Delegated alert dismissal allows you to require a review process before Dependabot alerts are closed. This feature is available to GitHub Code Security customers and can be used in both the UI and API.

This helps you better manage security risk, as well as meet audit and compliance requirements. Delegated alert dismissal brings the same governance controls available for code scanning and Secret Scanning to Dependabot alerts.

This feature helps organizations:

• Increase accountability across development teams when addressing vulnerability alerts.
• Prevent insecure activity such as accidental or unauthorized dismissals.
• Manage alerts at scale by making alert activity easier to govern and audit.

Delegated alert dismissal for Dependabot is available for code security customers now on github.com and in GitHub Enterprise Server 3.21.

To learn more about Dependabot alert dismissal requests, see our documentation about code security.

The post You can now require reviews before closing Dependabot alerts with delegated alert dismissal appeared first on The GitHub Blog.

Copilot memory is now available in public preview for GitHub Copilot Pro and Pro+ users, with support in Copilot coding agent and Copilot code review.

Copilot memory

Copilot memory enables agents to learn from your codebase. Over time, Copilot builds a repository-specific memory by capturing key insights about your codebase and using them to improve how agents assist you. This shared context helps Copilot perform better across coding and code review workflows.

Get started today

Copilot Pro and Pro+ users can enable Copilot memory by navigating to Settings > Copilot and turning on Copilot memory.

Share your feedback

We’re continuing to evolve Copilot memory and plan to bring it to more plans in the future. To share feedback or join the discussion, visit the GitHub Community.

The post Copilot memory early access for Pro and Pro+ appeared first on The GitHub Blog.

CodeQL is the static analysis engine behind GitHub’s Code Scanning and Code Quality products, which find and remediate issues relating to code quality and security. We’ve recently released CodeQL 2.23.7 and 2.23.8. These releases bring new security queries for Go and Rust, improved overall analysis accuracy, and framework updates across several languages.

Query changes

Go

• Added a new query, go/cookie-secure-not-set, to detect cookies without the Secure flag set, potentially leading to sensitive information exposure.
• Added a new query, go/weak-crypto-algorithm, to detect the use of broken or weak cryptographic algorithms.
• Added a new query, go/weak-sensitive-data-hashing, to detect the use of broken or weak cryptographic hash algorithms on sensitive data.
• The go/cookie-http-only-not-set query has been promoted from the experimental query pack, to identify cookies that do not use the HttpOnly flag, potentially leading to cross-site scripting vulnerabilities. This query was originally contributed by GitHub user @edvraa.

Rust

• Added a new query, rust/xss, to detect cross-site scripting security vulnerabilities.
• Added a new query, rust/disabled-certificate-check, to detect disabled TLS certificate checks.
• Added three example queries (rust/examples/empty-if, rust/examples/simple-sql-injection, and rust/examples/simple-constant-password) to help you learn to write CodeQL queries for Rust.

Language and framework support

Java/Kotlin

• Java analysis no longer forces --source and --target compiler flags for Maven builds. Maven will now use the project’s own compiler configuration, improving build compatibility.
• Operations that extract only a fixed-length prefix or suffix of a string (like substring in Java or take in Kotlin), when limited to 7 characters or fewer, will now be treated as sanitizers for the java/sensitive-log query, given the contents of the log message will be truncated.

JavaScript/TypeScript

• Fixed a bug in the Next.js model that caused the analysis to miss server-side taint sources in the app/pages folder.

Rust

• The rust/access-invalid-pointer query has been improved with new flow sources and barriers.

C#

• Compilation errors are now included in the debug log when using buildless analysis (which is used by default).
• Added a new extractor option to specify a custom directory for dependency downloads in buildless mode. Use -O buildless_dependency_dir=<path> to configure the target directory.

Python

• Fixed a bug in the Python extractor’s import handling where failing to find an import in find_module would cause a KeyError to be raised. This is a contribution from GitHub user @akoeplinger to the open-source CodeQL repository.

For a full list of changes, refer to the complete changelogs for versions 2.23.7 and 2.23.8. Every new version of CodeQL is automatically deployed to users of GitHub Code Scanning and GitHub Code Quality on GitHub.com. The features and fixes introduced in these releases will be included in GitHub Enterprise Server (GHES) version 3.20. If you use an older version of GHES, you can manually upgrade your CodeQL version.

The post CodeQL 2.23.7 and 2.23.8 add security queries for Go and Rust appeared first on The GitHub Blog.

When you assign an issue to Copilot, you’ll now automatically be added as an assignee yourself. This makes it easier to track your work using filters like assignee:@me and understand who is working on an issue.

Share your feedback

Join the community discussion to share your feedback or learn more in our documentation on assigning issues to Copilot.

The post Assigning GitHub Copilot to an issue now adds you as an assignee appeared first on The GitHub Blog.

More GitHub Enterprise customers can now start a self-serve GitHub Advanced Security trial to evaluate GitHub Code Security and GitHub Secret Protection. Enterprises that have previously completed a GitHub Advanced Security trial and did not purchase Advanced Security are now eligible for another trial after 180 days.

