Congratulations!

[Valid RSS] This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

Source: https://github.blog/feed/

  1. <?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
  2. xmlns:content="http://purl.org/rss/1.0/modules/content/"
  3. xmlns:wfw="http://wellformedweb.org/CommentAPI/"
  4. xmlns:dc="http://purl.org/dc/elements/1.1/"
  5. xmlns:atom="http://www.w3.org/2005/Atom"
  6. xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
  7. xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
  9. xmlns:georss="http://www.georss.org/georss"
  10. xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#"
  11. >
  12.  
  13. <channel>
  14. <title>The GitHub Blog</title>
  15. <atom:link href="https://github.blog/feed/" rel="self" type="application/rss+xml" />
  16. <link>https://github.blog/</link>
  17. <description>Updates, ideas, and inspiration from GitHub to help developers build and design software.</description>
  18. <lastBuildDate>Tue, 21 May 2024 15:27:46 +0000</lastBuildDate>
  19. <language>en-US</language>
  20. <sy:updatePeriod>
  21. hourly </sy:updatePeriod>
  22. <sy:updateFrequency>
  23. 1 </sy:updateFrequency>
  24. <generator>https://wordpress.org/?v=6.5.3</generator>
  25.  
  26. <image>
  27. <url>https://github.blog/wp-content/uploads/2019/01/cropped-github-favicon-512.png?fit=32%2C32</url>
  28. <title>The GitHub Blog</title>
  29. <link>https://github.blog/</link>
  30. <width>32</width>
  31. <height>32</height>
  32. </image>
  33. <site xmlns="com-wordpress:feed-additions:1">153214340</site> <item>
  34. <title>Introducing GitHub Copilot Extensions: Unlocking unlimited possibilities with our ecosystem of partners</title>
  35. <link>https://github.blog/2024-05-21-introducing-github-copilot-extensions/</link>
  37. <dc:creator><![CDATA[Mario Rodriguez]]></dc:creator>
  38. <pubDate>Tue, 21 May 2024 15:27:46 +0000</pubDate>
  39. <category><![CDATA[Product]]></category>
  40. <category><![CDATA[AI]]></category>
  41. <category><![CDATA[developer experience]]></category>
  42. <category><![CDATA[GitHub Copilot]]></category>
  43. <category><![CDATA[GitHub Copilot Extensions]]></category>
  44. <guid isPermaLink="false">https://github.blog/?p=78012</guid>
  45.  
  46. <description><![CDATA[<p>The world of Copilot is getting bigger, improving the developer experience by keeping developers in the flow longer and allowing them to do more in natural language.</p>
  47. <p>The post <a href="https://github.blog/2024-05-21-introducing-github-copilot-extensions/">Introducing GitHub Copilot Extensions: Unlocking unlimited possibilities with our ecosystem of partners</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  48. ]]></description>
  49. <content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
  50. <html><body><p>Today, we&rsquo;re introducing GitHub Copilot Extensions to bring the world&rsquo;s knowledge into the most widely adopted AI developer tool. Through a growing partner ecosystem, Copilot Extensions enables developers to  build and deploy to the cloud in their natural language with their preferred tools and services, all without leaving the IDE or GitHub.com. With Copilot and now Copilot Extensions, developers can stay in the flow longer, uplevel their skills, and innovate faster.</p>
  51. <p><img fetchpriority="high" decoding="async" src="https://github.blog/wp-content/uploads/2024/05/Marketplace-App-Tiles@2x.png?resize=1024%2C597" alt="Sixteen GitHub Copilot Extensions from GitHub Copilot partners laid out as grid of tiles" width="1024" height="597" class="alignnone size-full wp-image-78102 width-fit" srcset="https://github.blog/wp-content/uploads/2024/05/Marketplace-App-Tiles@2x.png?resize=1024%2C597?w=2400 2400w, https://github.blog/wp-content/uploads/2024/05/Marketplace-App-Tiles@2x.png?resize=1024%2C597?w=300 300w, https://github.blog/wp-content/uploads/2024/05/Marketplace-App-Tiles@2x.png?resize=1024%2C597?w=768 768w, https://github.blog/wp-content/uploads/2024/05/Marketplace-App-Tiles@2x.png?resize=1024%2C597?w=1024 1024w, https://github.blog/wp-content/uploads/2024/05/Marketplace-App-Tiles@2x.png?resize=1024%2C597?w=1536 1536w, https://github.blog/wp-content/uploads/2024/05/Marketplace-App-Tiles@2x.png?resize=1024%2C597?w=2048 2048w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  52. <p>We&rsquo;re starting with GitHub Copilot Extensions from <strong>DataStax, Docker, LambdaTest, LaunchDarkly, McKinsey &amp; Company, Microsoft Azure and Teams, MongoDB, Octopus Deploy, Pangea, Pinecone, Product Science, ReadMe, Sentry, and Stripe</strong>. Extensions are supported in GitHub Copilot Chat on GitHub.com, Visual Studio, as well as VS Code.</p>
  53. <p>While the GitHub Marketplace will offer extensions that are open to all, organizations can also create private Copilot Extensions for their homegrown developer tooling, making the capabilities from an internal library of APIs or the knowledge from a custom monitoring system only a conversation away.</p>
  54. <h2 id="how-it-works-github-copilot-extensions-in-action" id="how-it-works-github-copilot-extensions-in-action" >How it works: GitHub Copilot Extensions in action<a href="#how-it-works-github-copilot-extensions-in-action" class="heading-link pl-2 text-italic text-bold" aria-label="How it works: GitHub Copilot Extensions in action"></a></h2>
  55. <p>Imagine you&rsquo;re a developer who just got paged on an incident for a database-related error. You&rsquo;re trying to get context of the issue from a variety of tools. It could be from a GitHub issue or audit logs in DataStax. With enough context, you start troubleshooting what could be the cause, going to tools like Sentry for error monitoring to learn more. Then, you have to figure out a solution, apply the fix, and then deploy with Azure. In this scenario, there is a lot of context-switching.</p>
  56. <p>Copilot Extensions bring this whole process together. From GitHub Copilot Chat, you can now easily invoke all of these tools to get context, perform actions, and generate files and pull requests&mdash;accelerating workflows across more tools.</p>
  57. <p><img decoding="async" src="https://github.blog/wp-content/uploads/2024/05/Extensibility-Product-UI-docker.png?resize=1024%2C601" alt="UI of GitHub Copilot Chat showing different GitHub Copilot Extensions that can be used" width="1024" height="601" class="alignnone size-full wp-image-78088 width-fit" srcset="https://github.blog/wp-content/uploads/2024/05/Extensibility-Product-UI-docker.png?resize=1024%2C601?w=2400 2400w, https://github.blog/wp-content/uploads/2024/05/Extensibility-Product-UI-docker.png?resize=1024%2C601?w=300 300w, https://github.blog/wp-content/uploads/2024/05/Extensibility-Product-UI-docker.png?resize=1024%2C601?w=768 768w, https://github.blog/wp-content/uploads/2024/05/Extensibility-Product-UI-docker.png?resize=1024%2C601?w=1024 1024w, https://github.blog/wp-content/uploads/2024/05/Extensibility-Product-UI-docker.png?resize=1024%2C601?w=1536 1536w, https://github.blog/wp-content/uploads/2024/05/Extensibility-Product-UI-docker.png?resize=1024%2C601?w=2048 2048w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  58. <p>&ldquo;The LaunchDarkly extension for GitHub Copilot integrates directly where teams are already building software. With it, developers can access documentation and best practices, right alongside their code. Minimize context switching, maintain flow state, and accelerate software delivery&mdash;all from one place,&rdquo; said Cody De Arkland, Product Incubation, LaunchDarkly.</p>
  59. <p>With the DataStax extension, you can <strong>interact with databases and build applications with AstraDB</strong>:</p>
  60. <div class="mod-vh position-relative" style="height: 0; padding-bottom: calc((9 / 16)*100%);">
  61. <iframe loading="lazy" class="position-absolute top-0 left-0 width-full height-full" src="https://www.youtube.com/embed/3SmjSKsBRNk?version=3&amp;rel=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;fs=1&amp;hl=en-US&amp;autohide=2&amp;wmode=transparent" title="YouTube video player" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0"></iframe>
  62. </div>
  63. <p>With the Octopus extension, you can <strong>view the status of your deployments</strong>:</p>
  64. <div class="mod-vh position-relative" style="height: 0; padding-bottom: calc((9 / 16)*100%);">
  65. <iframe loading="lazy" class="position-absolute top-0 left-0 width-full height-full" src="https://www.youtube.com/embed/VO6fRiZwhCI?version=3&amp;rel=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;fs=1&amp;hl=en-US&amp;autohide=2&amp;wmode=transparent" title="YouTube video player" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0"></iframe>
  66. </div>
  67. <p>And, with the Sentry extension, you can <strong>resolve pipeline issues in natural language</strong>:</p>
  68. <div class="mod-vh position-relative" style="height: 0; padding-bottom: calc((9 / 16)*100%);">
  69. <iframe loading="lazy" class="position-absolute top-0 left-0 width-full height-full" src="https://www.youtube.com/embed/irRaA4OZpGM?version=3&amp;rel=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;fs=1&amp;hl=en-US&amp;autohide=2&amp;wmode=transparent" title="YouTube video player" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0"></iframe>
  70. </div>
  71. <p>&ldquo;This is the future of software development, where developers spend less time searching and more time building. Working in natural language, they can write code, retrieve data, and solve problems, all using a single intuitive workflow,&rdquo; said Tillman Elser, Engineering Manager at Sentry.</p>
  72. <h2 id="ai-meets-cloud-with-github-copilot-for-azure" id="ai-meets-cloud-with-github-copilot-for-azure" >AI meets cloud with GitHub Copilot for Azure<a href="#ai-meets-cloud-with-github-copilot-for-azure" class="heading-link pl-2 text-italic text-bold" aria-label="AI meets cloud with GitHub Copilot for Azure"></a></h2>
  73. <p>Microsoft&rsquo;s extension, GitHub Copilot for Azure, showcases just how much GitHub Copilot can push development velocity with natural language. By calling on GitHub Copilot for Azure right in Copilot Chat, developers get answers to their questions about Azure&mdash;anything from choosing an Azure service to running a React app to selecting the best Azure database to use with Django. And, when it&rsquo;s time to deploy, GitHub Copilot for Azure guides developers through the steps for a successful launch.</p>
  74. <div class="mod-vh position-relative" style="height: 0; padding-bottom: calc((9 / 16)*100%);">
  75. <iframe loading="lazy" class="position-absolute top-0 left-0 width-full height-full" src="https://www.youtube.com/embed/Vf9zqtxbI9c?version=3&amp;rel=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;fs=1&amp;hl=en-US&amp;autohide=2&amp;wmode=transparent" title="YouTube video player" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0"></iframe>
  76. </div>
  77. <p>Access to the GitHub Copilot for Azure preview is currently limited and offered through Microsoft directly. Sign up <a href="https://aka.ms/azcode/copilot/preview-signup">here</a>.</p>
  78. <h2 id="getting-started" id="getting-started" >Getting started<a href="#getting-started" class="heading-link pl-2 text-italic text-bold" aria-label="Getting started"></a></h2>
  79. <p>Today&rsquo;s announcement is a sneak peek of what&rsquo;s to come. Once invited, users can access Copilot Extensions from DataStax, Docker, Lambda Test, LaunchDarkly, McKinsey &amp; Company, Octopus Deploy, Pangea, Pinecone, Product Science, ReadMe, Sentry, and Teams Toolkit on the GitHub Marketplace. In the coming weeks, all users will be able to access extensions from Stripe, MongoDB, and Microsoft (including Teams Toolkit and Microsoft 365) on <a href="https://code.visualstudio.com/api/extension-guides/chat">Visual Studio Marketplace</a> for VSCode as well.</p>
  80. <aside class="p-4 p-md-6 post-aside--large"><p class="h5-mktg gh-aside-title">Looking to build a GitHub Copilot Extension?</p><p><a href="https://github.com/features/preview/copilot-partner-program">Join the Copilot Partner Program</a> and explore opportunities to:</p>
  81. <ul>
  82. <li>Explore opportunities to bring your developer tools and services into the GitHub Copilot ecosystem.</li>
  83. <li>Integrate your organization&rsquo;s internal tooling with GitHub Copilot with a private extension.</li>
  84. </ul>
  85. </aside>
  86. </p><h2 id="the-future-of-software-development-for-individuals-and-organizations" id="the-future-of-software-development-for-individuals-and-organizations" >The future of software development for individuals and organizations<a href="#the-future-of-software-development-for-individuals-and-organizations" class="heading-link pl-2 text-italic text-bold" aria-label="The future of software development for individuals and organizations"></a></h2>
  87. <p>Whether you&rsquo;re a potential partner or an organization looking to build your own private extension, Copilot Extensions put the power to customize every aspect of the build experience at your fingertips&mdash;and expand your access to the tools that drive productivity, innovation, and joy. Your participation and creativity will only increase Copilot&rsquo;s functionality and value for all.</p>
  88. <p>Today is just the starting point. Over the coming months, we&rsquo;ll expand this ecosystem through the hundreds of partners that have already signed up for the Copilot Partner Program. This means even more global knowledge at developers&rsquo; fingertips to build and innovate with ease.</p>
  89. <p>Our goal: make GitHub Copilot the most integrated, powerful, intelligent AI platform there is&mdash;with unlimited possibilities to accelerate human progress. Programming in natural language will continue to lower the barrier to entry for anyone who wants to build software. Today, we are closer to a future where one billion people can build on GitHub, with Copilot as an intelligent platform that integrates with any tool in the developer tech stack, entirely in natural language.</p>
  90. </body></html>
  91. <p>The post <a href="https://github.blog/2024-05-21-introducing-github-copilot-extensions/">Introducing GitHub Copilot Extensions: Unlocking unlimited possibilities with our ecosystem of partners</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  92. ]]></content:encoded>
  96. <post-id xmlns="com-wordpress:feed-additions:1">78012</post-id> </item>
  97. <item>
  98. <title>Scaling accessibility within GitHub and beyond</title>
  99. <link>https://github.blog/2024-05-16-scaling-accessibility-within-github-and-beyond/</link>
  101. <dc:creator><![CDATA[Ed Summers]]></dc:creator>
  102. <pubDate>Thu, 16 May 2024 16:00:06 +0000</pubDate>
  103. <category><![CDATA[Company]]></category>
  104. <category><![CDATA[accessibility]]></category>
  105. <category><![CDATA[Global Accessibility Awareness Day]]></category>
  106. <guid isPermaLink="false">https://github.blog/?p=78071</guid>
  107.  
