FEED Validator

for Atom and RSS and KML

Congratulations!

This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

line 30, column 0: Use of unknown namespace: com-wordpress:feed-additions:1 (11 occurrences) [help]
```
<site xmlns="com-wordpress:feed-additions:1">153214340</site>	<item>
```
line 45, column 0: content:encoded should not contain html tag (10 occurrences) [help]
```
<html><body><p>Picture this: you walk into a grocery store and nothing makes ...
```
line 45, column 0: content:encoded should not contain body tag (10 occurrences) [help]
```
<html><body><p>Picture this: you walk into a grocery store and nothing makes ...
```
line 88, column 0: content:encoded should not contain iframe tag (2 occurrences) [help]
```
<iframe title="A deep dive into the GitHub MCP registry | GitHub Checkout" w ...
```
line 662, column 0: content:encoded should not contain data-recalc-dims attribute (25 occurrences) [help]
```
<figure class="wp-block-image size-large"><img data-recalc-dims="1" fetchpri ...
```
line 662, column 0: content:encoded should not contain fetchpriority attribute [help]
```
<figure class="wp-block-image size-large"><img data-recalc-dims="1" fetchpri ...
```
line 662, column 0: content:encoded should not contain decoding attribute (25 occurrences) [help]
```
<figure class="wp-block-image size-large"><img data-recalc-dims="1" fetchpri ...
```
line 662, column 0: content:encoded should not contain sizes attribute (24 occurrences) [help]
```
<figure class="wp-block-image size-large"><img data-recalc-dims="1" fetchpri ...
```
line 892, column 0: content:encoded should not contain data-color-mode attribute (5 occurrences) [help]
```
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="ligh ...
```
line 892, column 0: content:encoded should not contain data-dark-theme attribute (5 occurrences) [help]
```
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="ligh ...
```
line 892, column 0: content:encoded should not contain data-light-theme attribute (5 occurrences) [help]
```
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="ligh ...
```
line 952, column 0: content:encoded should not contain loading attribute (23 occurrences) [help]
```
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading= ...
```

line 960, column 0: Non-html tag: svg (33 occurrences) [help]

<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23. ...

line 1192, column 0: content:encoded should not contain controls attribute [help]

<figure class="wp-block-video"><video autoplay controls loop muted src="http ...

line 1192, column 0: content:encoded should not contain muted attribute [help]

<figure class="wp-block-video"><video autoplay controls loop muted src="http ...

line 1994, column 0: style attribute contains potentially dangerous content: margin-top:var(--wp--preset--spacing--40);margin-bottom:var(--wp--preset--spacing--40) (2 occurrences) [help]
```
<p class="purple-text text-gradient-purple-coral" style="margin-top:var(--wp ...
```

Source: https://github.blog/feed/

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>The GitHub Blog</title>
<atom:link href="https://github.blog/feed/" rel="self" type="application/rss+xml" />
<link>https://github.blog/</link>
<description>Updates, ideas, and inspiration from GitHub to help developers build and design software.</description>
<lastBuildDate>Thu, 23 Oct 2025 20:53:49 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>
hourly </sy:updatePeriod>
<sy:updateFrequency>
1 </sy:updateFrequency>
<generator>https://wordpress.org/?v=6.8.3</generator>
<image>
<url>https://github.blog/wp-content/uploads/2019/01/cropped-github-favicon-512.png?fit=32%2C32</url>
<title>The GitHub Blog</title>
<link>https://github.blog/</link>
<width>32</width>
<height>32</height>
</image>
<site xmlns="com-wordpress:feed-additions:1">153214340</site> <item>
<title>How to find, install, and manage MCP servers with the GitHub MCP Registry</title>
<link>https://github.blog/ai-and-ml/generative-ai/how-to-find-install-and-manage-mcp-servers-with-the-github-mcp-registry/</link>
<dc:creator><![CDATA[Andrea Griffiths]]></dc:creator>
<pubDate>Fri, 24 Oct 2025 16:00:00 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[Generative AI]]></category>
<category><![CDATA[MCP]]></category>
<guid isPermaLink="false">https://github.blog/?p=91673</guid>
<description><![CDATA[<p>Learn how to bring structure and security to your AI ecosystem with the GitHub MCP Registry, the single source of truth for managing and governing MCP servers.</p>
<p>The post <a href="https://github.blog/ai-and-ml/generative-ai/how-to-find-install-and-manage-mcp-servers-with-the-github-mcp-registry/">How to find, install, and manage MCP servers with the GitHub MCP Registry</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Picture this: you walk into a grocery store and nothing makes sense. The cereal is scattered across three aisles. The milk is hiding in some random cooler near self-checkout. And those produce labels? They haven’t been updated in months.</p>
<p>That’s exactly what discovering Model Context Protocol (MCP) servers felt like. Until now.</p>
<p>As a refresher, <a href="https://github.blog/ai-and-ml/llms/what-the-heck-is-mcp-and-why-is-everyone-talking-about-it/">MCP is how developers connect tools, APIs, and workflows to their AI systems</a>. Each MCP server is like an ingredient in your AI stack, whether it’s Playwright for browser automation, Notion for knowledge access, or GitHub’s own MCP server with over a hundred tools. </p>
<p>The new <a href="https://github.blog/ai-and-ml/github-copilot/meet-the-github-mcp-registry-the-fastest-way-to-discover-mcp-servers/">GitHub MCP Registry</a> changes everything by giving you a single, canonical source for discovering, installing, and managing MCP servers right on GitHub.</p>
<p>Here’s what you need to know about finding the right tools for your AI stack, publishing your own servers, and setting up governance for your team.</p>
<p>In this blog, we’ll walk through how to:</p>
<ul class="wp-block-list">
<li>Install an MCP server</li>
<li>Publish your own</li>
<li>Enable governance and team use</li>
</ul>
<p>We’ll also share a few tips and tricks for power users. Let’s go!</p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe title="A deep dive into the GitHub MCP registry | GitHub Checkout" width="500" height="281" src="https://www.youtube.com/embed/wm1yjcTk50w?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<h2 class="wp-block-heading" id="h-what-s-in-the-registry-today">What’s in the registry today</h2>
<p>Currently, the <a href="https://github.com/mcp">GitHub MCP Registry</a> has <strong>44 MCP servers</strong>, including:</p>
<ul class="wp-block-list">
<li><strong>Playwright</strong>: Automate and test web apps.</li>
<li><strong>GitHub MCP server</strong>: Access 100+ GitHub API tools.</li>
<li><strong>Context7</strong>, <strong>MarkItDown</strong> (Microsoft), <strong>Terraform</strong> (HashiCorp).</li>
<li>Partner servers from <strong>Notion, Unity, Firecrawl, Stripe,</strong> and more.</li>
</ul>
<p>You can browse by tags, popularity, or GitHub stars to find the tools you need.</p>
<h2 class="wp-block-heading" id="h-how-to-install-an-mcp-server">How to install an MCP server</h2>
<p>The registry makes installation a one-click experience in <strong>VS Code</strong> or <strong>VS Code Insiders</strong>.</p>
<h3 class="wp-block-heading" id="h-example-installing-playwright">Example: Installing Playwright</h3>
<ol class="wp-block-list">
<li>Navigate to Playwright MCP server in the GitHub MCP Registry.</li>
<li>Click <strong>Install in VS Code</strong>.</li>
<li>VS Code launches with a pre-filled configuration.</li>
<li>Accept or adjust optional parameters (like storage paths).</li>
</ol>
<p>That’s it. You’re ready to use Playwright in your agentic workflows.</p>
<p>✅ <strong>Pro tip:</strong> Remote MCP servers (like GitHub’s) use OAuth during install so you don’t need to manually handle tokens or secrets. Just authenticate once and start building.</p>