To set up a GitHub Advanced Security trial, visit the Enterprise “Billing and licensing” page. Visit our docs to learn more about self-serve GitHub Advanced Security trials.

The post GitHub Advanced Security trials now available for more GitHub Enterprise customers appeared first on The GitHub Blog.

You can now create Agent Skills to teach Copilot how to perform specialized tasks in a specific, repeatable way.

Agent Skills are folders containing instructions, scripts, and resources that Copilot automatically loads when relevant to your prompt.

They work across Copilot coding agent, Copilot CLI, and agent mode in Visual Studio Code Insiders. Skills support is coming to the stable version of VS Code in early January.

When Copilot determines a skill is relevant to your task, it loads the instructions and follows them—including any resources you’ve included in the skill directory.

You can write your own skills, or use skills shared by others, such as those in the anthropics/skills repository or GitHub’s community created github/awesome-copilot collection.

If you’ve already set up skills for Claude Code in the .claude/skills directory in your repository, Copilot will pick them up automatically.

📚 Learn more about Agent Skills
Join the discussion within GitHub Community.

The post GitHub Copilot now supports Agent Skills appeared first on The GitHub Blog.

Claude Opus 4.5 is generally available to Copilot Enterprise, Copilot Business, Copilot Pro, and Copilot Pro+.

You’ll now be able to access the model in GitHub Copilot Chat on github.com, GitHub Mobile, Visual Studio Code, Visual Studio, JetBrains IDEs, Xcode, and Eclipse through the chat model picker (agent, ask, and edit modes). If you do not yet have access, please check again later.

Enabling access

Copilot Business and Copilot Enterprise administrators must opt in by enabling the new Claude Opus 4.5 policy in Copilot settings. Once enabled, users in that organization will see the model in the model picker across all supported IDEs.

For individual plans, enable the model by selecting it in the model picker in any supported IDE and confirming the one-time prompt.

Share your feedback

To learn more about the models available in Copilot, see our documentation on models and get started with Copilot today.

Join the GitHub Community to share your feedback.

The post Claude Opus 4.5 is now generally available in GitHub Copilot appeared first on The GitHub Blog.

GitHub Enterprise Cloud with data residency in Japan is now generally available, allowing GitHub Enterprise Cloud customers greater flexibility in choosing where their code and repository data are stored. This ensures enterprise customers have a single, global DevOps platform for their teams, while providing the ability to maintain their code close to home.

With this release, teams can enhance productivity and collaboration while gaining more control over their code to meet their data residency preferences. This will help customers in Japan or with specific requirements in the region meet their compliance, regulatory, or data residency needs.

What is GitHub Enterprise Cloud with data residency?

GitHub Enterprise Cloud is a multi-tenant, enterprise SaaS deployment option of GitHub Enterprise powered by Microsoft Azure. It provides a single, end-to-end DevOps platform with a suite of tools and features that integrate with the GitHub ecosystem, allowing organizations to build, secure, and ship software at scale.

With the introduction of data residency in Japan, customers now have the flexibility to choose where their code is stored. GitHub Enterprise Cloud with data residency is powered by Microsoft Azure’s globally distributed data center infrastructure, providing high availability, security, and performance wherever your teams are located.

Who is this available for?

GitHub Enterprise Cloud with data residency in Japan is available for customers who need their code and repository data to reside in that region. Support for additional regions is currently being planned and will be announced in future changelog updates.

How can you access GitHub Enterprise Cloud with data residency in Japan?

Get started today by contacting our sales team, or by signing up for a free 30-day trial of GitHub Enterprise Cloud with data residency. You can also learn more by visiting our Docs and exploring GitHub Enterprise Cloud deployment options.

The post GitHub Enterprise Cloud data residency in Japan is generally available appeared first on The GitHub Blog.

You can now manage GitHub Teams from a dedicated page in Settings, instead of the left-hand navigation menu. This change streamlines the navigation and makes other important features easier to find.

What’s new

• “Teams” is no longer in the left-hand navigation menu.
• All team management has moved to a new “Settings → Teams” page.
• You’ll see a dismissible banner letting you know where to find Teams the next time you look for it.

How to provide feedback

We want to know what you think. Join the community discussion to share your thoughts or ask questions!

The post Teams management now moved to Settings appeared first on The GitHub Blog.

GitHub Enterprise Cloud with data residency now supports Copilot code review preview features, providing you an opportunity to try the latest agentic code review capabilities in your pull requests.

These agentic capabilities launched into public preview at GitHub Universe, and grant users the following:

• Access to rich agentic tool calling to actively gather full project context, including code, directory structure, and references.
• The ability to add and configure deterministic tools like CodeQL, ESLint, and more to run with Copilot code review.
• Easy hand-offs to Copilot coding agent from within reviews left by Copilot to quickly resolve issues found by Copilot code review and seamlessly resolve conflicts between the feedback.
• Visibility into Copilot code review agent’s session via Copilot agent’s mission control.

Learn more about each of these features and how to enable them in our Copilot documentation.

Join the discussion within GitHub Community.

The post Copilot code review preview features now supported in GitHub Enterprise Cloud with data residency appeared first on The GitHub Blog.