  108. <description><![CDATA[<p>GitHub celebrates Global Accessibility Awareness Day by launching another installment of the Coding Accessibility series and sharing how we scale accessibility within GitHub and beyond.</p>
  109. <p>The post <a href="https://github.blog/2024-05-16-scaling-accessibility-within-github-and-beyond/">Scaling accessibility within GitHub and beyond</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  110. ]]></description>
  111. <content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
  112. <html><body><p>A popular mantra within the disability community is, &ldquo;Nothing about us without us.&rdquo; That mantra embodies the strongly held belief that people with disabilities must actively participate in the decisions that impact their lives. Given that technology is an integral part of how all of humanity lives, works, learns, and plays, it is absolutely essential that those of us with disabilities have the opportunity to contribute to and lead, the development of technology.</p>
  113. <p>In the <a href="https://github.com/readme/featured/nvda-coding-accessibility-software-blind">latest installment of the Coding Accessibility series</a>, you&rsquo;ll learn how blind developers <a href="https://github.com/jcsteh">Jamie Teh</a> and <a href="https://github.com/michaelDCurran">Michael &ldquo;Mick&rdquo; Curran</a> are living the mantra. They have built thriving communities that are organized by the blind, for the blind. The open source software maintained by these communities is used by hundreds of thousands of blind people globally.</p>
  114. <p>GitHub is honored to provide a home for Jamie, Mick, and their communities of blind developers, contributors, and users. We know that the best way to increase the accessibility of technology is to empower people with disabilities to build it. In this post, you&rsquo;ll learn how we&rsquo;re doing that by building a culture that scales accessibility internally within GitHub and beyond.</p>
  115. <h2 id="required-company-wide-training" id="required-company-wide-training" >Required company-wide training<a href="#required-company-wide-training" class="heading-link pl-2 text-italic text-bold" aria-label="Required company-wide training"></a></h2>
  116. <p>Our culture of accessibility starts with company-wide training that is required for every single Hubber. During the training, Hubbers learn about types of disabilities, assistive technologies that are used by people with disabilities, disability etiquette, and why accessibility is so important for GitHub. That body of knowledge is the foundation for our company-wide accessibility program, and every Hubber has an important role to play as we build a more inclusive GitHub.</p>
  117. <h2 id="engineering-fundamentals" id="engineering-fundamentals" >Engineering fundamentals<a href="#engineering-fundamentals" class="heading-link pl-2 text-italic text-bold" aria-label="Engineering fundamentals"></a></h2>
  118. <p>The GitHub Engineering Fundamentals program is another important part of our accessibility culture. Indeed, the Engineering Fundamentals program serves as the foundation for accessibility governance at GitHub. The program was created with the goal of defining, measuring, and sustaining engineering excellence across the GitHub platform. The program includes three pillars, which are accessibility, availability, and security, and uses scorecards to continuously monitor how services meet the expectations defined by each of the three pillars. For example, the accessibility pillar includes two scorecards that measure services against the expectations for accessibility at GitHub. If a service fails to meet those expectations, service owners can easily identify the action items that must be completed.</p>
  119. <p><a href="https://github.blog/2024-02-08-githubs-engineering-fundamentals-program-how-we-deliver-on-availability-security-and-accessibility/">Learn more about the Engineering Fundamentals program at GitHub</a>.</p>
  120. <h2 id="accessibility-design-bootcamp" id="accessibility-design-bootcamp" >Accessibility Design Bootcamp<a href="#accessibility-design-bootcamp" class="heading-link pl-2 text-italic text-bold" aria-label="Accessibility Design Bootcamp"></a></h2>
  121. <p>Great accessibility starts with great design. And, we know that the most cost-effective way to prevent and remove accessibility barriers is during design. That&rsquo;s why we created our Accessibility Design Bootcamp. The bootcamp is a live educational program that consists of exercises, discussions, and knowledge shares to raise awareness of web accessibility best practices, the role designers play in creating accessible products, and how to advocate for accessibility with cross-functional partners. Since its inception in March 2023, four cohorts of designers representing 50% of our design team have completed the bootcamp.</p>
  122. <p><a href="https://github.blog/2024-05-02-celebrating-1-year-of-a11y-design-bootcamp-takeaways-and-tips/">Learn more about the Accessibility Design Bootcamp at GitHub</a>.</p>
  123. <h2 id="accessibility-champions-program" id="accessibility-champions-program" >Accessibility Champions program<a href="#accessibility-champions-program" class="heading-link pl-2 text-italic text-bold" aria-label="Accessibility Champions program"></a></h2>
  124. <p>While our Accessibility Design Bootcamp has helped shift accessibility left within our development process, our Accessibility Champions program has empowered Hubbers to lead accessibility within their teams. The program started with a cohort of 17 engineering champions. Those participants gained practical experience creating inclusive digital experiences through hands-on exercises and interactive discussions. Their feedback drove improvements that included more interactive experiences and community engagement, such as monthly Champions Connect meetings, which provide a platform for champions to come together, exchange ideas, and foster a sense of camaraderie. We also organized bug bashes and collaborative events where champions worked together to identify and address accessibility issues in real time. Today, there are 52 accessibility champions at GitHub and we plan to expand the program to include at least 100 champions by the end of the year.</p>
  125. <p><a href="https://github.blog/2024-05-01-empowering-accessibility-githubs-journey-building-an-in-house-champions-program/">Learn more about the Accessibility Champions program at GitHub</a>.</p>
  126. <h2 id="primer" id="primer" >Primer<a href="#primer" class="heading-link pl-2 text-italic text-bold" aria-label="Primer"></a></h2>
  127. <p>The open source <a href="https://primer.style/">Primer</a> design system is a set of guidelines, principles, and patterns for designing and building UI at GitHub. It provides a shared language and standardized approach to delivering cohesive experiences across the GitHub platform. The building blocks of those experiences are Primer components. The Primer team includes accessibility and feedback from users with disabilities throughout their development process. As a result, Primer is our most powerful lever for implementing accessibility at scale.</p>
  128. <p>Learn <a href="https://github.blog/2024-05-07-how-were-building-more-inclusive-and-accessible-components-at-github/">how we build accessible Primer components</a> and <a href="https://github.blog/2023-05-11-unlocking-inclusive-design-how-primers-color-system-is-making-github-com-more-inclusive/">how we improved Primer&rsquo;s color system to be more inclusive</a>.</p>
  129. <h2 id="conclusion" id="conclusion" >Conclusion<a href="#conclusion" class="heading-link pl-2 text-italic text-bold" aria-label="Conclusion"></a></h2>
  130. <p>Peter Drucker said, &ldquo;Culture eats strategy for breakfast.&rdquo; We&rsquo;ve internalized that wisdom and, as a result, we are working to build a culture of accessibility within GitHub. We know that a strong culture of accessibility is the best way to scale accessibility across the organization. As of this moment, our accessibility culture is built on company-wide training for every Hubber, our Engineering Fundamentals program, our Accessibility Design Bootcamp, our Accessibility Champions program, and the Primer design system. However, we also know that accessibility is never done. GitHub is continually growing and evolving to meet the needs of developers. Our accessibility program must grow with it. Stay tuned to the GitHub blog and <a href="accessibility.github.com">accessibility.github.com </a> for the latest news on GitHub accessibility. And, as always, please share feedback on our <a href="https://github.com/orgs/community/discussions/categories/accessibility">accessibility community discussion page</a>.</p>
  131. </body></html>
  132. <p>The post <a href="https://github.blog/2024-05-16-scaling-accessibility-within-github-and-beyond/">Scaling accessibility within GitHub and beyond</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  133. ]]></content:encoded>
  137. <post-id xmlns="com-wordpress:feed-additions:1">78071</post-id> </item>
  138. <item>
  139. <title>Securing Git: Addressing 5 new vulnerabilities</title>
  140. <link>https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/</link>
  142. <dc:creator><![CDATA[Johannes Schindelin]]></dc:creator>
  143. <pubDate>Tue, 14 May 2024 17:07:49 +0000</pubDate>
  144. <category><![CDATA[Open Source]]></category>
  145. <category><![CDATA[Git]]></category>
  146. <category><![CDATA[security alert]]></category>
  147. <guid isPermaLink="false">https://github.blog/?p=78046</guid>
  148.  
  149. <description><![CDATA[<p>Git is releasing several new versions to address five CVEs. Upgrading to the latest Git version is essential to protect against these vulnerabilities.</p>
  150. <p>The post <a href="https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/">Securing Git: Addressing 5 new vulnerabilities</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  151. ]]></description>
  152. <content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
  153. <html><body><p>Hi there, Git users!</p>
  154. <p>Today, I write to you not in my capacity as Git for Windows maintainer, but as the Git community coordinator of the latest security bugfix release of Git.</p>
  155. <p>In the ever-evolving landscape of software development, security remains a paramount concern, especially for the Git project. Alongside our other business priorities, we hold the fort when it comes to safeguarding your work. It&rsquo;s with this unwavering commitment to security that we bring to your attention the latest Git version, v2.45.1, released on May 14, 2024, which addresses not one but five vulnerabilities. Affected platforms are Windows, macOS, Linux, and even *BSD, so these fixes are important for everyone! &#128522; This release is coordinated with Visual Studio and GitHub Desktop, which include a subset of Git. We are also releasing several defense-in-depth updates to address themes that we have noticed in the past several bugfix releases.</p>
  156. <ul>
  157. <li><strong><a href="https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv">CVE-2024-32002 (Critical, Windows &amp; macOS)</a></strong>: Git repositories with submodules can trick Git into executing a hook from the <code>.git/</code> directory during a clone operation, leading to Remote Code Execution.</li>
  158. <li><strong><a href="https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389">CVE-2024-32004 (High, multi-user machines)</a></strong>: An attacker can craft a local repository that executes arbitrary code when cloned.</li>
  159. <li><strong><a href="https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4">CVE-2024-32465 (High, all setups)</a></strong>: Cloning from <code>.zip</code> files containing Git repositories can bypass protections, potentially executing unsafe hooks.</li>
  160. <li><strong><a href="https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj">CVE-2024-32020 (Low, multi-user machines)</a></strong>: Local clones on the same disk can allow untrusted users to modify hard-linked files in the cloned repository&rsquo;s object database.</li>
  161. <li><strong><a href="https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7">CVE-2024-32021 (Low, multi-user machines)</a></strong>: Cloning a local repository with symlinks can result in hard-linking to arbitrary files in the <code>objects/</code> directory.</li>
  162. </ul>
  163. <p>Upgrading to the latest Git version is essential to protect against these vulnerabilities. If you cannot update immediately, please be careful from where you clone repositories.</p>
  164. <p><em>Note</em>: the defense-in-depth protection in this update causes a regression when cloning repositories enabled with <a href="https://git-lfs.com/">Git LFS</a>. The clone will fail with an error message. The remedy is to call <code>git lfs pull</code> in the fresh clone.</p>
  165. <h2 id="details" id="details" >Details<a href="#details" class="heading-link pl-2 text-italic text-bold" aria-label="Details"></a></h2>
  166. <p>The main theme of these fixes is to improve the security of cloning Git repositories. It has long been Git&rsquo;s stance that cloning even untrustworthy repositories should be a safe operation, and that it should be possible to &ldquo;scrub&rdquo; repositories of potentially malicious configurations and hooks&mdash;and in this release this is clearly documented.</p>
  167. <p>Now, let&rsquo;s dive into the details.</p>
  168. <h3 id="recursive-clones-on-case-insensitive-filesystems-that-support-symlinks-are-susceptible-to-remote-code-execution-cve-2024-32002-critical" id="recursive-clones-on-case-insensitive-filesystems-that-support-symlinks-are-susceptible-to-remote-code-execution-cve-2024-32002-critical" >Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution (CVE-2024-32002, critical)<a href="#recursive-clones-on-case-insensitive-filesystems-that-support-symlinks-are-susceptible-to-remote-code-execution-cve-2024-32002-critical" class="heading-link pl-2 text-italic text-bold" aria-label="Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution (CVE-2024-32002, critical)"></a></h3>
  169. <p>Repositories with submodules can be crafted in a way that exploits a bug in Git, whereby it can be fooled into writing files not into the submodule&rsquo;s worktree but into a <code>.git/</code> directory. This is possible by a combination of confusing Git with a directory and a symbolic link that differs only in case so that Git can write either one, or the other, but not both. This confusion can be used to manipulate Git into writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed.</p>
  170. <h3 id="remote-code-execution-while-cloning-special-crafted-local-repositories-cve-2024-32004-high" id="remote-code-execution-while-cloning-special-crafted-local-repositories-cve-2024-32004-high" >Remote Code Execution while cloning special-crafted local repositories (CVE-2024-32004, high)<a href="#remote-code-execution-while-cloning-special-crafted-local-repositories-cve-2024-32004-high" class="heading-link pl-2 text-italic text-bold" aria-label="Remote Code Execution while cloning special-crafted local repositories (CVE-2024-32004, high)"></a></h3>
  171. <p>On multi-user machines, an attacker can prepare a local repository so that it looks like a partial clone that is missing an object, so that, when this repository is cloned, Git will execute arbitrary code during the operation with full permissions of the user performing the clone.</p>
  172. <h3 id="protections-for-cloning-untrusted-repositories-can-be-bypassed-cve-2024-32465-high" id="protections-for-cloning-untrusted-repositories-can-be-bypassed-cve-2024-32465-high" >Protections for cloning untrusted repositories can be bypassed (CVE-2024-32465, high)<a href="#protections-for-cloning-untrusted-repositories-can-be-bypassed-cve-2024-32465-high" class="heading-link pl-2 text-italic text-bold" aria-label="Protections for cloning untrusted repositories can be bypassed (CVE-2024-32465, high)"></a></h3>
  173. <p>There are circumstances where the fixes for CVE-2024-32004 are not enough. For example, when obtaining a <code>.zip</code> file containing a full copy of a Git repository, it should not be trusted by default to be safe, as for example, hooks could be configured to run within the context of that repository.</p>
  174. <p>The Git project does <em>not</em> recommend for you to obtain Git repositories via <code>.zip</code> files containing a full copy of the worktree and <code>.git/</code> directory!</p>
  175. <p>Having said that, the Git project&rsquo;s stance is that such an untrusted repository can be &ldquo;sanitized&rdquo; by cloning it locally, as is clarified in the Git documentation as part of this release. In such a scenario, Git is susceptible to the same manipulations as described in CVE-2024-32004.</p>
  176. <h3 id="cloning-local-repository-by-untrusted-user-allows-the-untrusted-user-to-modify-objects-in-the-cloned-repository-at-will-cve-2024-32020-low" id="cloning-local-repository-by-untrusted-user-allows-the-untrusted-user-to-modify-objects-in-the-cloned-repository-at-will-cve-2024-32020-low" >Cloning local repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will (CVE-2024-32020, low)<a href="#cloning-local-repository-by-untrusted-user-allows-the-untrusted-user-to-modify-objects-in-the-cloned-repository-at-will-cve-2024-32020-low" class="heading-link pl-2 text-italic text-bold" aria-label="Cloning local repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will (CVE-2024-32020, low)"></a></h3>
  177. <p>When source and target repository reside on the same disk, local clones may end up creating hard-links of files in the target repository&rsquo;s object database. If the source repository is owned by a different user, this means that those newly hard-linked files may be rewritten at any point in time by that other user, which can easily come as a surprise to users who are unfamiliar with this implementation detail of Git.</p>