<h2 class="wp-block-heading" id="h-how-to-publish-your-own-mcp-server">How to publish your own MCP server</h2>
<h3 class="wp-block-heading" id="h-1-install-the-mcp-publisher-cli">1. Install the MCP Publisher CLI</h3>
<ul class="wp-block-list">
<li>macOS/Linux/WSL (Homebrew, recommended):</li>
</ul>
<pre class="wp-block-code"><code>brew install mcp-publisher</code></pre>
<ul class="wp-block-list">
<li>macOS/Linux/WSL (prebuilt binary, latest version):</li>
</ul>
<pre class="wp-block-code"><code>"https://github.com/modelcontextprotocol/registry/releases/download/latest/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher && sudo mv mcp-publisher /usr/local/bin/</code></pre>
<h3 class="wp-block-heading" id="h-2-initialize-your-server-json-file">2. Initialize your <code>server.json</code> file</h3>
<p>Navigate to your server’s source directory and run:</p>
<pre class="wp-block-code"><code>cd /path/to/your/mcp-server
mcp-publisher init</code></pre>
<p>This creates a <code>server.json</code> file. Example:</p>
<pre class="wp-block-code"><code>{
"$schema": "https://static.modelcontextprotocol.io/schemas/2025-09-29/server.schema.json",
"name": "io.github.yourname/your-server",
"title": "Describe Your Server",
"description": "A description of your MCP server",
"version": "1.0.0",
"packages": [
{
"registryType": "npm",
"identifier": "your-package-name",
"version": "1.0.0",
"transport": { "type": "stdio" }
}
]
}</code></pre>
<h3 class="wp-block-heading" id="3-prove-you-own-the-package">3. Prove you own the package</h3>
<p>Add the required metadata for your package type.</p>
<ul class="wp-block-list">
<li><strong>NPM:</strong> Add an <code>"mcpName"</code> field to your <code>package.json</code>:</li>
</ul>
<pre class="wp-block-code language-plaintext"><code>{
"name": "your-npm-package",
"mcpName": "io.github.username/server-name"
}</code></pre>
<ul class="wp-block-list">
<li><strong>PyPI/NuGet:</strong> Add this to your README:</li>
</ul>
<pre class="wp-block-code language-plaintext"><code>mcp-name: io.github.username/server-name</code></pre>
<ul class="wp-block-list">
<li><strong>Docker:</strong> Add a label to your Dockerfile:</li>
</ul>
<pre class="wp-block-code language-plaintext"><code>LABEL io.modelcontextprotocol.server.name="io.github.username/server-name"</code></pre>
<h3 class="wp-block-heading" id="4-authentication">4. Authentication</h3>
<ul class="wp-block-list">
<li>For GitHub-based namespaces (<code>io.github.*</code>), run:</li>
</ul>
<pre class="wp-block-code"><code>mcp-publisher login github</code></pre>
<p> This will open a browser for OAuth login.</p>
<ul class="wp-block-list">
<li>For custom domains (<code>com.yourcompany/*</code>), follow DNS verification steps in the <a href="https://github.com/modelcontextprotocol/registry/blob/main/docs/guides/publishing/publish-server.md">official docs</a>.</li>
</ul>
<h3 class="wp-block-heading" id="5-publish-your-server">5. Publish your server</h3>
<p>Once authenticated, publish to the registry:</p>
<pre class="wp-block-code"><code>mcp-publisher publish</code></pre>
<p>If successful, your server will be discoverable in the MCP registry. You can verify with:</p>
<pre class="wp-block-code"><code>curl "https://registry.modelcontextprotocol.io/v0/servers?search=io.github.yourname/your-server"</code></pre>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Once you’ve completed the steps above, email <a target="_blank" href="mailto:partnerships@github.com" rel="noreferrer noopener">partnerships@github.com</a> and request for your server to be included.</p>
</blockquote>
<p>✅ <strong>Pro tips:</strong> </p>
<ul class="wp-block-list">
<li><strong>Namespace:</strong> Use <code>io.github.username/*</code> for GitHub auth, or <code>com.yourcompany/*</code> for DNS-based verification.</li>
<li><strong>Remote endpoints:</strong> Add a <code>"remotes"</code> array in your <code>server.json</code> for cloud/HTTP endpoints:</li>
</ul>
<pre class="wp-block-code"><code>"remotes": [
{
"type": "streamable-http",
"url": "https://yourdomain.com/yourserver"
}
]</code></pre>
<ul class="wp-block-list">
<li><strong>Multiple deployment options:</strong> You can list both <code>"packages"</code> and <code>"remotes"</code> for hybrid deployments.</li>
<li><strong>Examples:</strong> See <a href="https://github.com/domdomegg/airtable-mcp-server">airtable-mcp-server (npm/docker/MCPB)</a>, <a href="https://github.com/domdomegg/time-mcp-nuget">time-mcp-nuget</a>, <a href="https://github.com/domdomegg/time-mcp-pypi">time-mcp-pypi</a>.</li>
</ul>
<h2 class="wp-block-heading" id="automate-publishing-with-github-actions">Automate publishing with GitHub Actions</h2>
<p>You can automate publishing so every tagged release is published to both your package registry and the MCP registry.</p>
<p>Create <code>.github/workflows/publish-mcp.yml</code>:</p>
<pre class="wp-block-code language-plaintext"><code>name: Publish to MCP Registry
on:
push:
tags: ["v*"]
jobs:
publish:
runs-on: ubuntu-latest
permissions:
id-token: write # For OIDC
contents: read
steps:
- uses: actions/checkout@v5
# (Edit these for your package type)
- name: Setup Node.js
uses: actions/setup-node@v5
with:
node-version: "lts/*"
- name: Install dependencies
run: npm ci
- name: Build and test
run: |
npm run build --if-present
npm run test --if-present
- name: Publish to npm
run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
# MCP publishing (works for all package types)
- name: Download MCP Publisher
run: |
curl -L "https://github.com/modelcontextprotocol/registry/releases/download/latest/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher
- name: Publish to MCP Registry
run: |
./mcp-publisher login github-oidc
./mcp-publisher publish
# Optional: keep server.json version in sync with git tag
- run: |
VERSION=${GITHUB_REF#refs/tags/v}
jq --arg v "$VERSION" '.version = $v' server.json > tmp && mv tmp server.json</code></pre>
<p>To trigger the workflow:</p>
<pre class="wp-block-code language-plaintext"><code>git tag v1.0.0
git push origin v1.0.0</code></pre>
<p>When you publish, your server shows up in the open source registry and downstream registries (like GitHub’s) automatically pick up updates. No more notifying a dozen different registries every time you ship a new version.</p>
<p>✅ <strong>Pro tips:</strong></p>
<ul class="wp-block-list">
<li>Host your code in a <strong>public GitHub repository</strong> to show verified ownership.</li>
<li>Add tags in <code>server.json</code> so developers can easily discover your server by category.</li>
<li>Updates propagate automatically downstream—no manual notifications required</li>
</ul>
<p><strong>How to manage MCP servers in the enterprise</strong></p>
<p>If you’re managing MCP usage across a large organization, governance isn’t optional. You need control over which servers your developers can install—especially when those servers interact with sensitive data.</p>
<p>GitHub now supports <strong>registry allow lists</strong> so admins can control which MCP servers are available to developers.</p>
<p>Here are the steps for admins (which may be you!):</p>
<ol class="wp-block-list">
<li>Stand up or connect an internal registry that follows the MCP API spec (registry + HTTP endpoint).</li>
<li>Add vetted MCP servers (internal + external) to your registry.</li>
<li>Point GitHub Enterprise settings to that registry endpoint.</li>
<li>MCP-aware surfaces (starting with VS Code) enforce the allow list automatically.</li>
</ol>
<p><strong>Example: How the allow list works</strong></p>
<p>Your internal registry at <code>https://internal.mybank.com/mcp-registry</code> returns:</p>
<pre class="wp-block-code"><code>{
"servers": [
{
"name": "github.com/github/mcp-server",
"version": "1.0.0"
},
{
"name": "github.com/microsoft/markitdown-mcp",
"version": "2.1.0"
},
{
"name": "internal.mybank.com/mcp-servers/custom-tools",
"version": "1.5.0"
}
]
}</code></pre>
<p>When developers try to install an MCP server in VS Code, GitHub checks your registry endpoint and only allows installations from your approved list.</p>
