started with a GitHub Enterprise trial.
Talk to someone from GitHub
In addition, Enterprise customers are welcome to reach out to their existing account team or request a demo from someone at GitHub.
GitHub is committed to empowering the developer community by helping organizations recognize and address the risks of secret leaks. That’s why we’re launching a new free tool which will help provide clear insights into your organization’s exposure, along with actionable steps to strengthen your security and protect your code.
Starting today, you can scan your organization for aggregate insights on public leaks, private exposures, and token types.
What will this dashboard include?
Available in the Security tab, organization and security admins will be able to run a scan to understand how their organization is affected by secret leaks and exposures. Once a scan is initiated, GitHub will look for secret leaks and exposures across your organization, returning a collection of insights including:
The number of secrets leaked per type.
The number of publicly visible secrets in your public repositories.
The number of repositories affected for each secret type.
No specific secrets will be stored or shared.
Once enabled, GitHub will run a point-in-time scan across all public, private, internal, and archived repositories in your organization. Results are static and will not be automatically updated. You’ll also be able to download results as a CSV file.
For organizations ready to adopt a continuous monitoring tool, we recommend enabling secret scanning for detection and incident management of specific secrets. Learn more about GitHub Secret Protection.
Why are we doing this?
GitHub is committed to making a meaningful impact on the developer community by helping organizations recognize their secret leak footprint across their GitHub perimeter. Our goal is to provide clear insights into organizations’ potential secret exposure and a clear path to stronger security.
Who can use this feature?
This feature will be available for free to organizations with a GitHub Team or Enterprise plan. Organization admins and security managers will be able to run the report and review any results. This feature will be available for Enterprise Server starting with GHES 3.18.
Share feedback while the feature is in public preview
This feature is available in public preview and is subject to improvement. Have feedback? Let us know what you think by joining our discussion in GitHub Community — we’re listening.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
At GitHub, we believe that investing in the security of your codebase should be accessible for organizations of all sizes.
Starting today, GitHub Team plan customers can purchase GitHub Secret Protection and GitHub Code Security without upgrading your organization to GitHub Enterprise. This makes it easier to secure your codebase with GitHub Advanced Security products.
GitHub Secret Protection
GitHub Team organizations can purchase GitHub Secret Protection, which detects and prevents secret leaks (e.g. secret scanning, AI-detected passwords, and push protection for secrets).
Secret Protection will be available for $19 per month per active committer, with features including:
Push protection, to prevent secret leaks before they happen.
AI detection with a low rate of false positives, so you can focus on what matters.
Secret scanning alerts with notifications, to help you catch exposures before they become a problem.
Custom patterns for secrets, so you can search for sensitive, organization-specific information.
Security overview, which provides insight into distribution of risk across your organization.
Push protection and alert dismissal enforcement for secrets, which supports governance at enterprise scale.
In addition, we’re launching a new scanning feature to help organizations understand their secret leak footprint across their GitHub perimeter. This feature is free for GitHub Team organizations.
GitHub Code Security
GitHub Team organizations will also be able to purchase Code Security, which detects and fixes vulnerabilities in your code before it reaches production.
Code Security will be available for $30 per month per active committer, with features including:
Copilot Autofix for vulnerabilities in existing code and pull requests to provide developer-first security management.
Security campaigns to address security debt at scale.
Dependabot features for protection against dependency-based vulnerabilities.
Security overview, which provides insight into the distribution of risk across your organization.
Security findings for third-party tools.
Get Started
To get started, admins can navigate to Advanced Security under their organization or repository settings. From this page, you can choose to enable and purchase Secret Protection or Code Security features.
For example, from your organization settings, you can navigate to Security / Advanced Security / Configurations in order to create a new configuration with Secret Protection features enabled. Learn more about enabling GitHub Advanced Security.
In addition, admins can enable Secret Protection features in one click from their organization’s Security tab. Once the secret risk assessment has been run for your organization, you’ll be able to enable Secret Protection in one click from the system banner.
We’re rolling out two exciting new features in the latest GitHub Desktop Beta to make your workflow even smoother:
Multi-domain support: Do you work across multiple GitHub instances? You can now sign into more than one domain so you can focus more on your code and less on sign-in flows.
Filterable changes: Do you find yourself endlessly scrolling through a long list of changed files? Now, you can filter by filename to review your changes faster. This makes it easier to locate and select exactly what you need for your next commit!
Moving forward, we recommend using GitHub Enterprise Importer (GEI) to migrate repositories to GitHub’s cloud-based products. If you are interested in migrating GitLab repositories to GitHub using GEI, please contact our Expert Services team.
The cvss field for GitHub security advisories in the REST and GraphQL APIs will be deprecated in favor of the new cvss_severities field. cvss will be removed from the REST API on April 1, 2025, and removed from the GraphQL API on October 1, 2025.
Starting on April 28th, 2025, GitHub will implement a new limit of 100,000 repositories on the total number of repositories per owner for both user accounts and organizations.
We’re committed to keeping our platform safe and secure while delivering the experiences you expect. By capping repository ownership, we’re preventing slowdowns on administrators as well as ensuring the health of our infrastructure to provide a smooth and secure environment for all users. You can find more about the degraded performance large accounts can face exceeding 100,000 repositories in our documentation about repository limits.
Notification process
When an account surpasses 50,000 repositories, a banner noting the approaching limit will appear. Additionally, administrators will receive email notifications, and the audit log will update every additional 5,000 repositories created.
Temporary exemptions
For accounts at or nearing the 100,000-repository limit, GitHub will provide information on temporary exemptions and offer guidance on reducing repository counts. If you require more than 100,000 repositories, you can distribute ownership across multiple organizations, maintaining seamless operations.
Additional resources
The stale repos action that was launched in 2023 is designed to help organizations identify and report on repositories with no activity.
For further details and guidance on navigating these changes, please visit our documentation.
The GPT-4o Copilot model released in preview last month and updated this month now provides code completions for all Copilot users. This model delivers higher quality suggestions and improved latency.
Getting ready
No additional action is required if you’re on the latest version of the GitHub Copilot extension for VS Code, Visual Studio, or JetBrains. If you’re on an older version of the GitHub Copilot extension, the model will roll out to you in the coming days. Updating your extension will ensure quicker access.
Retirement of GPT-3.5 Turbo based model
Over the coming days, your code completion experience will switch to GPT-4o Copilot. The GPT-3.5 Turbo based copilot-codex model, which was the previous model, will no longer be available.
Your feedback
Thank you to the tens of thousands of developers who used this new model in preview. Please continue to share your feedback directly and in the GitHub Community!
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