  178. <h3 id="local-clone-may-hard-link-arbitrary-user-readable-files-into-the-new-repositorys-objects-directory-cve-2024-32021-low" id="local-clone-may-hard-link-arbitrary-user-readable-files-into-the-new-repositorys-objects-directory-cve-2024-32021-low" >Local clone may hard-link arbitrary user-readable files into the new repository&rsquo;s &ldquo;objects/&rdquo; directory (CVE-2024-32021, low)<a href="#local-clone-may-hard-link-arbitrary-user-readable-files-into-the-new-repositorys-objects-directory-cve-2024-32021-low" class="heading-link pl-2 text-italic text-bold" aria-label="Local clone may hard-link arbitrary user-readable files into the new repository&rsquo;s &ldquo;objects/&rdquo; directory (CVE-2024-32021, low)"></a></h3>
  179. <p>When cloning a local source repository that contains symbolic links, Git may create hard-links in the <code>objects/</code> directory to arbitrary files on the same filesystem as the target repository. This can be used in sophisticated attacks to manipulate Git into writing files outside the Git worktree and outside the <code>.git/</code> directory.</p>
  180. <h2 id="defense-in-depth" id="defense-in-depth" >Defense-in-depth<a href="#defense-in-depth" class="heading-link pl-2 text-italic text-bold" aria-label="Defense-in-depth"></a></h2>
  181. <p>It has not escaped the Git project that there has been a common theme in <a href="https://github.com/git/git/security/advisories/">the vulnerabilities that have been fixed in previous security bugfix releases</a>, as well as in this one: submodules support seems to be involved, and hooks escalate the severity of the found vulnerabilities to high or critical.</p>
  182. <p>This time around, we therefore added more changes that not only fix existing security issues but also try to reduce the severity of any related vulnerabilities that may be found in the future:</p>
  183. <ul>
  184. <li>Git has introduced several security improvements to protect against Remote Code Execution (RCE), which is when an attacker could potentially run harmful code on your computer.</li>
  185. <li>These updates include better handling of symbolic links and directories during cloning operations to prevent Git from being tricked into writing files in the wrong places.</li>
  186. <li>Git now has a more secure way of running hooks, which are scripts that can run automatically during certain Git operations. This helps prevent unauthorized code from running during a clone.</li>
  187. <li>The configuration setting for the Git templates directory, which could influence which hooks run during a clone, is now protected to prevent accidental or malicious changes.</li>
  188. <li>Additionally, Git will now warn about symbolic links that point inside the <code>.git/</code> directory, which could be a security risk. Users who want to be extra cautious can set these warnings to be treated as errors.</li>
  189. </ul>
  190. <p>These changes are part of Git&rsquo;s ongoing efforts to enhance security and ensure that the cloning process is safe from potential vulnerabilities.</p>
  191. <h2 id="credits" id="credits" >Credits<a href="#credits" class="heading-link pl-2 text-italic text-bold" aria-label="Credits"></a></h2>
  192. <p><a href="https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv">CVE-2024-32002</a> and <a href="https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389">CVE-2024-32004</a> were found by <a href="https://github.com/filip-hejsek">Filip Heijsek</a> and fixed by <a href="https://github.com/dscho">Johannes Schindelin</a>. Apple Product Security found <a href="https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj">CVE-2024-32020</a> and <a href="https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7">CVE-2024-32021</a>, and they were fixed by <a href="https://github.com/pks-t">Patrick Steinhardt</a>. <a href="https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4">CVE-2024-32465</a> was found and fixed by <a href="https://github.com/peff">Jeff King</a>. The defense-in-depth patches were contributed by <a href="https://github.com/dscho">Johannes Schindelin</a>. Credit for in-depth reviews goes to <a href="https://github.com/gitster">Junio Hamano</a>, <a href="https://github.com/filip-hejsek">Filip Hejsek</a>, <a href="https://github.com/dscho">Johannes Schindelin</a>, and <a href="https://github.com/pks-t">Patrick Steinhardt</a>.</p>
  193. <p><strong>Stay secure, stay updated, and let&rsquo;s continue to build amazing software together.</strong></p>
  194. </body></html>
  195. <p>The post <a href="https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/">Securing Git: Addressing 5 new vulnerabilities</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  196. ]]></content:encoded>
  200. <post-id xmlns="com-wordpress:feed-additions:1">78046</post-id> </item>
  201. <item>
  202. <title>Research: Quantifying GitHub Copilot’s impact in the enterprise with Accenture</title>
  203. <link>https://github.blog/2024-05-13-research-quantifying-github-copilots-impact-in-the-enterprise-with-accenture/</link>
  205. <dc:creator><![CDATA[Ya Gao]]></dc:creator>
  206. <pubDate>Mon, 13 May 2024 18:27:34 +0000</pubDate>
  207. <category><![CDATA[Product]]></category>
  208. <category><![CDATA[GitHub Copilot]]></category>
  209. <category><![CDATA[research]]></category>
  210. <guid isPermaLink="false">https://github.blog/?p=78014</guid>
  211.  
  212. <description><![CDATA[<p>We conducted research with developers at Accenture to understand GitHub Copilot’s real-world impact in enterprise organizations. </p>
  213. <p>The post <a href="https://github.blog/2024-05-13-research-quantifying-github-copilots-impact-in-the-enterprise-with-accenture/">Research: Quantifying GitHub Copilot’s impact in the enterprise with Accenture</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  214. ]]></description>
  215. <content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
  216. <html><body><p>Since bringing GitHub Copilot to market, we&rsquo;ve conducted several lab studies to discover its impact on developer efficiency, developer satisfaction, and overall code quality. We found that our AI pair programmer helps developers code up to <a href="https://github.blog/2022-09-07-research-quantifying-github-copilots-impact-on-developer-productivity-and-happiness/">55% faster</a> and that it made <a href="https://github.blog/2023-10-10-research-quantifying-github-copilots-impact-on-code-quality/">85% of developers</a> feel more confident in their code quality. With the introduction of our first <a href="https://github.blog/2023-02-14-github-copilot-for-business-is-now-available/">GitHub Copilot offering for businesses and organizations in 2023</a>&mdash;and more recently <a href="https://github.blog/2024-02-27-github-copilot-enterprise-is-now-generally-available/#:~:text=Our%20most%20advanced%20AI%20offering,throughout%20the%20software%20development%20lifecycle.">GitHub Copilot Enterprise</a>&mdash;it&rsquo;s become increasingly important for us to measure the impact of GitHub Copilot across real-world, large engineering organizations.</p>
  217. <p><strong>To learn more, we partnered with Accenture to study how developers integrated GitHub Copilot into their daily workflows</strong>, and we found significant improvements in several areas, including:</p>
  218. <ul>
  219. <li><strong>Improved developer satisfaction.</strong> 90% of developers found they were more fulfilled with their job when using GitHub Copilot, and 95% said they enjoyed coding more with Copilot&rsquo;s help.</li>
  220. <li><strong>Quickly adopted by developers.</strong> Over 80% of Accenture participants successfully adopted GitHub Copilot with a 96% success rate among initial users. 43% found it &ldquo;extremely easy to use.&rdquo; Additionally, 67% of total participants used GitHub Copilot at least 5 days per week, averaging 3.4 days of usage weekly.</li>
  221. </ul>
  222. <h2 id="methodology" id="methodology" >Methodology<a href="#methodology" class="heading-link pl-2 text-italic text-bold" aria-label="Methodology"></a></h2>
  223. <p>In this study, we collaborated with Accenture to conduct an extensive, randomized controlled trial (RCT). Participants included developers who engage in a variety of software development tasks daily, including engineering, design, and testing across a spectrum of software products and services. They hold various positions within their organizations from entry-level roles to team management positions, and may work collaboratively or independently depending on the project and team dynamics.</p>
  224. <p>For the trial, developers were randomly assigned to two groups. One group of developers was given access to GitHub Copilot, while the other group was not. Our objective was to assess the influence of GitHub Copilot on developers&rsquo; experience within the enterprise setting, where they collaborate on multifaceted projects. We collected DevOps telemetry on several output performance metrics that reflect insights into developers&rsquo; regular coding activity.</p>
  225. <p>Beyond the initial experiment, we conducted a company-wide adoption analysis, which explored installation rates, generated code acceptance rates, and the time it took developers to accept GitHub Copilot&rsquo;s first coding suggestion. Success was determined by whether they accepted a suggestion from GitHub Copilot or not.</p>
  226. <p>In addition, we surveyed the GitHub Copilot users at Accenture to gain a better understanding of how developers perceived the impact of GitHub Copilot on their workflows. Not only did this survey uncover insights into how and when developers are using GitHub Copilot, but it also indicated an overwhelming improvement in developer satisfaction, which we know to be a key component of the <a href="https://github.blog/2023-06-08-developer-experience-what-is-it-and-why-should-you-care/">developer experience (DevEx)</a>. The combination of both telemetry data and the information from the survey provides a full picture for us to understand GitHub Copilot&rsquo;s impact at the enterprise level.</p>
  227. <h2 id="our-findings" id="our-findings" >Our findings<a href="#our-findings" class="heading-link pl-2 text-italic text-bold" aria-label="Our findings"></a></h2>
  228. <h3 id="developers-quickly-found-value-in-github-copilot-and-adopted-it-as-part-of-their-daily-toolkit" id="developers-quickly-found-value-in-github-copilot-and-adopted-it-as-part-of-their-daily-toolkit" >Developers quickly found value in GitHub Copilot and adopted it as part of their daily toolkit<a href="#developers-quickly-found-value-in-github-copilot-and-adopted-it-as-part-of-their-daily-toolkit" class="heading-link pl-2 text-italic text-bold" aria-label="Developers quickly found value in GitHub Copilot and adopted it as part of their daily toolkit"></a></h3>
  229. <p><a href="https://www.microsoft.com/en-us/investor/events/fy-2024/earnings-fy-2024-q2.aspx">More than 50,000 organizations have adopted GitHub Copilot so far</a>, but we haven&rsquo;t yet had a clear view into what those adoption rates look like on the individual level. When we dug deeper into the usage patterns of GitHub Copilot among Accenture developers, <strong>67% of respondents reported utilizing GitHub Copilot at least 5 days per week</strong>, with an <strong>average usage frequency of 3.4 days per week.</strong> Moreover, a substantial 70% of respondents relied on GitHub Copilot for coding tasks in a familiar programming language. This indicates a high level of integration of GitHub Copilot into developers&rsquo; daily workflows, highlighting its importance as a valuable engineering tool and resource.</p>
  230. <p>We also observed that developers were excited to use GitHub Copilot. <strong>81.4% of developers installed the GitHub Copilot IDE extension on the same day</strong> that they received a license. And not only were they excited to use it, but getting started was simple and did not provide a barrier to entry.</p>
  231. <p>In fact, <strong>96% of those who installed the IDE extension started receiving and accepting suggestions on the same day.</strong> On average, developers took just one minute from seeing their first suggestion to accepting one, too. This was further validated in user surveys, with <strong>43% finding GitHub Copilot &ldquo;extremely easy to use&rdquo; and 51% rating it as &ldquo;extremely useful.&rdquo;</strong></p>
  232. <aside class="p-4 p-md-6 post-aside--large"><p>As part of the GitHub Copilot service, we provide the measurement capabilities for our customers to determine gains from Copilot themselves. To produce many of the insights in this report, we leveraged public APIs available via GitHub and Azure DevOps. Among them, GitHub offers the <a href="https://github.blog/changelog/2024-04-23-github-copilot-metrics-api-now-available-in-public-beta/">GitHub Copilot Metrics API</a>, designed to provide users with information about Copilot usage within your organization. You can also explore the <a href="https://resources.github.com/learn/pathways/copilot/essentials/measuring-the-impact-of-github-copilot/">Copilot Learning Pathways</a> to learn more about what GitHub Copilot can help your business achieve. Keep reading for more information on conducting your own studies on GitHub Copilot&rsquo;s impact.</p>
  233. </aside>
  234. <p><img decoding="async" class="aligncenter size-large wp-image-78027 width-fit" src="https://github.blog/wp-content/uploads/2024/05/image3.png?w=1024&#038;resize=1024%2C538" alt='A chart showing how developers at Accenture gauged the ease of using GitHub Copilot. 42.8% of developers at Accenture deem it "extremely easy to use."' width="1024" height="538" srcset="https://github.blog/wp-content/uploads/2024/05/image3.png?w=1999 1999w, https://github.blog/wp-content/uploads/2024/05/image3.png?w=300 300w, https://github.blog/wp-content/uploads/2024/05/image3.png?w=768 768w, https://github.blog/wp-content/uploads/2024/05/image3.png?w=1024&#038;resize=1024%2C538 1024w, https://github.blog/wp-content/uploads/2024/05/image3.png?w=1536 1536w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  235. <p><img loading="lazy" decoding="async" class="aligncenter size-large wp-image-78028 width-fit" src="https://github.blog/wp-content/uploads/2024/05/image5.png?w=1024&#038;resize=1024%2C538" alt='A chart showing how developers at Accenture gauged the usefulness of GitHub Copilot. 50.9% of developers at Accenture deem it "extremely useful."' width="1024" height="538" srcset="https://github.blog/wp-content/uploads/2024/05/image5.png?w=1999 1999w, https://github.blog/wp-content/uploads/2024/05/image5.png?w=300 300w, https://github.blog/wp-content/uploads/2024/05/image5.png?w=768 768w, https://github.blog/wp-content/uploads/2024/05/image5.png?w=1024&#038;resize=1024%2C538 1024w, https://github.blog/wp-content/uploads/2024/05/image5.png?w=1536 1536w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  236. <h3 id="developers-improved-code-quality-using-github-copilot" id="developers-improved-code-quality-using-github-copilot" >Developers improved code quality using GitHub Copilot<a href="#developers-improved-code-quality-using-github-copilot" class="heading-link pl-2 text-italic text-bold" aria-label="Developers improved code quality using GitHub Copilot"></a></h3>
  237. <p>By convention, pull requests represent a ready-to-deploy code change (for example, a new feature, bug fix, or code refactoring). When measured in aggregate, the number of pull requests per developer can be used to measure a team&rsquo;s throughput or velocity. Ultimately, an increase in pull requests represents an increase in value delivered, and <strong>Accenture developers saw an 8.69% increase in pull requests.</strong> Because each pull request must pass through a code review, the pull request merge rate is an excellent measure of code quality as seen through the eyes of a maintainer or coworker. <strong>Accenture saw a 15% increase to the pull request merge rate,</strong> which means that as the volume of pull requests increased, so did the number of pull requests passing code review.</p>
  238. <p>But we don&rsquo;t want to just shift issues downstream and overburden the system with low-quality code. It&rsquo;s one thing for a teammate to assess quality and yet another for new code to successfully complete CI runs where test automation evaluates code quality against deterministic measures. At Accenture, we saw an <strong>84% increase in successful builds</strong> suggesting not only that more pull requests were passing through the system, but they were also of higher quality as assessed by both human reviewers and test automation.</p>
  239. <p>By enabling developers to maintain focus and stay in the flow, GitHub Copilot doesn&rsquo;t sacrifice quality for speed. And our findings provide evidence for exactly that.</p>
  240. <p>In our study, <strong>developers accepted around 30% of GitHub Copilot&rsquo;s suggestions</strong>. And <strong>90% of the developers</strong> reported that they committed code suggested by GitHub Copilot, while <strong>91% of the developers reported that their teams had merged pull requests containing code suggested by GitHub Copilot</strong>. Analysis also showed high usage rates with the accepted code&mdash;for example, <strong>developers retained 88% of GitHub Copilot-generated characters in their editor</strong>.</p>