<p>This governance model means you can vet partnerships, run security scans, and maintain compliance, all while giving developers access to the tools they need.</p>
<p>✅ <strong>Pro tip:</strong> Use GitHub’s API or your existing security pipeline to vet MCP servers before adding them to your allow list.</p>
<h2 class="wp-block-heading" id="tips-and-tricks-for-power-users">Tips and tricks for power users</h2>
<p>Once you’ve got the basics down, here are some shortcuts to get more out of the registry:</p>
<ul class="wp-block-list">
<li><strong>Sort smarter</strong>: Use GitHub stars and org verification to quickly assess quality and legitimacy. If a server has thousands of stars and comes from a verified org like Microsoft or HashiCorp, that’s a strong signal.</li>
<li><strong>Local testing</strong>: Test your MCP server before publishing using the<a href="https://github.com/modelcontextprotocol/inspector"> MCP Inspector</a>. This helps you catch issues early without polluting the registry. </li>
<li><strong>Agent synergy</strong>: Copilot coding agent comes preloaded with GitHub and Playwright MCP servers. This combo enables auto-generated pull requests with screenshots of web apps, perfect for UI-heavy projects where visual validation matters.</li>
<li><strong>Tool overload fix</strong>: VS Code is rolling out semantic tool lookups, so your agent won’t flood contexts with 90+ tools. Instead, only the relevant ones surface based on your prompt. This makes working with large MCP servers like GitHub’s much more manageable.</li>
</ul>
<h2 class="wp-block-heading" id="whats-next">What’s next?</h2>
<p>The GitHub MCP Registry is just getting started. Here’s a look at what’s on the horizon—from self-publication to enterprise adoption—so you can see where the ecosystem is heading.</p>
<ul class="wp-block-list">
<li><strong>Self-publication</strong>: Expected in the next couple months. This will unlock community-driven growth and make the registry the canonical source for all public MCP servers.</li>
<li><strong>More IDE support</strong>: Other IDEs are coming. The goal is to make MCP server installation seamless regardless of where you write code.</li>
<li><strong>Enterprise features</strong>: Governance flows to help unlock MCP usage in regulated industries. Think financial services, healthcare, and other sectors where compliance isn’t negotiable.</li>
<li><strong>Agentic workflows</strong>: GitHub MCP server will start bundling tools into use-case-driven flows (e.g., “analyze repository + open pull request”) instead of just exposing raw API endpoints. This will make complex workflows feel like simple commands.</li>
</ul>
<h2 class="wp-block-heading" id="get-started-today">Get started today</h2>
<p>The GitHub MCP Registry has 44 servers today and will continue growing (trust us!).</p>
<p>👉 Explore the <a href="https://github.com/mcp?utm_source=blog-source&utm_campaign=mcp-registry-server-launch-2025">MCP Registry</a> on GitHub<a href="https://github.com/mcp?utm_source=blog-source&utm_campaign=mcp-registry-server-launch-2025"><br></a>👉 To nominate your server now, email <strong>partnerships@github.com</strong>.</p>
<p>Soon, this registry will become the single source of truth for MCP servers, giving you one place to discover, install, and govern tools without hopping across outdated registries.</p>
<p>The future of AI-assisted development isn’t about coding faster. It’s about orchestrating tools that amplify your impact. And the GitHub MCP Registry is where that orchestration begins.</p>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/generative-ai/how-to-find-install-and-manage-mcp-servers-with-the-github-mcp-registry/">How to find, install, and manage MCP servers with the GitHub MCP Registry</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91673</post-id> </item>
<item>
<title>The road to better completions: Building a faster, smarter GitHub Copilot with a new custom model</title>
<link>https://github.blog/ai-and-ml/github-copilot/the-road-to-better-completions-building-a-faster-smarter-github-copilot-with-a-new-custom-model/</link>
<dc:creator><![CDATA[Shengyu Fu]]></dc:creator>
<pubDate>Thu, 23 Oct 2025 18:31:12 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[AI agents]]></category>
<category><![CDATA[AI coding tools]]></category>
<category><![CDATA[LLM]]></category>
<guid isPermaLink="false">https://github.blog/?p=91797</guid>
<description><![CDATA[<p>Find out about the latest custom models powering the completions experience in GitHub Copilot. </p>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/the-road-to-better-completions-building-a-faster-smarter-github-copilot-with-a-new-custom-model/">The road to better completions: Building a faster, smarter GitHub Copilot with a new custom model</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Code completion remains the most widely used GitHub Copilot feature, helping millions of developers stay in the flow every day. Our team has continuously iterated on the custom models powering the completions experience in GitHub Copilot driven by developer feedback. That work has had a big impact on giving you faster, more relevant suggestions in the editor.  </p>
<p>We’re now delivering suggestions with 20% more accepted and retained characters, 12% higher acceptance rate, 3x higher token-per-second throughput, and a 35% reduction in latency. </p>
<p>These updates now power GitHub Copilot across editors and environments. We’d like to share our journey on how we trained and evaluated our custom model for code completions. </p>
<h2 class="wp-block-heading" id="h-why-it-matters-nbsp">Why it matters </h2>
<p>When Copilot completions improve, you spend less time editing and more time building. The original Copilot was optimized for the highest acceptance rate possible. However, we realized that a heavy focus on acceptance rates could lead to incorrectly favoring a high volume of simple and short suggestions.  </p>
<p>We heard your feedback that this didn’t reflect real developer needs or deliver the highest quality experience. So, we pivoted to also optimize for accepted and retained characters, code flow, and other metrics. </p>
<ul class="wp-block-list">
<li><strong>20% higher accepted-and-retained characters</strong> results in more of each Copilot suggestion staying in your final code, not just ending up temporarily accepted and deleted later. In other words, suggestions provide more value with fewer keystrokes.</li>
<li><strong>12% higher acceptance rate</strong> means you find suggestions more useful more often, reflecting better immediate utility. </li>
<li><strong>3x throughput</strong> <strong>with 35% lower latency</strong> makes Copilot feel faster. It handles more requests at once while keeping your coding flow unbroken (throughput describes how much work the system can handle overall, while latency describes how quickly each individual request completes).</li>
</ul>
<h2 class="wp-block-heading" id="h-how-we-evaluate-custom-models-nbsp">How we evaluate custom models </h2>
<p>Copilot models are evaluated using combined signals from <strong>offline</strong>, <strong>pre-production</strong>, and <strong>production</strong> evaluations. Each layer helps us refine different aspects of the experience while ensuring better quality in real developer workflows. </p>
<h3 class="wp-block-heading" id="h-1-offline-evaluations-nbsp-nbsp">1) Offline evaluations  </h3>
<p><strong>Execution-based benchmark: </strong>As part of our offline evaluations, we first test against internal and public repositories with strong code by unit test and scenario coverage, spanning all major languages. Each test simulates real tasks, accepts suggestions, and measures build-and-test pass rates. This emphasizes functional correctness over surface fluency.  </p>
<p>Below is an example of a partial token completion error: the model produced <code>data<strong>et</strong></code> instead of <code>data<strong>set</strong></code>.</p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" fetchpriority="high" decoding="async" height="447" width="1024" src="https://github.blog/wp-content/uploads/2025/10/partial-token-completion-error.png?resize=1024%2C447" alt="Screenshot of a Python code editor showing a function named resolve_file inside a file called dataset_utilities.py. The function takes two string arguments, dataset and filename, and returns a string. The purpose, according to the docstring, is to resolve a file from a dataset and assert that only one file is found. The code uses os.path and glob to find files. There’s a highlighted line path = os.path.join(dat... with an error under dat, suggesting a variable name typo (dat instead of dataset). Several red underlines indicate syntax or reference errors in the code." class="wp-image-91828" srcset="https://github.blog/wp-content/uploads/2025/10/partial-token-completion-error.png?w=1026 1026w, https://github.blog/wp-content/uploads/2025/10/partial-token-completion-error.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/partial-token-completion-error.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/partial-token-completion-error.png?w=1024 1024w" sizes="(max-width: 1000px) 100vw, 1000px" /></figure>
<p><strong>LLM-judge scoring: </strong>While we start with execution-based evaluation, this has downsides: it only tells if the code will compile, but the results are not always aligned with developer preferences. To ensure the best possible outcomes, we run an independent LLM to score completions across three axes:  </p>
<ul class="wp-block-list">
<li><strong>Quality:</strong> Ensure syntax validity, duplication/overlap, format and style consistency. </li>
<li><strong>Relevance: </strong>Focus on relevant code, avoid hallucination and overreach. </li>
<li><strong>Helpfulness:</strong> Reduce manual effort, avoid outdated or deprecated APIs. </li>
</ul>
<h3 class="wp-block-heading" id="h-2-pre-production-evaluations-qualitative-dogfooding-nbsp">2) Pre-production evaluations: Qualitative dogfooding </h3>
<p>Our next step includes working with internal developers and partners to test models side-by-side in real workflows (to do the latter, we exposed the preview model to developers through Copilot’s model picker). We collect structured feedback on readability, trust, and “taste.” Part of this process includes working with language experts to improve overall completion quality. This is unique: while execution-based testing, LLM-based evaluations, dogfood testing, and A/B testing are common, we find language-specific evaluations lead to better outcomes along quality and style preferences. </p>
<h3 class="wp-block-heading" id="h-3-production-based-evaluations-a-b-testing-nbsp">3) Production-based evaluations: A/B testing </h3>
<p>Ultimately, the lived experience of developers like you is what matters most. We measure improvements using accepted-and-retained characters, acceptance rates, completion-shown rate, time-to-first token, latency, and many other metrics. We ship only when statistically significant improvements hold up under real developer workloads. </p>
<h2 class="wp-block-heading" id="h-how-we-trained-our-new-copilot-completions-model-nbsp">How we trained our new Copilot completions model </h2>
<h3 class="wp-block-heading" id="h-mid-training-nbsp">Mid-training </h3>
<p>Modern codebases use modern APIs. Before fine-tuning, we build a code-specific foundational model via mid-training using a curated, de-duplicated corpus of modern, idiomatic, public, and internal code with nearly 10M repositories and 600-plus programming languages. (Mid-training refers to the stage after the base model has been pretrained on a very large, diverse corpus, but before it undergoes final fine-tuning or instruction-tuning). </p>
<p>This is a critical step to ensure behaviors, new language syntax, and recent API versions are utilized by the model. We then use supervised fine-<s> </s>tuning and reinforcement learning while mixing objectives beyond next-token prediction—span infillings and docstring/function pairs—so the model learns structure, naming, and intent, not just next-token prediction. This helps us make the foundational model code-fluent, style-consistent, and context-aware, ready for more targeted fine-tuning via supervised fine-tuning. </p>
<h3 class="wp-block-heading" id="h-supervised-fine-tuning-nbsp">Supervised fine-tuning </h3>
<p>Newer general-purpose chat models perform well in natural language to generate code, but underperform on fill-in-the-middle (FIM) code completion. In practice, chat models experience cursor-misaligned inserts, duplication of code before the cursor (prefix), and overwrites of code after the cursor (suffix).  </p>
<p>As we moved to fine-tuned behaviors, we trained models specialized in completions by way of synthetic fine-tuning to behave like a great FIM engine. In practice, this improves: </p>
<ul class="wp-block-list">
<li><strong>Prefix/suffix awareness</strong>: Accurate inserts between tokens, mid-line continuations, full line completions, and multi-line block completions without trampling the suffix. </li>
<li><strong>Formatting fidelity</strong>: Respect local style (indentation, imports, docstrings) and avoid prefix duplication. </li>
</ul>
<p>The result is significantly improved FIM performance. For example, here is a benchmark comparing our latest completions model to GPT-4.1-mini on <a href="https://github.com/openai/human-eval-infilling" target="_blank" rel="noreferrer noopener">OpenAI’s HumanEval Infilling Benchmarks</a>.  </p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?resize=1024%2C538" alt="A chart showing HumanEval Infilling Benchmarks for two different AI models. These include a custom model from GitHub named Copilot Completions and OpenAI's GPT-4o-mini. The evaluations show superior performance across single line, multi line, random span, and random span light tests for the Copilot Completions model. " class="wp-image-91837" srcset="https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=2400 2400w, https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=1536 1536w, https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=2048 2048w" sizes="(max-width: 1000px) 100vw, 1000px" /></figure>
<h3 class="wp-block-heading" id="h-reinforcement-learning-nbsp">Reinforcement learning </h3>
<p>Finally, we used a custom reinforcement learning algorithm, teaching the model through rewards and penalties to internalize what makes code suggestions useful in real developer scenarios along three axes:</p>
<ul class="wp-block-list">
<li><strong>Quality</strong>: Syntax-valid, compilable code that follows project style (indentations, imports, headers).  </li>
<li><strong>Relevance</strong>: On-task suggestions that respect surrounding context and the file’s intent.  </li>
<li><strong>Helpfulness</strong>: Suggestions that reduce manual effort and prefer modern APIs.  </li>
</ul>
<p>Together, these create completions that are correct, relevant, and genuinely useful at the cursor instead of being verbose or superficially helpful. </p>
<h2 class="wp-block-heading" id="h-what-we-learned-nbsp">What we learned </h2>
<p>After talking with programming language experts and finding success in our prompt-based<s> </s>approach, one of our most important lessons was adding related files like C++ header files to our training data. Beyond this, we also came away with three key learnings: </p>
<ul class="wp-block-list">
<li><strong>Reward carefully: </strong>Early reinforcement learning version over-optimized for longer completions, adding too many comments in the form of “reward hacking.” To mitigate this problem, we introduced comment guardrails to keep completions concise and focused on moving the task forward while penalizing unnecessary commentary. </li>
<li><strong>Metrics matter: </strong>Being hyper-focused on a metric like acceptance rate can lead to experiences that look good on paper, but do not result in happy developers. That makes it critical to evaluate performance by monitoring multiple metrics with real-world impact.</li>