  241. <p><img loading="lazy" decoding="async" class="aligncenter size-large wp-image-78029 width-fit" src="https://github.blog/wp-content/uploads/2024/05/image4.png?w=1024&#038;resize=1024%2C541" alt="A chart showing how developers at Accenture gauged GitHub Copilot&rsquo;s impact on production code, also outlined in the preceding paragraph." width="1024" height="541" srcset="https://github.blog/wp-content/uploads/2024/05/image4.png?w=1999 1999w, https://github.blog/wp-content/uploads/2024/05/image4.png?w=300 300w, https://github.blog/wp-content/uploads/2024/05/image4.png?w=768 768w, https://github.blog/wp-content/uploads/2024/05/image4.png?w=1024&#038;resize=1024%2C541 1024w, https://github.blog/wp-content/uploads/2024/05/image4.png?w=1536 1536w, https://github.blog/wp-content/uploads/2024/05/image4.png?w=400 400w, https://github.blog/wp-content/uploads/2024/05/image4.png?w=516 516w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  242. <p>By experiencing improved success rates in builds, developers can reduce the likelihood of errors.</p>
  243. <h3 id="github-copilot-improved-the-overall-developer-experience" id="github-copilot-improved-the-overall-developer-experience" >GitHub Copilot improved the overall developer experience<a href="#github-copilot-improved-the-overall-developer-experience" class="heading-link pl-2 text-italic text-bold" aria-label="GitHub Copilot improved the overall developer experience"></a></h3>
  244. <p>Our survey among Accenture developers unveiled compelling findings indicating a significant boost in overall developer satisfaction with GitHub Copilot. An impressive <strong>90% of developers expressed feeling more fulfilled with their jobs</strong> when utilizing GitHub Copilot, and a staggering <strong>95% of developers reported enjoying coding more when leveraging GitHub Copilot&rsquo;s capabilities</strong>.</p>
  245. <p>This enhancement in job satisfaction could allow developers to allocate their focus toward tasks most fulfilling to them, like solutions design or collaboration. Furthermore, our analysis revealed that developers&rsquo; heightened fulfillment correlated directly with their engagement with GitHub Copilot. When using GitHub Copilot less than two days per week, fulfillment only increased &ldquo;a little.&rdquo; But when using GitHub Copilot more than 2 days per week, fulfillment increases &ldquo;quite a bit.&rdquo;</p>
  246. <p>70% of developers also reported quite a bit less mental effort was expended on repetitive tasks, and 54% spent less time searching for information or examples when utilizing GitHub Copilot. This reduction in cognitive load could enable developers to allocate their cognitive resources more efficiently, reducing burnout. GitHub Copilot also allowed developers to maintain uninterrupted focus, with a majority indicating that they could maintain <a href="https://github.blog/2024-01-22-how-to-get-in-the-flow-while-coding-and-why-its-important/">flow state</a> while using the tool, a hallmark of good DevEx. These impacts extend beyond mere task optimization, which offers enterprises a competitive edge by maximizing developer resources and fostering a conducive environment for innovation and growth.</p>
  247. <p><img loading="lazy" decoding="async" class="aligncenter size-large wp-image-78030 width-fit" src="https://github.blog/wp-content/uploads/2024/05/image2.png?w=1024&#038;resize=1024%2C538" alt="A chart showing how developers at Accenture grew more fulfilled the more they used GitHub Copilot." width="1024" height="538" srcset="https://github.blog/wp-content/uploads/2024/05/image2.png?w=1999 1999w, https://github.blog/wp-content/uploads/2024/05/image2.png?w=300 300w, https://github.blog/wp-content/uploads/2024/05/image2.png?w=768 768w, https://github.blog/wp-content/uploads/2024/05/image2.png?w=1024&#038;resize=1024%2C538 1024w, https://github.blog/wp-content/uploads/2024/05/image2.png?w=1536 1536w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  248. <aside class="p-4 p-md-6 post-aside--large"><p class="h5-mktg gh-aside-title">How to evaluate the impact of GitHub Copilot in your organization</p><p>Organizations seeking to conduct studies on the impact of GitHub Copilot can follow a methodological approach focusing on collecting and analyzing three types of data: quantitative, qualitative, and operational. To ensure readiness for data collection, organizations are advised to streamline their DevOps platform telemetry infrastructure in alignment with their specific goals and workflows.</p>
  249. <p>It&rsquo;s essential to note that success metrics should be tailored to reflect the unique processes and operations of each organization. By adopting this methodology and customizing metrics accordingly, organizations can effectively gauge the impact of GitHub Copilot.</p>
  250. <p><a href="https://resources.github.com/learn/pathways/copilot/essentials/measuring-the-impact-of-github-copilot/">Learn how to measure the impact of GitHub Copilot in your organization &gt;</a></p>
  251. </aside>
  252. </p><h2 id="from-the-lab-to-the-real-world" id="from-the-lab-to-the-real-world" >From the lab to the real world<a href="#from-the-lab-to-the-real-world" class="heading-link pl-2 text-italic text-bold" aria-label="From the lab to the real world"></a></h2>
  253. <p>After conducting multiple lab studies on the impact of GitHub Copilot, we are now working to understand how GitHub Copilot affected developers&rsquo; workdays in real-world environments&mdash;and that&rsquo;s been made possible by the tremendous adoption we&rsquo;ve seen among businesses and enterprise organizations alike.</p>
  254. <p>With this study, we have uncovered compelling evidence that GitHub Copilot significantly enhances developer experience, satisfaction, and overall job fulfillment in real-world enterprise settings. With GitHub Copilot in their toolkits, developers can also enhance their skill sets and gain greater proficiency in their organization&rsquo;s codebase, which ultimately leads to heightened contribution levels across teams, all without sacrificing the quality of code.</p>
  255. <hr>
  256. <h3 id="acknowledgments" id="acknowledgments" >Acknowledgments<a href="#acknowledgments" class="heading-link pl-2 text-italic text-bold" aria-label="Acknowledgments"></a></h3>
  257. <p>We are very grateful to all the developers who participated in the GitHub Copilot adoption experiment and survey. Ya Gao from GitHub Customer Research led the experiment in partnership with Accenture, the Microsoft Office of the Chief Economist, and the GitHub Copilot Quality Measurement team, specifically in collaboration with Phillip Coppney and Daniel A. Schocke at Accenture; Sida Peng, Dan Tetrick, and Jeff Wilcox at Microsoft; and Erik Polzin and Lizzie Redford at GitHub.</p>
  258. </body></html>
  259. <p>The post <a href="https://github.blog/2024-05-13-research-quantifying-github-copilots-impact-in-the-enterprise-with-accenture/">Research: Quantifying GitHub Copilot’s impact in the enterprise with Accenture</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  260. ]]></content:encoded>
  264. <post-id xmlns="com-wordpress:feed-additions:1">78014</post-id> </item>
  265. <item>
  266. <title>Say hello to the SPORTech collection</title>
  267. <link>https://github.blog/2024-05-13-say-hello-to-the-sportech-collection/</link>
  269. <dc:creator><![CDATA[Lavinia Sfetcu]]></dc:creator>
  270. <pubDate>Mon, 13 May 2024 17:01:57 +0000</pubDate>
  271. <category><![CDATA[Company]]></category>
  272. <category><![CDATA[GitHub Shop]]></category>
  273. <guid isPermaLink="false">https://github.blog/?p=77956</guid>
  274.  
  275. <description><![CDATA[<p>Whether you’re a rookie coder or a seasoned pro, our new SPORTech shop collection is tailored for you. And here’s the kicker: we’re offering free delivery worldwide over $20 until May 20!</p>
  276. <p>The post <a href="https://github.blog/2024-05-13-say-hello-to-the-sportech-collection/">Say hello to the SPORTech collection</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  277. ]]></description>
  278. <content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
  279. <html><body><p>We used to think of coding as a solitary activity, but through our interconnected community it has become the world&rsquo;s largest team sport. Now, you can get the colors to match. Whether you&rsquo;re a rookie coder or a seasoned pro, GitHub&rsquo;s new SPORTech shop collection is tailored for you. And here&rsquo;s the kicker: we&rsquo;re offering <strong>free delivery worldwide over $20 until May 20</strong>! Ready to break the huddle? Git shopping now, or keep reading for the full play-by-play on this week&rsquo;s drops.</p>
  280. <div class="content-button-wrap text-center"><a href="https://www.thegithubshop.com/" target="_self" class="btn-mktg">Git shopping</a></div>
  281. <h2 id="the-mona-varsity-jacket" id="the-mona-varsity-jacket" >The Mona Varsity Jacket<a href="#the-mona-varsity-jacket" class="heading-link pl-2 text-italic text-bold" aria-label="The Mona Varsity Jacket"></a></h2>
  282. <p><img loading="lazy" decoding="async" src="https://github.blog/wp-content/uploads/2024/05/image4.jpg?w=1024&#038;resize=1024%2C683" alt="A woman wearing roller skates has her back to the camera and her arms in the air in a triumphant pose. She is wearing a varsity letter style jacket that says " github in a script font across the back. width="1024" height="683" class="aligncenter size-large wp-image-77958 width-fit" srcset="https://github.blog/wp-content/uploads/2024/05/image4.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2024/05/image4.jpg?w=300 300w, https://github.blog/wp-content/uploads/2024/05/image4.jpg?w=768 768w, https://github.blog/wp-content/uploads/2024/05/image4.jpg?w=1024&#038;resize=1024%2C683 1024w, https://github.blog/wp-content/uploads/2024/05/image4.jpg?w=1536 1536w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  283. <p>In the developer&rsquo;s league, we&rsquo;re all MVPs, and the <a href="https://www.thegithubshop.com/gh-varsity-jacket">Mona Varsity Jacket</a> is our uniform. No need to run drills or hit the gym; this jacket is your badge of honor, with GitHub Copilot as your star teammate, ready to assist on every play.</p>
  284. <h2 id="stay-warm" id="stay-warm" >Stay warm<a href="#stay-warm" class="heading-link pl-2 text-italic text-bold" aria-label="Stay warm"></a></h2>
  285. <p><img loading="lazy" decoding="async" src="https://github.blog/wp-content/uploads/2024/05/image2.jpg?w=1024&#038;resize=1024%2C668" alt="A smiling man wielding a pickleball paddle is wearing a grey sweatshirt with " github in large fabric letters across the front. width="1024" height="668" class="aligncenter size-large wp-image-77959 width-fit" srcset="https://github.blog/wp-content/uploads/2024/05/image2.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2024/05/image2.jpg?w=300 300w, https://github.blog/wp-content/uploads/2024/05/image2.jpg?w=768 768w, https://github.blog/wp-content/uploads/2024/05/image2.jpg?w=1024&#038;resize=1024%2C668 1024w, https://github.blog/wp-content/uploads/2024/05/image2.jpg?w=1536 1536w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  286. <p>Our collection is expanding with three all-star sweaters. Leading the pack is our <a href="https://www.thegithubshop.com/1547133-github-collegiate-sweatshirt">GitHub Collegiate Sweatshirt</a>, a perfect fit under the Mona Varsity Jacket, and it&rsquo;s more than just a fashion statement&mdash;1% of proceeds from our collegiate sweatshirt is donated to <a href="https://water.org/">water.org</a>, a nonprofit organization that has transformed millions of lives around the world with access to safe water and sanitation.</p>
  287. <p>Next in the lineup are our <a href="https://www.thegithubshop.com/catalog/product/view/id/67476/s/gh-0010-varsity-crewneck-sweatshirt/category/6663/">Varsity Crewneck Sweatshirts</a>, available in two dynamic new colorways. Plus, our <a href="https://www.thegithubshop.com/catalog/product/view/id/67475/s/1545213-sportiqe-logo-patch-hoodie/category/6663/">Sportiqe Logo Patch Hoodie</a>, cozy enough to feel like a post-game victory hug. If you&rsquo;re not one for sweaters, our long sleeve twill button-up will keep you in the game.</p>
  288. <h2 id="keep-cool" id="keep-cool" >Keep cool<a href="#keep-cool" class="heading-link pl-2 text-italic text-bold" aria-label="Keep cool"></a></h2>
  289. <p><img loading="lazy" decoding="async" src="https://github.blog/wp-content/uploads/2024/05/image5.jpg?w=1024&#038;resize=1024%2C683" alt="A smiling woman wearing boxing gloves has on a light purple colored t-shirt with a very subtle octocat logo on the left side of the chest area." width="1024" height="683" class="aligncenter size-large wp-image-77960 width-fit" srcset="https://github.blog/wp-content/uploads/2024/05/image5.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2024/05/image5.jpg?w=300 300w, https://github.blog/wp-content/uploads/2024/05/image5.jpg?w=768 768w, https://github.blog/wp-content/uploads/2024/05/image5.jpg?w=1024&#038;resize=1024%2C683 1024w, https://github.blog/wp-content/uploads/2024/05/image5.jpg?w=1536 1536w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  290. <p>And as the season shifts and the northern hemisphere heats up, don&rsquo;t get caught without our <a href="https://www.thegithubshop.com/gh-0009-invertocat-botanical-dye-shirt">Botanical Dye tees</a>&mdash;as refreshing as a halftime orange slice. And to keep hydrated? We&rsquo;ve added a new addition to our already extensive <a href="https://www.thegithubshop.com/shop-by-category/drinkware">drinkware collection</a>. This one is a little extra. Introducing the <a href="https://www.thegithubshop.com/1547137-00-invertocat-disco-tumbler">Disco Tumbler</a>. Made from 100% recycled SAN plastic, it&rsquo;s a party in a water bottle.</p>
  291. <h2 id="get-going" id="get-going" >Get going<a href="#get-going" class="heading-link pl-2 text-italic text-bold" aria-label="Get going"></a></h2>
  292. <p><img loading="lazy" decoding="async" src="https://github.blog/wp-content/uploads/2024/05/image3.jpg?w=1024&#038;resize=1024%2C631" alt="A woman wearing a bike helmet kneels down next to her bike to reach into a black Miir brand backpack with a white octocat logo on it. Her blue crew neck sweatshirt also says GitHub on it." width="1024" height="631" class="aligncenter size-large wp-image-77961 width-fit" srcset="https://github.blog/wp-content/uploads/2024/05/image3.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2024/05/image3.jpg?w=300 300w, https://github.blog/wp-content/uploads/2024/05/image3.jpg?w=768 768w, https://github.blog/wp-content/uploads/2024/05/image3.jpg?w=1024&#038;resize=1024%2C631 1024w, https://github.blog/wp-content/uploads/2024/05/image3.jpg?w=1536 1536w, https://github.blog/wp-content/uploads/2024/05/image3.jpg?w=1416 1416w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  293. <p>Or should we say, Git going?  Whether you&rsquo;re commuting to the office, networking at a <a href="https://githubuniverse.com/?utm_source=Blog&amp;utm_medium=GitHub&amp;utm_campaign=sportech">conference</a>, or escaping for a weekend getaway, our new <a href="https://www.thegithubshop.com/1547139-00-invertocat-miir-laptop-backpack">MiiR Laptop Backpack</a> is the utility player you need, and makes for the perfect addition to our <a href="https://www.thegithubshop.com/shop-by-category/bags-travel">bags</a>. Made with recycled materials, every MiiR product sold also helps fund nonprofit organizations that work to empower communities, while investing in the health of our natural environments.</p>
  294. <h2 id="but-wait-theres-more" id="but-wait-theres-more" >But wait, there&rsquo;s more!<a href="#but-wait-theres-more" class="heading-link pl-2 text-italic text-bold" aria-label="But wait, there&rsquo;s more!"></a></h2>
  295. <p><img loading="lazy" decoding="async" src="https://github.blog/wp-content/uploads/2024/05/image6.jpg?w=1024&#038;resize=1024%2C680" alt="A smiling plush octocat toy is visible in the foreground of the photo, with a man working at a laptop slightly blurry in the background." width="1024" height="680" class="aligncenter size-large wp-image-77962 width-fit" srcset="https://github.blog/wp-content/uploads/2024/05/image6.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2024/05/image6.jpg?w=300 300w, https://github.blog/wp-content/uploads/2024/05/image6.jpg?w=768 768w, https://github.blog/wp-content/uploads/2024/05/image6.jpg?w=1024&#038;resize=1024%2C680 1024w, https://github.blog/wp-content/uploads/2024/05/image6.jpg?w=1536 1536w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  296. <p>Our shop is packed with swag that goes beyond the basics. Free delivery isn&rsquo;t just for our new stuff, it&rsquo;s for everything from <a href="https://www.thegithubshop.com/catalog/product/view/id/66476/s/gh-0008-plush-octocat/category/824/">Mona plushies</a> to <a href="https://www.thegithubshop.com/1542211-00-github-skateboard-deck">skateboards</a>, and yes, those iconic <a href="https://www.thegithubshop.com/shop-by-category/stickers">stickers</a> ready for your laptop. Work from home? Check out our <a href="https://www.thegithubshop.com/catalog/category/view/s/work-from-home-collection/id/6664/">WFH Collection</a> for a little more inspo. Take advantage of our free delivery offer from now until May 20. Happy shopping, team!</p>
  297. </body></html>
  298. <p>The post <a href="https://github.blog/2024-05-13-say-hello-to-the-sportech-collection/">Say hello to the SPORTech collection</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  299. ]]></content:encoded>
  303. <post-id xmlns="com-wordpress:feed-additions:1">77956</post-id> </item>
  304. <item>
  305. <title>GitHub Availability Report: April 2024</title>
  306. <link>https://github.blog/2024-05-10-github-availability-report-april-2024/</link>
  308. <dc:creator><![CDATA[Jakub Oleksy]]></dc:creator>
  309. <pubDate>Fri, 10 May 2024 17:13:01 +0000</pubDate>
  310. <category><![CDATA[Engineering]]></category>
  311. <category><![CDATA[GitHub Availability Report]]></category>
  312. <guid isPermaLink="false">https://github.blog/?p=78018</guid>
  313.  