<li><strong>Train for real-world usage: </strong>We align our synthetic fine-tuning data with real-world usage and adapt our training accordingly. This helps us identify problematic patterns and remove them via training to improve real-world outcomes.  </li>
</ul>
<h2 class="wp-block-heading" id="h-what-s-next-nbsp">What’s next </h2>
<p>We’re continuing to push the frontier of Copilot completions by: </p>
<ul class="wp-block-list">
<li>Expanding into domain-specific slices (e.g., game engines, financial, ERP). </li>
<li>Refining reward functions for build/test success, semantic usefulness (edits that advance the user’s intent without bloat), and API modernity preference for up-to-date, idiomatic libraries and patterns. This is helping us shape completion behavior with greater precision. </li>
<li>Driving faster, cheaper, higher-quality completions across all developer environments.  </li>
</ul>
<div class="wp-block-group post-content-cta has-global-padding is-layout-constrained wp-block-group-is-layout-constrained">
<p>Experience faster, smarter code completions yourself. <a href="https://github.com/features/copilot" target="_blank" rel="noreferrer noopener">Try GitHub Copilot in VS Code ></a> </p>
</div>
<h3 class="wp-block-heading" id="h-acknowledgments-nbsp">Acknowledgments </h3>
<p>First, a big shoutout to our developer community for continuing to give us feedback and push us to deliver the best possible experiences with GitHub Copilot. Moreover, a huge thanks to the researchers, engineers, product managers, designers across GitHub and Microsoft who curated the training data, built the training pipeline, evaluation suites, client and serving stack<s> </s>—<s> </s>and to the GitHub Copilot product and engineering teams for smooth model releases. </p>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/the-road-to-better-completions-building-a-faster-smarter-github-copilot-with-a-new-custom-model/">The road to better completions: Building a faster, smarter GitHub Copilot with a new custom model</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91797</post-id> </item>
<item>
<title>From karaoke terminals to AI résumés: The winners of GitHub’s For the Love of Code challenge</title>
<link>https://github.blog/open-source/from-karaoke-terminals-to-ai-resumes-the-winners-of-githubs-for-the-love-of-code-challenge/</link>
<dc:creator><![CDATA[Lee Reilly]]></dc:creator>
<pubDate>Wed, 22 Oct 2025 20:30:35 +0000</pubDate>
<category><![CDATA[Open Source]]></category>
<category><![CDATA[developer experience]]></category>
<category><![CDATA[open source]]></category>
<category><![CDATA[open source community]]></category>
<guid isPermaLink="false">https://github.blog/?p=91749</guid>
<description><![CDATA[<p>This summer, we invited devs to participate in our hackathon for joyful, ridiculous, and wildly creative projects. Here are the winners of For the Love of Code!</p>
<p>The post <a href="https://github.blog/open-source/from-karaoke-terminals-to-ai-resumes-the-winners-of-githubs-for-the-love-of-code-challenge/">From karaoke terminals to AI résumés: The winners of GitHub’s For the Love of Code challenge</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Every developer has that project they build just for the fun of it. You know how it goes: you start by asking “what if?” and then you have something weird and wonderful hours later. </p>
<p>This summer, we decided to celebrate that spirit with <a href="https://github.blog/open-source/for-the-love-of-code-2025/"><strong>For the Love of Code</strong></a>, our first-ever competition for projects built purely for fun. More than 300 developers answered the call. Some leaned on GitHub Copilot to refactor ideas, fix bugs, and spark inspiration. Some teamed up. Others flew solo, guided only by caffeine and curiosity.</p>
<p>Entries spanned everything from a <a href="https://github.com/cyprieng/github-breakout">Breakout game powered by your GitHub graph</a>, to a <a href="https://github.com/sanaysarthak/git-laugh-track">laugh-track that plays on every commit</a>, <a href="https://github.com/NeoKish/vscode-yelp-style-reviewer">a Yelp-style code reviewer in VS Code</a> ★★★★☆, a <a href="https://github.com/leereilly/copilot-cam">Copilot you can literally see on camera</a>, and even a <a href="https://github.com/GustyCube/pr-notes-comic-strip">comic strip made from your release notes</a>.</p>
<p>We invited participants to build anything that sparks joy across six whimsical categories:</p>
<ul class="wp-block-list">
<li><strong>🔘 Buttons, beeps & blinkenlights:</strong> Hardware hacks, LEDs, sensors, and gadgets galore.</li>
<li>🖥️<strong> Terminal talent: </strong>Command-line creations and retro computing love letters.</li>
<li><strong>🌐 World wide wonders: </strong>Browser-based experiments, apps, and interactive art.</li>
<li><strong>🤖 Agents of change:</strong> AI, bots, and automation with heart.</li>
<li><strong>🕹️ Game on: </strong>Games big or small, serious or silly.</li>
<li>🃏<strong> Everything but the kitchen sink: </strong>The wildcard (if it doesn’t fit anywhere else, it fits here).</li>
</ul>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--1" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-how-github-copilot-powered-creativity" style="margin-top:0">💡 How GitHub Copilot powered creativity</h3>
<p><a href="https://github.com/features/copilot">GitHub Copilot</a> helped contest participants:</p>
<ul class="wp-block-list">
<li>Create efficient Go code to integrate with the GitHub API</li>
<li>Scaffold repetitive code and boilerplate</li>
<li>Suggest API calls and syntax corrections</li>
<li>Debug hardware quirks and runtime errors</li>
<li>Spark inspiration for algorithms and UI design</li>
<li>Write their first Python program</li>
<li>Make their first real push to GitHub</li>
</ul>
<p>And it didn’t stop there. When creativity met Copilot, side projects turned into something spectacular.<br><br><a href="https://github.blog/ai-and-ml/github-copilot/copilot-faster-smarter-and-built-for-how-you-work-now/">Discover how Copilot can help you with your project ></a></p>
</aside>
<h2 class="wp-block-heading" id="meet-the-winners-open-source-experiments-ai-side-projects-and-more">Meet the winners: Open source experiments, AI side projects, and more</h2>
<p>Here are the top three entries from each category.</p>
<h2 class="wp-block-heading" id="%f0%9f%94%98-buttons-beeps-blinkenlights">🔘 Buttons, beeps & blinkenlights </h2>
<h3 class="wp-block-heading" id="plane-tracker-diy-radar-on-your-desk">Plane Tracker: DIY radar on your desk</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="1024" width="771" src="https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?resize=771%2C1024" alt="A person holding an Adafruit TFT Gizmo display connected to a laptop. The screen shows a green radar interface with red blips representing nearby planes. In the background, Python code and a terminal window in VS Code display mock plane data being sent via Bluetooth." class="wp-image-91771" srcset="https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=1656 1656w, https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=226 226w, https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=771 771w, https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=1156 1156w, https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=1542 1542w" sizes="auto, (max-width: 771px) 100vw, 771px" /></figure>
<p><a href="https://github.com/cpstroum/flight-tracker-bluefruit">Plane Tracker</a> by @cpstroum is a DIY radar that uses an <a href="https://learn.adafruit.com/introducing-circuit-playground/overview?gad_source=1&gad_campaignid=21079267614&gbraid=0AAAAADx9JvS9gzUjK958dRkUNTd_N30et&gclid=Cj0KCQjw9czHBhCyARIsAFZlN8RtFMPe77bX67pkLaGHs37V1Nq0iJBnTNQ47Vuex2Y-oozA28_oRmsaAhPqEALw_wcB">Adafruit Circuit Playground</a>, Bluetooth, and the ADS-B Exchange API to fetch live flight data. It turns nearby planes into a real-time mini radar display.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @cpstroum with Git itself and with structuring the initial project for their first real push to GitHub. Thanks, Copilot! And welcome aboard, @cpstroum!