  314. <description><![CDATA[<p>In April, we experienced four incidents that resulted in degraded performance across GitHub services.</p>
  315. <p>The post <a href="https://github.blog/2024-05-10-github-availability-report-april-2024/">GitHub Availability Report: April 2024</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  316. ]]></description>
  317. <content:encoded><![CDATA[<p>In April, we experienced four incidents that resulted in degraded performance across GitHub services.</p>
  318. <p><strong>April 05 08:11 UTC (lasting 47 minutes)</strong></p>
  319. <p>On April 5, between 8:11 and 8:58 UTC, several GitHub services experienced issues. Web request error rates peaked at 6% and API request error rates peaked at 10%, and over 100,000 GitHub Actions workflows failed to start. The root cause was traced to a change in the database load balancer, which caused connection failures to multiple critical databases in one of our three data centers. We resolved the incident by rolling back the change and have implemented new measures to detect similar problems earlier in the deployment pipeline to minimize user impact moving forward.</p>
  320. <p><strong>April 10 08:18 UTC (lasting 120 minutes)</strong></p>
  321. <p>On April 10, between 8:18 and 9:38 UTC, several services experienced increased error rates due to an overloaded primary database instance caused by an unbounded query. To mitigate the impact, we scaled up the instance and shipped an improved version of the query to run against read replicas. The incident resulted in a 17% failure rate for web-based repository file editing and failure rates between 1.5% and 8% for other repository management operations. Issue and pull request authoring were also heavily impacted, and work is ongoing to remove dependence on the impacted database primary. GitHub search saw a 5% failure rate due to reliance on the impacted primary database when authorizing repository access.</p>
  322. <p><strong>April 10 08:18 UTC (lasting 30 minutes)</strong></p>
  323. <p>On April 10, between 18:33 and 19:03 UTC, several services were degraded due to a compute-intensive database query that prevented a key database cluster from serving other queries. Impact was widespread due to the critical dependency on this cluster’s data. GitHub Actions experienced delays and failures, GitHub API requests had a significant number of timeouts, all GitHub Pages deployments during the incident period failed, and Git Systems saw HTTP 50X error codes for a portion of raw file and repository archive download requests. GitHub Issues also experienced increased latency for creation and updates, and GitHub Codespaces saw timeouts for requests to create and resume a codespace. The incident was mitigated by rolling back the offending query. We have a mechanism to detect similar compute-intensive queries in CI testing, but identified a gap in that coverage and have addressed that to prevent similar issues in the future. In addition, we have implemented improvements to various services to be more resilient to this dependency and to detect and stop deployments with similar regressions.</p>
  324. <p><strong>April 11 08:18 UTC (lasting 3 days, 4 hours, 23 minutes)</strong></p>
  325. <p>Between April 11 and April 14, GitHub.com experienced significant delays (up to two hours) in delivering emails, particularly for time-sensitive emails like password reset and unrecognized device verification. Users without 2FA attempting to sign in on an unrecognized device were unable to complete device verification, and users attempting to reset their password were unable to complete the reset. The delays were caused by increased usage of a shared resource pool, and a separate internal job queue that became unhealthy and prevented the mailer queue from processing. Immediate improvements have been made to better detect and react to similar situations in the future, including a queue-bypass ability for time-sensitive emails and updated methods of detection for anomalous email delivery. The unhealthy job queue has been paused to prevent impact to other queues using shared resources.</p>
  326. <hr />
  327. <p>Please follow our <a href="https://www.githubstatus.com/">status page</a> for real-time updates on status changes and post-incident recaps. To learn more about what we’re working on, check out the <a href="https://github.blog/category/engineering/">GitHub Engineering Blog</a>.</p>
  328. <p>The post <a href="https://github.blog/2024-05-10-github-availability-report-april-2024/">GitHub Availability Report: April 2024</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  329. ]]></content:encoded>
  333. <post-id xmlns="com-wordpress:feed-additions:1">78018</post-id> </item>
  334. <item>
  335. <title>How AI enhances static application security testing (SAST)</title>
  336. <link>https://github.blog/2024-05-09-how-ai-enhances-static-application-security-testing-sast/</link>
  338. <dc:creator><![CDATA[Nicole Choi]]></dc:creator>
  339. <pubDate>Thu, 09 May 2024 16:00:24 +0000</pubDate>
  340. <category><![CDATA[Security]]></category>
  341. <category><![CDATA[AI Insights]]></category>
  342. <category><![CDATA[CodeQL]]></category>
  343. <category><![CDATA[GitHub Advanced Security]]></category>
  344. <category><![CDATA[GitHub Copilot]]></category>
  345. <guid isPermaLink="false">https://github.blog/?p=77987</guid>
  346.  
  347. <description><![CDATA[<p>Here’s how SAST tools combine generative AI with code scanning to help you deliver features faster and keep vulnerabilities out of code. </p>
  348. <p>The post <a href="https://github.blog/2024-05-09-how-ai-enhances-static-application-security-testing-sast/">How AI enhances static application security testing (SAST)</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  349. ]]></description>
  350. <content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
  351. <html><body><p>In <a href="https://github.blog/2023-06-13-survey-reveals-ais-impact-on-the-developer-experience/">a 2023 GitHub survey</a>, developers reported that their top task, second only to writing code (32%), was <strong>finding and fixing security vulnerabilities</strong> (31%).</p>
  352. <p>As their teams &ldquo;shift left&rdquo; and integrate security checks earlier into the software development lifecycle (SDLC), developers have become the first line of defense against vulnerabilities.</p>
  353. <p>Unfortunately, we&rsquo;ve found that &ldquo;shifting left&rdquo; has been more about <a href="https://github.blog/2024-02-06-appsec-is-harder-than-you-think-heres-how-ai-can-help/">shifting the burden of security practices to developers</a>, rather than their benefits. But with AI, there&rsquo;s promise: <a href="https://github.blog/2023-06-13-survey-reveals-ais-impact-on-the-developer-experience/">45% of developers think teams will benefit from using AI to facilitate security reviews</a>. And they&rsquo;re not wrong.</p>
  354. <p>We spoke with <a href="https://github.com/tiferet">Tiferet Gazit</a>, the AI lead for GitHub Advanced Security, and <a href="https://github.com/securingdev">Keith Hoodlet</a>, principal security specialist at GitHub, to discuss security pain points for developers, the value of using an AI-powered security tool, and how AI enhances static application security testing (SAST).</p>
  355. <h2 id="why-are-developers-frustrated-with-security" id="why-are-developers-frustrated-with-security" >Why are developers frustrated with security?<a href="#why-are-developers-frustrated-with-security" class="heading-link pl-2 text-italic text-bold" aria-label="Why are developers frustrated with security?"></a></h2>
  356. <p>Before sharing insights from Gazit and Hoodlet, let&rsquo;s hear from developers directly.</p>
  357. <p>In late 2019, Microsoft&rsquo;s <a href="https://azure.microsoft.com/en-us/solutions/devops/devops-at-microsoft/one-engineering-system/">One Engineering System</a> team sat down with a handful of developers to understand their frustrations with following security and compliance guidelines. Though that was a few years ago, their pain points still resonate today:</p>
  358. <ul>
  359. <li>When conducting security reviews, some <strong>developers are forced to use tools that weren&rsquo;t designed for them</strong>, which negatively impacts their ability to find and address security vulnerabilities.  </li>
  360. <li>Also, the <strong>priority for most developers is to write and review code</strong>. Yet, in the age of shifting left, they&rsquo;re also expected to review, understand, and remediate vulnerabilities as part of their day-to-day responsibilities. </li>
  361. </ul>
  362. <p>When developers execute a program, they have everything they need in a run-time environment. Completing a security review is less straightforward. Often, developers need to <strong>exit their IDEs</strong> to view vulnerability alerts, research vulnerability types online, and then revisit their IDEs to address the vulnerability. This is what we call context-switching, and it can increase cognitive load and decrease productivity.</p>
  363. <p>In short, <strong>security isn&rsquo;t an inherent part of the development process</strong>, and <strong>developers often feel less confident in how secure their code is</strong>.</p>
  364. <p>Without intervention, these frustrations will only increase over time. 75% of enterprise software engineers are expected to use AI coding assistants by 2028, <a href="https://www.gartner.com/en/newsroom/press-releases/2024-04-11-gartner-says-75-percent-of-enterprise-software-engineers-will-use-ai-code-assistants-by-2028">according to Gartner</a>. That means as developers improve their productivity and write more code with AI tools like <a href="https://github.com/features/copilot">GitHub Copilot</a>, there will be even more code to review.</p>
  365. <h2 id="security-experts-are-stretched-thin-too" id="security-experts-are-stretched-thin-too" >Security experts are stretched thin, too<a href="#security-experts-are-stretched-thin-too" class="heading-link pl-2 text-italic text-bold" aria-label="Security experts are stretched thin, too"></a></h2>
  366. <p>It&rsquo;s typically reported that for every 100 developers, there&rsquo;s one security expert who ends up being the last line of defense against vulnerabilities (and is responsible for <a href="https://github.blog/2024-01-05-5-ways-to-make-your-devsecops-strategy-developer-friendly/">setting and enforcing security policies</a>), which is a significant undertaking. While the exact numbers might vary, the ISC2 (International Information System Security Certification Consortium) reported <a href="https://www.isc2.org/Insights/2023/11/ISC2-Cybersecurity-Workforce-Study-Looking-Deeper-into-the-Workforce-Gap">a demand for four million more security professionals</a> in its 2023 workforce study.</p>
  367. <p><strong>While AI doesn&rsquo;t replace security experts</strong>, it can help them augment their knowledge and capabilities, especially when their expertise is in high demand.</p>
  368. <p>&ldquo;AI can help with those code and security reviews to ensure that increased momentum doesn&rsquo;t lead to increased vulnerabilities,&rdquo; Gazit says.</p>
  369. <h2 id="how-ai-enhances-sast-tools" id="how-ai-enhances-sast-tools" >How AI enhances SAST tools<a href="#how-ai-enhances-sast-tools" class="heading-link pl-2 text-italic text-bold" aria-label="How AI enhances SAST tools"></a></h2>
  370. <p>SAST tools aren&rsquo;t the only kind of security tool used by developers, but they&rsquo;re one of the most popular. Let&rsquo;s look at how AI can help SAST tools do their job more efficiently.</p>
  371. <h3 id="increased-vulnerability-detection" id="increased-vulnerability-detection" >Increased vulnerability detection<a href="#increased-vulnerability-detection" class="heading-link pl-2 text-italic text-bold" aria-label="Increased vulnerability detection"></a></h3>
  372. <p>In order for SAST tools to detect vulnerabilities in code, they need to be shown what to look for. So, security experts use a process called modeling to identify points where exploitable user-controlled data enters and flows throughout a codebase. But given how often those components change, modeling popular libraries and frameworks is hard work.</p>
  373. <p>That&rsquo;s where AI comes in.</p>
  374. <p>Security teams are experimenting with <a href="https://github.blog/2023-09-12-codeql-team-uses-ai-to-power-vulnerability-detection-in-code/">AI to model an extensive range of open source frameworks and libraries</a>, improving the teams&rsquo; understanding of what&rsquo;s inside of each software component.</p>
  375. <p>Watch how <a href="https://github.com/nickliffen">Nick Liffen</a>, director of GitHub Advanced Security, and <a href="https://github.com/niroshan">Niroshan Rajadurai</a>, VP of GTM strategy for AI and DevSecOps, show how AI could model unknown packages.</p>
  376. <div class="mod-vh position-relative" style="height: 0; padding-bottom: calc((9 / 16)*100%);">
  377. <iframe loading="lazy" class="position-absolute top-0 left-0 width-full height-full" src="https://www.youtube.com/embed/fv5irk6CNNI?version=3&amp;rel=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;fs=1&amp;hl=en-US&amp;autohide=2&amp;start=1609&amp;wmode=transparent" title="YouTube video player" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0"></iframe>
  378. </div>
  379. <h3 id="contextualized-vulnerabilities-directly-in-a-workspace" id="contextualized-vulnerabilities-directly-in-a-workspace" >Contextualized vulnerabilities directly in a workspace<a href="#contextualized-vulnerabilities-directly-in-a-workspace" class="heading-link pl-2 text-italic text-bold" aria-label="Contextualized vulnerabilities directly in a workspace"></a></h3>
  380. <p><a href="https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/">Code scanning autofix</a> is an example of an AI-powered security feature that combines a SAST tool&mdash;in this case, GitHub&rsquo;s <a href="https://codeql.github.com/">CodeQL</a>&mdash;with the generative AI capabilities of GitHub Copilot.</p>
  381. <aside class="post-aside--small float-sm-right col-sm-5 col-md-6 col-lg-5 my-5 my-sm-2 ml-sm-4 ml-lg-6"><p class="h6-mktg gh-aside-title">RECOMMENDED READING</p><p><a href="https://github.blog/2024-02-12-the-architecture-of-sast-tools-an-explainer-for-developers/">The architecture of SAST tools: An explainer for developers</a></p>
  382. </aside>
  383. <p>With code scanning autofix, developers receive an AI-suggested code fix alongside an alert directly in a pull request. Then, they get a clear explanation of the vulnerability and the fix suggestion, specific to their particular use case. To view and apply autofix suggestions directly in the CLI, they can enable the <a href="https://github.com/github/gh-autofix">GitHub CLI extension</a>.</p>
  384. <p>In its first iteration, code scanning autofix analyzes and suggests fixes in JavaScript, TypeScript, Python, Java, C#, and Go. It can generate a fix for <strong>more than 90% of vulnerability types&mdash;and over two-thirds of those fixes can be merged with little to no edits</strong>. More languages like C++ and Ruby will be supported in the future.</p>
  385. <p>The payoff is that developers can remediate vulnerabilities faster and in their workflows, rather than catching those vulnerabilities later in production.</p>
  386. <div style="width: 1920px;" class="wp-video"><!--[if lt IE 9]><script>document.createElement('video');</script><![endif]-->
  387. <video class="wp-video-shortcode" id="video-77987-1" width="1920" height="1080" preload="metadata" controls="controls"><source type="video/mp4" src="https://github.blog/wp-content/uploads/2024/05/303457375-1a8933c2-9171-4eab-b08f-fc19fd5a3573-1.mp4#t=0.001" /><a href="https://github.blog/wp-content/uploads/2024/05/303457375-1a8933c2-9171-4eab-b08f-fc19fd5a3573-1.mp4#t=0.001">https://github.blog/wp-content/uploads/2024/05/303457375-1a8933c2-9171-4eab-b08f-fc19fd5a3573-1.mp4#t=0.001</a></video></div>
  388. <h3 id="a-fortified-sdlc" id="a-fortified-sdlc" >A fortified SDLC<a href="#a-fortified-sdlc" class="heading-link pl-2 text-italic text-bold" aria-label="A fortified SDLC"></a></h3>
  389. <p>Developers use SAST tools to protect their code throughout the SDLC.</p>
  390. <p>Once developers enable a code scanning solution like CodeQL, the SAST tool will scan your source code, integrating security checks as part of their CI/CD workflow:</p>
  391. <ul>
  392. <li>When you make changes to a codebase and create pull requests on GitHub,  CodeQL will automatically conduct a full scan of your code as if the pull request was merged. It will then alert you if a vulnerability is found in the files changed in the pull request.
  393. <p>That means developers have the ability to continuously monitor the security posture of their source code as modules come together&mdash;even before changes are merged to their main branch. As a result, developers can remediate vulnerabilities right away, in development, and before their code is sent to production.</p>
  394. </li>
  395. <li>
  396. <p>Outside of commits and pull requests, you can also set CodeQL to run at specified times in your GitHub Actions workflow. So, if you want CodeQL to regularly scan your code at specific time intervals, you can schedule that using a GitHub Actions workflow.</p>
  397. </li>
  398. </ul>
  399. <div class="post-content-cta"><p><strong>Are you already using code scanning autofix?</strong></p>
  400. <p><a href="https://github.com/orgs/community/discussions/111094">Share your feedback and ask questions here &gt;</a></p>
  401. </div>
  402. </p><h2 id="see-code-scanning-autofix-in-action" id="see-code-scanning-autofix-in-action" >See code scanning autofix in action<a href="#see-code-scanning-autofix-in-action" class="heading-link pl-2 text-italic text-bold" aria-label="See code scanning autofix in action"></a></h2>
  403. <p>&ldquo;Autofix makes CodeQL friendlier for developers by suggesting a fix and providing contextual explanations of the vulnerability and its remediation,&rdquo; Gazit says. &ldquo;This use of AI lowers the barrier of entry for developers who are tasked with fixing vulnerabilities.&rdquo;</p>
  404. <p>Let&rsquo;s say a bad actor inserts a SQL injection into your application. The SQL injection enters your codebase through a user input field, and if the code comprising the injection exploits unintentional vulnerabilities, then the bad actor gets unauthorized access to sensitive data in your application.</p>
  405. <p>SQL injections are a common type of vulnerability often found with a SAST tool.<br>
  406. Here&rsquo;s a step-by-step look at how code scanning autofix, powered by GitHub Copilot, would detect a SQL injection and then surface it in an alert with an AI-suggested fix.</p>
  407. <p><a href="https://github.blog/wp-content/uploads/2024/05/SAST-tool-diagram.jpeg"><img loading="lazy" decoding="async" src="https://github.blog/wp-content/uploads/2024/05/SAST-tool-diagram.jpeg?w=1024&#038;resize=1024%2C574" alt="a flow chart against a dark background shows a SQL injection entering an application, the steps that GitHub's SAST tool CodeQL takes to trace the injection throughout a code base and generate an alert, and the steps that GitHub Copilot takes to augment that alert with an AI-generated fix and context." width="1024" height="574" class="aligncenter size-large wp-image-77991 width-fit" srcset="https://github.blog/wp-content/uploads/2024/05/SAST-tool-diagram.jpeg?w=1600 1600w, https://github.blog/wp-content/uploads/2024/05/SAST-tool-diagram.jpeg?w=300 300w, https://github.blog/wp-content/uploads/2024/05/SAST-tool-diagram.jpeg?w=768 768w, https://github.blog/wp-content/uploads/2024/05/SAST-tool-diagram.jpeg?w=1024&#038;resize=1024%2C574 1024w, https://github.blog/wp-content/uploads/2024/05/SAST-tool-diagram.jpeg?w=1536 1536w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></a></p>
  408. <p><strong>Step 1: Hunt for vulnerabilities</strong>. Code scanning with CodeQL can be enabled for free on all public repositories and scheduled to run automatically. The scanning process has four main parts, all centered around your source code: tokenization, abstraction, semantic analysis, and taint analysis. <a href="https://github.blog/2024-02-12-the-architecture-of-sast-tools-an-explainer-for-developers/">Here&rsquo;s a detailed breakdown of each of those steps</a>.</p>
  409. <p>In short, tokenizing your source code standardizes it, and that allows CodeQL to analyze it later. Abstracting your source code transforms your lines of code into a hierarchical structure that shows the relationship between those lines of code. Semantic analysis uses that abstraction to understand the meaning of your source code.</p>
  410. <p>Finally, taint analysis looks at the way your source code handles user input data. It identifies data sources (where input data enters the source code), flow steps (where data is passed through the code), sanitizers (functions that make input data safe), and sinks (functions that if called with unsanitized data could cause harm). Advanced SAST tools like CodeQL can evaluate how well input data is sanitized or validated, and decide from there whether to raise the path as a potential vulnerability.</p>
  411. <p><strong>Step 2: Construct a prompt to generate a fix</strong>. For all languages supported by CodeQL, developers will see a SQL injection alert surfaced in a pull request in their repository, along with a natural language description of the vulnerability and contextual documentation. These alerts will also include a suggested fix that developers can accept, edit, or dismiss.</p>
  412. <p>Here&rsquo;s what&rsquo;s included in the prompt, that&rsquo;s sent to GitHub Copilot, to generate the enhanced alert:</p>
  413. <ul>
  414. <li>The initial CodeQL alert and general information about the type of vulnerability detected. This will usually include an example of the vulnerability and how to fix it, extracted from the <a href="https://codeql.github.com/codeql-query-help/">CodeQL query help</a>.
  415. </li>
  416. <li>
  417. <p>Code snippets and line numbers, potentially from multiple source-code files, along the data flow identified during CodeQL&rsquo;s taint analysis. These code snippets signal the places where edits are most likely needed in your source.</p>
  418. </li>
  419. </ul>
  420. <p>To guide the format of GitHub Copilot&rsquo;s response, our machine learning engineers:</p>
  421. <ul>
  422. <li>Constrain GitHub Copilot&rsquo;s underlying model to only edit the code included in the prompt. </li>
  423. <li>Ask the model to generate outputs in Markdown, including a detailed natural language explanation of the vulnerability and the suggested fix.  </li>
  424. <li>Ask for &ldquo;before&rdquo; and &ldquo;after&rdquo; code blocks, demonstrating the snippets that require changes (including some surrounding context lines) and the edits to be made.  </li>
  425. <li>Instruct the model to list any external dependencies used in the fix, such as data sanitization libraries.</li>
  426. </ul>
  427. <p><strong>Step 3: Check for undesirable code</strong>. Code snippets that match or nearly match runs of about 150 characters of public code on GitHub are then filtered from AI-generated coding suggestions. Vulnerable code, and off-topic, harmful, or offensive content are also filtered out.</p>
  428. <p>You can explore the <a href="https://resources.github.com/copilot-trust-center/#ip-os">GitHub Copilot Trust Center</a> to learn more about GitHub Copilot&rsquo;s filters and responsible data handling.</p>
  429. <p><strong>Step 4: Apply finishing touches.</strong> Before developers see GitHub Copilot&rsquo;s suggested fix, a fix generator processes and refines the LLM output to detect and correct any small errors.</p>
  430. <p>The fix generator does this by:</p>
  431. <ul>
  432. <li><strong>Conducting a fuzzy search</strong> to ensure the &ldquo;after&rdquo; code blocks and line numbers, which contain the AI-generated suggested code fixes, match the &ldquo;before&rdquo; code blocks and line numbers. A fuzzy search looks for exact <em>and</em> similar matches between the code blocks, so the fix generator can catch and correct small errors, like those related to indentation, semicolon, or code comment differences between the two code blocks. </li>
  433. <li><strong>Using a parser</strong> to check for syntax errors. </li>
  434. <li><strong>Conducting semantic checks</strong> to evaluate the logic of the AI-suggested code fix. Name-resolution and type checks, for example, help ensure that the suggested code matches and maintains the intention and functionality of the original code.</li>
  435. <li><strong>Verifying any dependencies</strong> suggested by GitHub Copilot. This means locating the relevant configuration file containing information about the project&rsquo;s dependencies to see if the needed dependency already exists in the project. If not, the fix generator verifies that the suggested dependencies exist in the ecosystem&rsquo;s package registry, and checks for known vulnerable or malicious packages. It then adds new and needed dependencies to the configuration file as part of the fix suggestion. </li>
  436. </ul>
  437. <aside class="post-aside--small float-sm-right col-sm-5 col-md-6 col-lg-5 my-5 my-sm-2 ml-sm-4 ml-lg-6"><p class="h6-mktg gh-aside-title">REQUIRED READING</p><p>Gazit&rsquo;s <a href="https://github.blog/2024-02-14-fixing-security-vulnerabilities-with-ai/">engineering deep dive into fixing security vulnerabilities with AI</a></p>
  438. </aside>
  439. <p><strong>Step 5: Explain the vulnerability and suggested fix</strong>. The final step is to surface the CodeQL alert to developers in a pull request. With code scanning autofix, the original CodeQL alert is enhanced with an AI-suggested fix, a natural language explanation of the vulnerability and suggested fix, and a diff patch. Developers can accept the suggested edit as is, refine the suggested edit, or dismiss it.</p>
  440. <p><a href="https://github.blog/wp-content/uploads/2024/05/diagram.jpeg"><img loading="lazy" decoding="async" src="https://github.blog/wp-content/uploads/2024/05/diagram.jpeg?w=1024&#038;resize=1024%2C256" alt="a  flow chart against a dark background details steps that show how a prompt to GitHub Copilot ultimately results in a security alert enhanced with an AI-suggested fix and additional context." width="1024" height="256" class="aligncenter size-large wp-image-77992 width-fit" srcset="https://github.blog/wp-content/uploads/2024/05/diagram.jpeg?w=1600 1600w, https://github.blog/wp-content/uploads/2024/05/diagram.jpeg?w=300 300w, https://github.blog/wp-content/uploads/2024/05/diagram.jpeg?w=768 768w, https://github.blog/wp-content/uploads/2024/05/diagram.jpeg?w=1024&#038;resize=1024%2C256 1024w, https://github.blog/wp-content/uploads/2024/05/diagram.jpeg?w=1536 1536w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></a></p>
  441. <h2 id="how-developers-the-sdlc-and-organizations-benefit-from-ai-powered-sast-tools" id="how-developers-the-sdlc-and-organizations-benefit-from-ai-powered-sast-tools" >How developers, the SDLC, and organizations benefit from AI-powered SAST tools<a href="#how-developers-the-sdlc-and-organizations-benefit-from-ai-powered-sast-tools" class="heading-link pl-2 text-italic text-bold" aria-label="How developers, the SDLC, and organizations benefit from AI-powered SAST tools"></a></h2>
  442. <p>With AI, security checks have the ability to smoothly integrate into a developer&rsquo;s workflow, making security a feature of the SDLC rather than an afterthought dealt with in production. When developers can help secure code more easily in the development phase, the SDLC as a whole is hardened. And when the SDLC is better protected, organizations can focus more on innovation.</p>
  443. <p>&ldquo;When you treat security as a feature of the SDLC, your applications become more robust against increasingly complex attacks, which saves you time and money,&rdquo; Hoodlet says. &ldquo;You can direct those saved costs towards other improvements and experimentation with new features. The result? <strong>Organizations build a reputation for building secure products while freeing up resources for innovation</strong>.&rdquo; Additionally, security teams are free to focus on the strategic initiatives that deserve their expertise.</p>
  444. <p>Organizations that adopt AI-enhanced SAST tools can help developers to feel supported and productive in their security practices, so that developers can:</p>
  445. <ul>
  446. <li><strong>Help secure more code in development</strong>. Just look at the numbers. <a href="https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/">Code scanning autofix powered by GitHub Copilot</a> can generate a fix for more than 90% of vulnerability types detected in your codebase, and more than two-thirds of its suggestions can be merged with little to no edits.