<h3 class="wp-block-heading" id="h-cadrephoto-the-easy-e-ink-photo-frame">Cadrephoto: The easy e-ink photo frame</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="512" width="1024" src="https://github.blog/wp-content/uploads/2025/10/cadrephoto.png?resize=1024%2C512" alt="A wooden e-ink photo frame displays a grayscale version of “Girl with a Pearl Earring.” A smartphone next to it shows an email being sent with the same image, and a red arrow points from the phone to the frame, illustrating how the photo is updated remotely." class="wp-image-91770" srcset="https://github.blog/wp-content/uploads/2025/10/cadrephoto.png?w=1280 1280w, https://github.blog/wp-content/uploads/2025/10/cadrephoto.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/cadrephoto.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/cadrephoto.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/ozh/cadrephoto">Cadrephoto</a> by @ozh is a Raspberry Pi and e-ink photo frame that displays pictures emailed to it (no app, no setup, perfect for less tech-savvy people). It checks an inbox, downloads the latest photo, and updates the screen automatically.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @ozh with their first Python project. It worked smoothly inside JetBrains IDEs and made code completion feel almost like magic.
<h3 class="wp-block-heading" id="h-buildin-traffic-light-builds-for-your-repository">BuildIn: Traffic-light builds for your repository</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="1024" width="1024" src="https://github.blog/wp-content/uploads/2025/10/buildin.png?resize=1024%2C1024" alt="A collage of four photos showing an Arduino breadboard project with multiple jumper wires and LEDs in different colors—blue, green, yellow, and red—lit up during various testing stages." class="wp-image-91769" srcset="https://github.blog/wp-content/uploads/2025/10/buildin.png?w=1080 1080w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=150 150w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=600 600w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=400 400w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=200 200w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=1000 1000w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=90 90w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=116 116w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/SUNSET-Sejong-University/BuildIn/">BuildIn</a> by @SUNSET-Sejong-University and @lepetitprince99 is a real-life traffic light for your code that sits on your desk. Using an Arduino and the GitHub API, it lights up red, yellow, green, or blue to show your repository’s build status at a glance.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @SUNSET-Sejong-University debug and optimize their code. It saved time tracking down tricky hardware issues and made troubleshooting much easier.
<h2 class="wp-block-heading" id="h-terminal-talent">🖥️ Terminal talent</h2>
<h3 class="wp-block-heading" id="h-restohack-a-roguelike-resurrected-from-1984">RestoHack: A roguelike resurrected from 1984</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" width="582" height="422" src="https://github.blog/wp-content/uploads/2025/10/restohack.png?w=582&resize=582%2C422" alt="A black terminal window displaying ASCII art of a tombstone reading “REST IN PEACE mjh 0 AU killed by a giant rat 2025,” from a retro text-based game." class="wp-image-91768" srcset="https://github.blog/wp-content/uploads/2025/10/restohack.png?w=582 582w, https://github.blog/wp-content/uploads/2025/10/restohack.png?w=300 300w" sizes="auto, (max-width: 582px) 100vw, 582px" /></figure>
<p><a href="https://github.com/Critlist/restoHack">RestoHack</a> by @Critlist resurrects the 1984 roguelike game that inspired <a href="https://github.com/NetHack/NetHack">NetHack</a>, rebuilt from the original source with modern tools and a preservationist’s touch. It compiles cleanly, runs faithfully, and proves that forty years later, permadeath still hits hard.</p>
<h3 class="wp-block-heading" id="h-jukebox-cli">Jukebox CLI</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="466" width="1024" src="https://github.blog/wp-content/uploads/2025/10/jukebox.png?resize=1024%2C466" alt="A pixel art jukebox interface in a terminal-based music player. The screen shows colorful pixel graphics in the center, a playlist of songs on the right, and playback controls with progress and volume bars at the bottom." class="wp-image-91767" srcset="https://github.blog/wp-content/uploads/2025/10/jukebox.png?w=1780 1780w, https://github.blog/wp-content/uploads/2025/10/jukebox.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/jukebox.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/jukebox.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/jukebox.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/FedeCarollo/jukebox-cli">Jukebox CLI </a>by @FedeCarollo is a colorful, animated jukebox that runs right in your terminal. Built in Rust with Ratatui, it plays MP3s, shows floating musical notes, and color-codes each track in a scrollable playlist. You can play, pause, skip, and adjust the volume without ever leaving your command line.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @FedeCarollo explore unfamiliar Rust libraries and find their footing.
<h3 class="wp-block-heading" id="h-tuneminal-sing-your-commits-from-the-command-line">Tuneminal: Sing your commits from the command line</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="521" width="1024" src="https://github.blog/wp-content/uploads/2025/10/tuneminal.png?resize=1024%2C521" alt="A terminal-based karaoke interface titled “Tuneminal.” The screen displays a song library with “IRIS – Kenshi Yonezu,” current score and accuracy, and placeholders for lyrics and an audio visualizer." class="wp-image-91766" srcset="https://github.blog/wp-content/uploads/2025/10/tuneminal.png?w=1279 1279w, https://github.blog/wp-content/uploads/2025/10/tuneminal.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/tuneminal.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/tuneminal.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/heza-ru/Tuneminal">Tuneminal</a> by @heza-ru turns your terminal into a full-blown karaoke stage with scrolling lyrics, live audio visualization, and scoring that rewards your inner rock star. It’s open source, cross-platform, and the perfect excuse to sing while that <code>git clone</code> takes a while.</p>
<h2 class="wp-block-heading" id="h-world-wide-wonders">🌐 World wide wonders</h2>
<h3 class="wp-block-heading" id="h-netstalgia-surf-the-90s-web-on-virtual-dial-up">Netstalgia: Surf the ‘90s web on virtual dial-up</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="640" width="1024" src="https://github.blog/wp-content/uploads/2025/10/netstalgia.png?resize=1024%2C640" alt="A retro 1990s-style web page called “Netsalgia.com” designed to look like a Windows 95 desktop. The page features colorful buttons, visitor counters, fake ads, and a pop-up asking users to star the GitHub repository for this nostalgic project." class="wp-image-91765" srcset="https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=3584 3584w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=1536 1536w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=2048 2048w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=288 288w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=3000 3000w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/heza-ru/Netstalgia">Netstalgia</a> by @heza-ru (again!) is a fully functional ‘90s web fever dream built with modern tech, but visually stuck on virtual dial-up. It’s got dancing babies, popup ads, a fake BBS, and more CRT glow than your old Gateway 2000 ever survived.</p>
<p>In true retro internet spirit, it even ships with a fake GitHub Star Ransomware—a tongue-in-cheek “virus” that demands you star the repo to “decrypt your files.” A clever (and harmless) new twist on the eternal quest for GitHub stars. ⭐💾</p>
<h3 class="wp-block-heading" id="bionic-reader-speed-read-your-screen">Bionic Reader: Speed read your screen</h3>
<p><a href="https://github.com/Awesome-XV/Bionic-Reader">Bionic Reader</a> by @Awesome-XV rewires how you read by bolding the first few letters of each word so your brain fills in the rest. It’s like giving your eyes a speed boost without the caffeine jitters to read faster than ever.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @Awesome-XV write project documentation and scaffold the initial codebase.