  447. </li>
  448. <li>
  449. <p><strong>Become faster and better at remediating vulnerabilities</strong>. Through code scanning autofix, developers are given natural language explanations about an AI-generated code fix. They&rsquo;re also given a description of the detected vulnerability that&rsquo;s tailored to its detection in a specific codebase, rather than a general one. This specific context helps developers to better understand the nature of a detected vulnerability, why it exists in a codebase, and how to fix it.</p>
  450. </li>
  451. <li>
  452. <p><strong>Receive security guidance directly in their workspace</strong>. Developers receive all the benefits of an AI-enhanced SAST tool directly in a pull request. Unlike traditional security tools, this one is made for them.</p>
  453. </li>
  454. </ul>
  455. <div class="post-content-cta"><p><strong>Looking to secure your organization with the power of AI?</strong></p>
  456. <p><a href="https://resources.github.com/security/sast/">Learn more about SAST</a> or <a href="https://github.com/enterprise/advanced-security">get started today</a>.</p>
  457. </div>
  458. </p></body></html>
  459. <p>The post <a href="https://github.blog/2024-05-09-how-ai-enhances-static-application-security-testing-sast/">How AI enhances static application security testing (SAST)</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  460. ]]></content:encoded>
  464. <post-id xmlns="com-wordpress:feed-additions:1">77987</post-id> </item>
  465. <item>
  466. <title>Just launched: Second cohort of the DPG Open Source Community Manager Program!</title>
  467. <link>https://github.blog/2024-05-08-just-launched-second-cohort-of-the-dpg-open-source-community-manager-program/</link>
  469. <dc:creator><![CDATA[Cynthia Lo]]></dc:creator>
  470. <pubDate>Wed, 08 May 2024 16:07:23 +0000</pubDate>
  471. <category><![CDATA[Community]]></category>
  472. <category><![CDATA[digital public goods]]></category>
  473. <category><![CDATA[open source]]></category>
  474. <category><![CDATA[social impact]]></category>
  475. <guid isPermaLink="false">https://github.blog/?p=77950</guid>
  476.  
  477. <description><![CDATA[<p>Are you looking to have a positive impact in open source development? This program may be for you! Apply by May 30 to join.</p>
  478. <p>The post <a href="https://github.blog/2024-05-08-just-launched-second-cohort-of-the-dpg-open-source-community-manager-program/">Just launched: Second cohort of the DPG Open Source Community Manager Program!</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  479. ]]></description>
  480. <content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
  481. <html><body><p>Are you looking for an opportunity where you can have a positive impact in open source development? Then, our <a href="https://socialimpact.github.com/tech-for-social-good/dpg-open-source-community-manager-program">DPG Open Source Community Manager Program</a> may be for you!</p>
  482. <p>GitHub Social Impact is excited to announce the launch of our second cohort, which has been built on learnings from our<a href="https://github.blog/2023-03-13-introducing-activating-developers-and-the-new-digital-public-goods-open-source-community-manager-program/"> pilot cohort last year</a>. This program is designed to connect community managers who are interested in making a difference with digital public goods (DPGs) that need support with engaging external contributors. The goal is two-fold: to create more opportunities for developers interested in working on open source for good and to unlock resources for DPGs that will allow them to maximize their impact as they tackle critical global challenges. Last year, we had applicants from Kenya, Nigeria, USA, India, Singapore, Ghana, Canada, Philippines, Palau, Pakistan, Togo, Cameroon, South Africa, United Kingdom, Panama, Uganda, Taiwan, Tanzania, Senegal, France, Russia, Turkey, with nine community managers eventually selected. Participants were chosen in partnership with the DPGs based on their interest in open source, eagerness to expand their technical skills, and passion in the social sector. Selected managers went through a virtual training, were partnered with a DPG, and received a badge to add to their GitHub profile. This year, we aim to expand this program to accept three times as many applicants!</p>
  483. <p>Here&rsquo;s what one of our past participants had to say about the program:</p>
  484. <figure class="gh-full-blockquote mx-0 pl-6 mt-6 mt-md-7 mb-7 mb-md-8"><blockquote><p>The Open Source Community Manager Program gave us a chance to learn from the experts on the best practices for running an open source community. Being just a junior developer, I got to see how to utilize GitHub to help me set up a whole open source ecosystem.</p></blockquote><figcaption class="text-mono color-fg-muted f5-mktg mt-3"> - Winnie Mandela, @techmadi</figcaption></figure>
  485. <h2 id="about-dpgs" id="about-dpgs" >About DPGs<a href="#about-dpgs" class="heading-link pl-2 text-italic text-bold" aria-label="About DPGs"></a></h2>
  486. <p><a href="https://socialimpact.github.com/insights/what-are-digital-public-goods-and-DPGA/">DPGs</a> describe open source software, open data, open AI models, open standards, or open content that adhere to the DPG Standard. DPGs may help protect countries from vendor lock-in, facilitate local capacity building, and break down innovation silos by facilitating connection and reuse of existing systems. DPGs range from public health information systems to data gathering mapping tools used by governments and large nonprofit organizations. Last year, seven DPGs were involved in the program including <a href="https://uli.tattle.co.in/">Uli</a>, <a href="https://opentermsarchive.org/">Open Terms Archive</a>, <a href="https://www.chayn.co/">Chayn</a>, <a href="https://openfisca.org/en/">OpenFisca</a>, <a href="https://uwazi.io/">Uwazi</a>, <a href="if-me.org">if-me.org</a>, and <a href="https://socialincome.org/en/int">Social Income</a>.  This year, we are opening the program to even more DPGs and organizations in the process of becoming a DPG.</p>
  487. <h2 id="program-overview" id="program-overview" >Program overview<a href="#program-overview" class="heading-link pl-2 text-italic text-bold" aria-label="Program overview"></a></h2>
  488. <p>GitHub and the DPG&rsquo;s maintainers will screen and select the community managers. Following a free training program GitHub will provide, the community manager is anticipated to work <strong>part-time</strong> for six months with the DPG maintainer. The exact number of working hours will be mutually agreed upon between the community managers and the DPGs.</p>
  489. <p>One community manager will be selected for each DPG, with subject matter expertise heavily considered.  This year we will have a number of DPGs such as <a href="https://www.ushahidi.com/">Ushahidi</a>, an open source software application that utilizes user-generated reports to collate and map data.</p>
  490. <p>In addition to having a positive impact, other program benefits include:</p>
  491. <ul>
  492. <li>There is no cost to participate!</li>
  493. <li>You&rsquo;ll receive free training on community management.</li>
  494. <li>Upon completing the program, you&rsquo;ll receive a GitHub Badge for your profile.</li>
  495. <li>You&rsquo;ll make connections with incredible DPGs and network with other community managers. </li>
  496. </ul>
  497. <h3 id="timeline" id="timeline" >Timeline<a href="#timeline" class="heading-link pl-2 text-italic text-bold" aria-label="Timeline"></a></h3>
  498. <ul>
  499. <li>May 8&mdash;Application opens</li>
  500. <li>May 30&mdash;Application closes</li>
  501. <li>June 7&mdash;All applicants notified</li>
  502. <li>June 17&mdash;Community manager training begins</li>
  503. <li>August 5&mdash;Project matching with DPG and community manager begins</li>
  504. <li>December 9&mdash;Program wrap-up </li>
  505. </ul>
  506. <h2 id="application-for-community-managers" id="application-for-community-managers" >Application for community managers<a href="#application-for-community-managers" class="heading-link pl-2 text-italic text-bold" aria-label="Application for community managers"></a></h2>
  507. <p>We encourage applicants from all backgrounds and experience levels to apply. Past participants are also welcome to apply again this year. We&rsquo;ll focus on applicants with:</p>
  508. <ul>
  509. <li>Exposure to or an interest in open source software development for nonprofits and the social sector.</li>
  510. <li>Knowledge of working with Git/GitHub. </li>
  511. <li>Strong communicator in written, verbal, and spoken English.</li>
  512. <li>Excellent facilitation skills and the ability to encourage participation.</li>
  513. <li>Strong organizational and problem-solving skills.</li>
  514. <li>Experience working in the social sector, such as for the United Nations, an INGO, or another nonprofit organization that is aligned with the <a href="https://sdgs.un.org/goals">Sustainable Development Goals</a>.</li>
  515. <li>Collaborative spirit; enjoys working with diverse and global teams.</li>
  516. </ul>
  517. <p><em>Note that all applicants must agree to the <a href="https://docs.google.com/document/d/1zCzEnKpqAshKHGaj6VXzz786sDbE17jKRwbdh2N__gg/preview">application terms and conditions</a>.</em></p>
  518. <div class="post-content-cta"><p><strong><a href="https://docs.google.com/forms/d/e/1FAIpQLSfpoLnhsWEtFm1bYvYbhyX9r3oX42EskxXOWAJl6xzCpvjFDQ/viewform?usp=sf_link">Apply here</a> by May 30</strong>.</p>
  519. </div>
  520. <p>Please <a href="https://support.github.com/contact/social-impact">write to us</a> if you have any questions.</p>
  521. </body></html>
  522. <p>The post <a href="https://github.blog/2024-05-08-just-launched-second-cohort-of-the-dpg-open-source-community-manager-program/">Just launched: Second cohort of the DPG Open Source Community Manager Program!</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  523. ]]></content:encoded>
  527. <post-id xmlns="com-wordpress:feed-additions:1">77950</post-id> </item>
  528. <item>
  529. <title>How we’re building more inclusive and accessible components at GitHub</title>
  530. <link>https://github.blog/2024-05-07-how-were-building-more-inclusive-and-accessible-components-at-github/</link>
  532. <dc:creator><![CDATA[Eric Bailey]]></dc:creator>
  533. <pubDate>Tue, 07 May 2024 17:00:20 +0000</pubDate>
  534. <category><![CDATA[Product]]></category>
  535. <category><![CDATA[accessibility]]></category>
  536. <category><![CDATA[GitHub Issues]]></category>
  537. <category><![CDATA[Global Accessibility Awareness Day]]></category>
  538. <guid isPermaLink="false">https://github.blog/?p=77929</guid>
  539.  
  540. <description><![CDATA[<p>We've made improvements to the way users of assistive technology can interact with and navigate lists of issues and pull requests and tables across GitHub.com.</p>
  541. <p>The post <a href="https://github.blog/2024-05-07-how-were-building-more-inclusive-and-accessible-components-at-github/">How we’re building more inclusive and accessible components at GitHub</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  542. ]]></description>
  543. <content:encoded><![CDATA[<p>One of GitHub’s core values is <strong>Diverse and Inclusive</strong>. It is a guiding thought for how we operate, reminding us that GitHub serves a developer community that spans a wide range of geography and ability.</p>
  544. <p>Putting diversity and inclusivity into practice means incorporating a wide range of perspectives into our work. To that point, <strong>disability and accessibility</strong> are an integral part of our efforts.</p>
  545. <p>This consideration has been instrumental in crafting <a href="https://primer.style/">resilient, accessible components</a> at GitHub. These components, in turn, help to guarantee that our experiences work regardless how they are interacted with.</p>
  546. <p>Using GitHub should be efficient and intuitive, regardless of your device, circumstance, or ability. To that point, we have been working on improving the accessibility of our lists of issues and pull requests, as well as our information tables.</p>
  547. <p>Our list of issues and pull requests are some of the most high-traffic experiences we have on GitHub. For many, it is the “homepage” of their open source projects, a jumping off point for conducting and managing work.</p>
  548. <p>Our tables help to communicate, and facilitate taking action with confidence on complicated information relationships. These experiences are workhorses, helping to communicate information about branches, repositories, secrets, attestations, configurations, internal documentation, etc.</p>
  549. <h2 id="nothing-about-us-without-us">Nothing about us without us<a href="#nothing-about-us-without-us" class="heading-link pl-2 text-italic text-bold" aria-label="Nothing about us without us"></a></h2>
  550. <p>Before we discuss the particulars of these updates, I would like to call attention to the most important aspect of the work: <strong>direct participation of, and input from daily assistive technology users</strong>.</p>
  551. <p>Disabled people’s direct involvement in the inception, design, and development stages is indispensable. It&#8217;s crucial for us to <a href="https://adhoc.team/playbook-accessibility/">go beyond compliance</a> and weave these practices into the core of our organization. Only by doing so can we create genuinely inclusive experiences.</p>
  552. <p>With this context established, we can now talk about how this process manifests in component work.</p>
  553. <h2 id="improvements-were-making-to-lists-of-issues-and-pull-requests">Improvements we&#8217;re making to lists of issues and pull requests<a href="#improvements-were-making-to-lists-of-issues-and-pull-requests" class="heading-link pl-2 text-italic text-bold" aria-label="Improvements we&#8217;re making to lists of issues and pull requests"></a></h2>
  554. <p><img loading="lazy" decoding="async" class="aligncenter size-large wp-image-77932 width-fit" src="https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=1024&#038;resize=1024%2C543" alt="A list of nine GitHub issues. The issues topics are a blend of list component work and general maintenance tasks. Each issue has a checkbox for selecting it, a status icon indicating that it is an open issue, a title, metadata about its issue number, author, creation date, and source repository. These issues also have secondary information including labels, tallies for linked pull requests and comments, avatars for issue assignees, and overflow actions. Additionally, some issues have a small badge that indicates the number of tasks the issue contains, as well as how many of them are completed. Above the list of issues is an area that lists the total number of issues, allows you to select them all, control how they are sorted, change the information display density, and additional overflow actions." width="1024" height="543" srcset="https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=2528 2528w, https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=300 300w, https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=768 768w, https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=1024&#038;resize=1024%2C543 1024w, https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=1536 1536w, https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=2048 2048w, https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=1600 1600w, https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=800 800w, https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=400 400w, https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=1032 1032w, https://github.blog/wp-content/uploads/2024/05/example-listview.png?w=516 516w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  555. <p>Lists of issues and pull requests will continue to support methods of navigation via assistive technology that you may already be familiar with—making experiences consistent and predictable is a huge and often overlooked aspect of the work.</p>
  556. <p>In addition, these lists will soon be updated to also have:</p>
  557. <ul>
  558. <li>A dedicated subheading for quickly navigating to the list itself.</li>
  559. <li>A dedicated subheading per issue or pull request.</li>
  560. <li><a href="https://www.nvaccess.org/files/nvda/documentation/userGuide.html#SingleLetterNavigation">List and list item screen reader keyboard shortcut</a> support.</li>
  561. <li>Arrow keys and <kbd>Home</kbd>/<kbd>End</kbd> to quickly move through each list item.</li>
  562. <li>Focus management that allows using <kbd>Tab</kbd> to explore individual list item content.</li>
  563. <li>Support for <kbd>Space</kbd> keypresses for selecting list items, and <kbd>Enter</kbd> for navigating to the issue or pull request the list item links to.</li>
  564. </ul>
  565. <p>This allows a wide range of assistive technologies to efficiently navigate, and act on these experiences.</p>
  566. <h2 id="improvements-were-making-to-tables">Improvements we&#8217;re making to tables<a href="#improvements-were-making-to-tables" class="heading-link pl-2 text-italic text-bold" aria-label="Improvements we&#8217;re making to tables"></a></h2>
  567. <p><img loading="lazy" decoding="async" class="aligncenter size-large wp-image-77933 width-fit" src="https://github.blog/wp-content/uploads/2024/05/example-datatable.png?w=1024&#038;resize=1024%2C431" alt="A table titled, ‘Active branches’. It has five columns and 7 rows. The columns are titled ‘branches’, ‘updated’, ‘check status’, ‘behind/ahead’, ‘pull request’, and ‘actions’. Each row lists a branch name and its associated metadata. The branch names use a GitHub user name/feature name pattern. The user names include people who worked on the table component, including Mike Perrotti, Josh Black, Eric Bailey, and James Scholes. They also include couple of subtle references to disability advocates Alice Wong and Patty Berne. The branches are sorted by last updated order, and after the table is a link titled, ‘View more branches’." width="1024" height="431" srcset="https://github.blog/wp-content/uploads/2024/05/example-datatable.png?w=2318 2318w, https://github.blog/wp-content/uploads/2024/05/example-datatable.png?w=300 300w, https://github.blog/wp-content/uploads/2024/05/example-datatable.png?w=768 768w, https://github.blog/wp-content/uploads/2024/05/example-datatable.png?w=1024&#038;resize=1024%2C431 1024w, https://github.blog/wp-content/uploads/2024/05/example-datatable.png?w=1536 1536w, https://github.blog/wp-content/uploads/2024/05/example-datatable.png?w=2048 2048w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></p>
  568. <p>We are in the process of replacing one-off table implementations with <a href="https://primer.style/components/data-table">a dedicated Primer component</a>.</p>
  569. <p>Primer-derived tables help provide <strong>consistency and predictability</strong>. This is important for <a href="https://www.freedomscientific.com/SurfsUp/Tables.htm">expected table navigation</a>, but also applies for other table-related experiences, such as loading content, sorting and pagination requests, and bulk and row-level actions.</p>
  570. <p>At the time of this blog post’s publishing, there are 75 bespoke tables that have been replaced with the Primer component, spread across all of GitHub.</p>
  571. <p>The reason for this quiet success has been due entirely to close collaboration with both our disabled partners and <a href="https://primer.style/about">our design system experts</a>. This collaboration helped to ensure:</p>
  572. <ol>
  573. <li>The new table experiences were seamlessly integrated.</li>
  574. <li>Doing so, improved and enhanced the underlying assistive technology experience.</li>
  575. </ol>
  576. <h2 id="progress-over-perfection">Progress over perfection<a href="#progress-over-perfection" class="heading-link pl-2 text-italic text-bold" aria-label="Progress over perfection"></a></h2>
  577. <p>Meryl K. Evans’ <a href="https://meryl.net/accessibility-progress-over-perfection/">Progress Over Perfection</a> philosophy heavily influenced how we approached this work.</p>
  578. <p><strong>Accessibility is never done</strong>. Part of our dedication to this work is understanding that it will grow and change to meet the needs of the people who rely on it. This means making positive, iterative change <a href="https://github.com/orgs/community/discussions/categories/accessibility">based on feedback from the community</a> GitHub serves.</p>
  579. <h2 id="more-to-come">More to come<a href="#more-to-come" class="heading-link pl-2 text-italic text-bold" aria-label="More to come"></a></h2>
  580. <p>Tables will continue to be updated, and the lists should be released publicly soon. Beyond that, we’re excited about the changes we’re making to improve GitHub’s accessibility. This includes both our services and also <a href="https://github.blog/2024-05-01-empowering-accessibility-githubs-journey-building-an-in-house-champions-program/">our internal culture</a>.</p>
  581. <p>We hope that these components, and the process that led to their creation, help you as both part of our developer community and as people who build the world’s software.</p>
  582. <div class="post-content-cta"><p>Please visit <a href="https://accessibility.github.com/">accessibility.github.com</a> to learn more and share feedback on our <a href="https://github.com/orgs/community/discussions/categories/accessibility">accessibility community discussion page</a>.</p>
  583. </div>
  584. <p>The post <a href="https://github.blog/2024-05-07-how-were-building-more-inclusive-and-accessible-components-at-github/">How we’re building more inclusive and accessible components at GitHub</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  585. ]]></content:encoded>
  589. <post-id xmlns="com-wordpress:feed-additions:1">77929</post-id> </item>
  590. <item>
  591. <title>GitHub Copilot Chat in GitHub Mobile is now generally available</title>
  592. <link>https://github.blog/2024-05-07-github-copilot-chat-in-github-mobile/</link>
  594. <dc:creator><![CDATA[Mario Rodriguez]]></dc:creator>
  595. <pubDate>Tue, 07 May 2024 16:00:04 +0000</pubDate>
  596. <category><![CDATA[Product]]></category>
  597. <category><![CDATA[generative AI]]></category>
  598. <category><![CDATA[GitHub Copilot]]></category>
  599. <category><![CDATA[GitHub Copilot Chat]]></category>
  600. <category><![CDATA[GitHub Mobile]]></category>
  601. <guid isPermaLink="false">https://github.blog/?p=77910</guid>
  602.  
  603. <description><![CDATA[<p>With GitHub Copilot Chat in GitHub Mobile, developers can collaborate, ask coding questions, and gain insights into both public and private repositories anywhere, anytime–all in natural language for users on all GitHub Copilot plans.</p>
  604. <p>The post <a href="https://github.blog/2024-05-07-github-copilot-chat-in-github-mobile/">GitHub Copilot Chat in GitHub Mobile is now generally available</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  605. ]]></description>
  606. <content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
  607. <html><body><p>Developers are constantly coming up with new ideas, exploring new skills, and collaborating with other developers on work and personal projects. At GitHub, we understand that all this collaboration doesn&rsquo;t always happen from behind desks and computers. Developers increasingly use their mobile devices to learn, understand, and perform important tasks in the software development process. Today, we&rsquo;re making that easier than ever, empowering developers to build in natural language wherever they may be, with the general availability of GitHub Copilot Chat for GitHub Mobile.</p>
  608. <p>With GitHub Copilot Chat natively integrated with GitHub Mobile, developers can access their AI coding assistant to get answers for all their coding questions, or even repositories and knowledge bases, from anywhere they use mobile devices.</p>
  609. <p><img loading="lazy" decoding="async" src="https://github.blog/wp-content/uploads/2024/05/Tech-Crunch-Blog-Asset-2.png?w=558&#038;resize=558%2C1024" alt="GitHub Copilot Chat in GitHub Mobile suggesting code" width="558" height="1024" class="aligncenter size-large wp-image-77921 width-fit" srcset="https://github.blog/wp-content/uploads/2024/05/Tech-Crunch-Blog-Asset-2.png?w=840 840w, https://github.blog/wp-content/uploads/2024/05/Tech-Crunch-Blog-Asset-2.png?w=163 163w, https://github.blog/wp-content/uploads/2024/05/Tech-Crunch-Blog-Asset-2.png?w=768 768w, https://github.blog/wp-content/uploads/2024/05/Tech-Crunch-Blog-Asset-2.png?w=558&#038;resize=558%2C1024 558w, https://github.blog/wp-content/uploads/2024/05/Tech-Crunch-Blog-Asset-2.png?w=837 837w" sizes="(max-width: 558px) 100vw, 558px" data-recalc-dims="1" /></p>
  610. <p>By enabling every developer to build and understand code on the go with GitHub Copilot Chat, we will turn the use of natural language into an effective and default part of the coding process. This means lowering barriers to entry and democratizing access to a career in software development&ndash;a win for aspiring developers everywhere and a win for a world that increasingly relies on software to push progress forward. Whether a developer needs help understanding a block of code that a colleague wrote, or wants to learn a new framework, GitHub Copilot Chat is there to help.</p>
  611. <h2 id="what-can-you-do-with-github-copilot-chat" id="what-can-you-do-with-github-copilot-chat" >What can you do with GitHub Copilot Chat?<a href="#what-can-you-do-with-github-copilot-chat" class="heading-link pl-2 text-italic text-bold" aria-label="What can you do with GitHub Copilot Chat?"></a></h2>
  612. <p>GitHub Copilot Chat, a cornerstone of the GitHub Copilot experience, has already helped engineering organizations <a href="https://github.blog/2024-02-27-github-copilot-enterprise-is-now-generally-available/">increase productivity</a> by guiding developers through unfamiliar codebases, breaking down complex coding concepts, and so much more&ndash;all in <a href="https://github.blog/2023-12-29-github-copilot-chat-now-generally-available-for-organizations-and-individuals/">natural language</a>. Built specifically for developer scenarios, GitHub Copilot Chat offers personalized assistance to help development teams and individuals get quick answers to a wide variety of coding questions. Developers can also engage in conversations with the top 100,000+ public repositories, enabling them to deepen their understanding of various coding practices and techniques.</p>
  613. <div class="mod-vh position-relative" style="height: 0; padding-bottom: calc((9 / 16)*100%);">
  614. <iframe loading="lazy" class="position-absolute top-0 left-0 width-full height-full" src="https://www.youtube.com/embed/LGoPXRYgB6s?version=3&amp;rel=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;fs=1&amp;hl=en-US&amp;autohide=2&amp;wmode=transparent" title="YouTube video player" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0"></iframe>
  615. </div>
  616. <h2 id="customized-in-github-copilot-enterprise" id="customized-in-github-copilot-enterprise" >Customized in GitHub Copilot Enterprise<a href="#customized-in-github-copilot-enterprise" class="heading-link pl-2 text-italic text-bold" aria-label="Customized in GitHub Copilot Enterprise"></a></h2>
  617. <p>At <a href="https://github.blog/2023-11-08-universe-2023-copilot-transforms-github-into-the-ai-powered-developer-platform/">Universe 2023</a>, we announced that with GitHub Copilot Chat, we&rsquo;re enabling the rise of natural language as the new universal programming language for every developer on the planet. By bringing the AI coding assistant to mobile phones, by far one of the <a href="https://www.statista.com/topics/840/smartphones/#topicOverview">most commonly used</a> computing devices in the world, we&rsquo;re continuing to deliver on that promise. With GitHub Copilot Enterprise, we&rsquo;re also customizing GitHub Copilot with the context of an organization&rsquo;s codebase. Now, that customization extends to mobile.</p>
  618. <p>For organizations using GitHub Copilot Enterprise, developers can direct GitHub Copilot to their organization&rsquo;s private repositories and ask questions including: &ldquo;<em>What does this code snippet mean?</em>&rdquo; or &ldquo;<em>how often was this function used in the project?</em>&rdquo; This places organizational knowledge directly at their fingertips. Instead of spending hours searching through documentation, developers can simply ask GitHub Copilot to find the information they need and immediately start building&ndash;whether from their computer or mobile device. This empowers teams of developers to innovate faster and express their full creativity in a world of work that is not always confined to an office, or even a desk.</p>
  619. <aside class="p-4 p-md-6 post-aside--large"><p class="h5-mktg gh-aside-title">Getting started with GitHub Copilot Chat in GitHub Mobile</p><p><strong>Individuals:</strong></p>
  620. <p>Getting started with GitHub Copilot Chat in GitHub Mobile is easy with a GitHub Copilot Individual plan:</p>
  621. <ol>
  622. <li><strong>Download the GitHub mobile app</strong> from your device&rsquo;s<a href="https://github.com/mobile"> app store. </a></li>
  623. <li><strong>Log in </strong>or <strong>sign up</strong> for a GitHub account.</li>
  624. <li><strong>Check your GitHub Copilot license status:</strong></li>
  625. <ol>
  626. <li>If you have a GitHub Copilot Individual license, GitHub Copilot Chat is enabled by default, allowing you to start using it right away.</li>
  627. <li>Those who don&rsquo;t have a GitHub Copilot license yet can purchase one directly through the app. This grants access to GitHub Copilot Chat in GitHub Mobile and unlocks other powerful <a href="https://docs.github.com/copilot/copilot-individual/about-github-copilot-individual">features</a> like real-time code suggestions and unlimited chat interactions in the IDE, GitHub Copilot in the CLI, and more.</li>
  628. </ol>
  629. </ol>
  630. <p>If you are assigned a GitHub Copilot Business or GitHub Copilot Enterprise license through your organization, ask your administrator to enable GitHub Copilot Chat in GitHub Mobile.</p>
  631. <p><strong>Enterprise or organization admins:</strong></p>
  632. <p>Enterprise and organization administrators for companies using GitHub Copilot Business or GitHub Copilot Enterprise can offer access to this functionality to their development teams by enabling it in Copilot settings. Admins can find the GitHub Copilot settings by going to their organization&rsquo;s settings page and clicking on the &ldquo;Copilot&rdquo; tab.</p>
  633. </aside>
  634. </p><h2 id="making-github-copilot-ubiquitous-wherever-the-developer-is" id="making-github-copilot-ubiquitous-wherever-the-developer-is" >Making GitHub Copilot ubiquitous wherever the developer is<a href="#making-github-copilot-ubiquitous-wherever-the-developer-is" class="heading-link pl-2 text-italic text-bold" aria-label="Making GitHub Copilot ubiquitous wherever the developer is"></a></h2>
  635. <p>Making GitHub Copilot Chat generally available for GitHub Mobile is the latest example of how we&rsquo;re empowering developers with AI throughout the entire development lifecycle. When we brought GitHub Copilot to the world with code completion, we immediately began optimizing it for a variety of editors, including Visual Studio, Visual Studio Code, and the JetBrains suite of IDEs. Then, we launched GitHub Copilot Chat, now deeply integrated into GitHub&rsquo;s surfaces and the command line interface, and personalized to an organization&rsquo;s codebase. We also brought GitHub Copilot to pull requests, and launched <a href="https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/">code scanning autofix</a> powered by GitHub Copilot and CodeQL to help secure the world&rsquo;s code in realtime. And with GitHub <a href="https://github.blog/2024-04-29-github-copilot-workspace/">Copilot Workspace</a>, we&rsquo;re meeting developers at the issue and delivering a new Copilot-native environment where you can go from idea to code in natural language.</p>
  636. <p>Looking ahead, we&rsquo;ll continue to infuse Copilot across the GitHub platform to lower barriers and empower 1 billion developers to achieve their full potential with code&ndash;even when they&rsquo;re on the go.</p>
  637. <div class="post-content-cta"><p><strong>We want to hear from you.</strong></p>
  638. <p>We value your feedback to enhance the GitHub Copilot experience. Join the conversation by visiting <a href="https://github.com/orgs/community/discussions/categories/mobile">our community</a> forum and help us shape the future of GitHub Copilot Chat in GitHub Mobile.</p>
  639. </div>
  640. </p></body></html>
  641. <p>The post <a href="https://github.blog/2024-05-07-github-copilot-chat-in-github-mobile/">GitHub Copilot Chat in GitHub Mobile is now generally available</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
  642. ]]></content:encoded>
  646. <post-id xmlns="com-wordpress:feed-additions:1">77910</post-id> </item>
  647. </channel>
  648. </rss>
  649.  

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

  1. Download the "valid RSS" banner.

  2. Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)

  3. Add this HTML to your page (change the image src attribute if necessary):

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=https%3A//github.blog/feed/

Home · About · News · Docs · Terms

 
Copyright © 2002-9 Sam Ruby, Mark Pilgrim, Joseph Walton, and Phil Ringnalda