<h3 class="wp-block-heading" id="h-the-git-roast-show-roast-your-github-profile-lovingly">The Git Roast Show: Roast your GitHub profile… lovingly</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="640" width="1024" src="https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?resize=1024%2C640" alt="A stylized image featuring a cartoon GitHub Octocat character in a tuxedo and sunglasses holding a microphone. The text above reads “The GitRoast Show,” and a speech bubble says “we don’t fork around here.” The background has a swirling teal marble texture." class="wp-image-91764" srcset="https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=3584 3584w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=1536 1536w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=2048 2048w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=288 288w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=3000 3000w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/rawrnuck/thegitroastshow">Git Roast Show</a> by @rawrnuck and @Anmol0201 is a full-stack web app that humorously “roasts” your GitHub profile. Built with React, Vite, and Express, it fetches live GitHub data to generate personalized, sound-enhanced, and animated comedy roasts.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @rawrnuck understand algorithms and handle the repetitive parts of their project.
<h3 class="wp-block-heading" id="nightlio-a-mood-tracker-you-actually-own">Nightlio: a mood tracker you actually own</h3>
<p><a href="https://github.com/shirsakm/nightlio">Nightlio</a> by @shirsakm is a privacy-first mood tracker and daily journal you can self-host in minutes. Log how you feel on a 5-point scale, add Markdown notes, tag entries like #Sleep or #Productivity, then explore calendars, streaks, and simple stats to spot patterns. It runs anywhere with Docker, stores data in a local SQLite file, and keeps things clean with JWT-protected APIs, a React/Vite front end, and optional Google OAuth. No ads. No subscriptions. Your server, your rules.</p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="484" width="1024" src="https://github.blog/wp-content/uploads/2025/10/nightlio.gif?resize=1024%2C484" alt="A dark-themed productivity app called Nightliio is shown in motion. The animation highlights mood tracking icons, personal goals such as “Read Before Bed” and “Morning Meditation,” and sections for adding goals, viewing history, and tracking progress through colorful animated bars." class="wp-image-91763"></figure>
<p><strong><em>Note</em></strong><em>: Because @heza-ru placed in two categories, we’ve added a fourth winner to this category.</em></p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @shirsakm with refactors, color palette updates, and codebase-wide changes that would have taken much longer by hand.
<h2 class="wp-block-heading" id="%f0%9f%a4%96-agents-of-change">🤖 Agents of change</h2>
<h3 class="wp-block-heading" id="neosgenesis-ai-that-thinks-about-thinking">Neosgenesis: AI that thinks about thinking</h3>
<p><a href="https://github.com/answeryt/Neosgenesis">Neosgenesis</a> by @answeryt is a metacognitive AI framework that teaches machines to think about how they think. It runs a five-stage loop (think, verify, learn, optimize, decide) while juggling multiple LLMs, tools, and real-time feedback. A multi-armed bandit picks the best reasoning patterns, and when it stalls, an “aha” mode explores fresh paths.</p>
<h3 class="wp-block-heading" id="medivision-assistant-accessible-ai-healthcare-for-all">MediVision Assistant: Accessible AI healthcare for all</h3>
<p><a href="https://github.com/omkardongre/medi-vision-assistant-ai">MediVision Assistant</a> by @omkardongre is an AI healthcare companion that helps elderly and disabled users manage their health through voice, image, and video. Users can scan medications, analyze skin conditions, log symptoms by voice, and chat with an AI doctor-like assistant.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @omkardongre generate React components, API templates, and AI integration code. It handled the boilerplate so they could focus on building features and improving the experience.
<h3 class="wp-block-heading" id="h-quiviva-the-resume-that-talks-back">Quiviva: The résumé that talks back</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="640" width="1024" src="https://github.blog/wp-content/uploads/2025/10/quiviva.png?resize=1024%2C640" alt="A colorful web interface titled “An Interactive CV that Talks Back.” The animation shows a chatbot window on the right where users can type questions to Kasia’s AI-powered résumé. The left side explains the project as a playful mix of AI, design, and storytelling, with a list of example questions and a button to download the CV as a PDF." class="wp-image-91762" srcset="https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=3584 3584w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=1536 1536w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=2048 2048w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=288 288w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=3000 3000w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/katawiecz/quiviva">Quiviva</a> by @katawiecz is an interactive AI-powered CV that turns a job hunt into a chat adventure. Ask about skills or projects, or type “Gandalf” to unlock secret nerd mode. All this goes to show that even résumés can be fun.</p>
<h2 class="wp-block-heading" id="%f0%9f%95%b9%ef%b8%8f-game-on">🕹️ Game on</h2>
<h3 class="wp-block-heading" id="ai-dventure-infinite-worlds-infinite-choices">AI-Dventure: Infinite worlds, infinite choices</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1009" height="672" src="https://github.blog/wp-content/uploads/2025/10/ai-dventure.png?w=1009&resize=1009%2C672" alt="A screenshot of a text adventure game." class="wp-image-91761" srcset="https://github.blog/wp-content/uploads/2025/10/ai-dventure.png?w=1009 1009w, https://github.blog/wp-content/uploads/2025/10/ai-dventure.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/ai-dventure.png?w=768 768w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/FedeCarollo/ai_dventure">AI-Dventure</a> by @FedeCarollo is an interactive text adventure built in Rust and powered by OpenAI’s models. Players explore dynamically generated worlds in fantasy, horror, sci-fi, or historical settings where every command shapes the story and no two runs are the same.</p>
<h3 class="wp-block-heading" id="h-beatbugging-debug-to-the-beat">BeatBugging: Debug to the beat</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" width="759" height="437" src="https://github.blog/wp-content/uploads/2025/10/beatbugging.png?w=759&resize=759%2C437" alt="A retro-style terminal interface titled “BEATBUGGING SYSTEM” shows a progress bar at 25%, simulating the initialization of a “musical debugging interface” with audio frequencies, memory readouts, and ASCII symbols displayed on a dark screen." class="wp-image-91760" srcset="https://github.blog/wp-content/uploads/2025/10/beatbugging.png?w=759 759w, https://github.blog/wp-content/uploads/2025/10/beatbugging.png?w=300 300w" sizes="auto, (max-width: 759px) 100vw, 759px" /></figure>
<p><a href="https://github.com/sandra-aliaga/beatbugging">BeatBugging</a> by @sandra-aliaga, @Joshep-c, @RyanValdivia, and @tniia turns debugging into a rhythm game that converts your system logs into musical beats. Built in Python, it lets you fix bugs to the rhythm on a 5-by-5 grid and makes debugging sound unexpectedly good.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped the team figure out next steps when they got stuck, offering helpful hints that kept development moving.
<h3 class="wp-block-heading" id="mumind-a-multiplayer-battle-of-wits-and-vibes">MuMind: A multiplayer battle of wits and vibes</h3>
<p><a href="https://github.com/FontesHabana/MuMind">MuMind</a> by @FontesHabana is a web-based multiplayer version of the party game Herd Mentality, where players try to match the majority’s answers to score points. Built with React, Tailwind CSS, and Framer Motion, it offers multilingual support, lively animations, and a smooth, responsive experience.</p>
<h2 class="wp-block-heading" id="%f0%9f%83%8f-everything-but-the-kitchen-sink">🃏 Everything but the kitchen sink</h2>
<h3 class="wp-block-heading" id="gitfrag-defrag-your-contributions-graph">GitFrag: Defrag your contributions graph</h3>
<figure class="wp-block-video"><video autoplay controls loop muted src="https://github.blog/wp-content/uploads/2025/10/gitfrag.mp4"></video></figure>
<p>@chornonoh-vova built <a href="https://github.com/chornonoh-vova/gitfrag">GitFrag</a> to reorganize your contributions graph using classic sorting algorithms (bubble, merge, quick, and counting sort). Each is visualized with smooth progress animations, GitHub login, and dark mode support. There’s also a<a href="https://www.chornonoh-vova.com/blog/gitfrag-challenge"> wonderful writeup of how the developer approached it</a>.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @chornonoh-vova structure their understanding of algorithms and add thoughtful details that made their visualization shine.
<h3 class="wp-block-heading" id="h-code-sensei-meditate-your-way-through-vs-code">Code Sensei: Meditate your way through VS Code</h3>
<p><a href="https://github.com/redhatsam09/code-sensei">Code Sensei</a> by @redhatsam09 turns your VS Code sessions into a zen pixel adventure where your focus fuels the fun. Type to walk, pause to hop—but stay away too long away and your sensei meets a dramatic, 8-bit demise.</p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="Code Sensei" width="500" height="281" src="https://www.youtube.com/embed/MHrUYFEAnhU?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<h3 class="wp-block-heading" id="h-reviewer-karma-good-vibes-for-great-reviews">Reviewer Karma: Good vibes for great reviews</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="702" width="1024" src="https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?resize=1024%2C702" alt="A leaderboard titled “Scoring System” and “Current Rankings” shows how reviewers earn points for giving code reviews, using positive emojis, and writing constructive comments. The rankings table lists @alice in first place with 18 points, followed by @bob, @carol, @dave, and @eve." class="wp-image-91759" srcset="https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?w=1796 1796w, https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/master-wayne7/reviewer-karma-action">Reviewer Karma</a> by @master-wayne7 keeps your pull requests peaceful by rewarding reviewers for good vibes and great feedback. Every emoji, comment, and code critique earns points on a live leaderboard that turns pull request reviews into a friendly competition.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @master-wayne7 write efficient Go code for the GitHub API, structure logic for assigning karma points, and handle repetitive tasks like error checking and markdown generation. It kept the project flowing smoothly from start to finish.
<hr class="wp-block-separator has-alpha-channel-opacity">
<h2 class="wp-block-heading" id="these-projects-show-whats-possible-when-we-let-our-curiosity-take-center-stage">These projects show what’s possible when we let our curiosity take center stage</h2>
<p>Remember these are hackathon projects. They might not be feature complete, there may be bugs, spaghetti code, and the occasional rogue program escaped from the Grid. But they are clear examples of what we can accomplish when we do something just for the love of it.</p>
<p>All of our category winners get 12 months of GitHub Copilot Pro+.</p>
<p>If <em>For the Love of Code</em> proved anything, it’s that creativity and code thrive best together—especially with Copilot lending a hand.</p>
<h2 class="wp-block-heading" id="shoutout-to-the-makers">Shoutout to the makers</h2>
<p>Congratulations to all of our winners: @Anmol0201, @answeryt, @Awesome-XV, @chornonoh-vova, @cpstroum, @Critlist, @FedeCarollo, @FontesHabana, @heza-ru, @joshep-c, @katawiecz, @lepetitprince99, @master-wayne7, @omkardongre, @RyanValdivia, @ozh, @rawrnuck, @redhatsam09, @sandra-aliaga, @shirsakm, @SUNSET-Sejong-University, @tniia.</p>
<p>Massive thank you to our judges, which included a mix of GitHub Stars, Campus Experts, and GitHub Developer Relations friends: @Ba4bes, @colbyfayock, @j0ashm, @JuanGdev, @howard-lio, @luckyjoseph, @metzinaround, @Taiwrash, and @xavidop.</p>
<p>And thank you Copilot for your assistance!</p>
<p>Now back to work everyone! Playtime is over.</p>
<p>💜 If you enjoyed <em>For the Love of Code</em>, stay tuned… <a href="https://itch.io/jam/game-off-2025"><em>Game Off 2025</em></a> begins this November!</p>
</body></html>
<p>The post <a href="https://github.blog/open-source/from-karaoke-terminals-to-ai-resumes-the-winners-of-githubs-for-the-love-of-code-challenge/">From karaoke terminals to AI résumés: The winners of GitHub’s For the Love of Code challenge</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91749</post-id> </item>
<item>
<title>Top security researcher shares their bug bounty process</title>
<link>https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/</link>
<dc:creator><![CDATA[Shilpa Kumari]]></dc:creator>
<pubDate>Wed, 22 Oct 2025 16:00:00 +0000</pubDate>
<category><![CDATA[Application security]]></category>
<category><![CDATA[Security]]></category>
<category><![CDATA[Supply chain security]]></category>
<category><![CDATA[Vulnerability research]]></category>
<category><![CDATA[Web application security]]></category>
<category><![CDATA[bug bounty]]></category>
<category><![CDATA[cybersecurity]]></category>
<category><![CDATA[Cybersecurity Awareness Month]]></category>
<category><![CDATA[GitHub Security]]></category>
<guid isPermaLink="false">https://github.blog/?p=91734</guid>
<description><![CDATA[<p>For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!</p>
<p>The post <a href="https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/">Top security researcher shares their bug bounty process</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p><em>As we wrap Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to spotlight another top performing security researcher who participates in the GitHub Security Bug Bounty Program, André Storfjord Kristiansen!</em></p>
<p>GitHub is dedicated to maintaining the security and reliability of the code that powers millions of development projects every day. <a href="https://bounty.github.com/">GitHub’s Bug Bounty Program</a> is a cornerstone of our commitment to securing both our platform and the broader software ecosystem.</p>
<p>With the rapid growth of AI-powered features like <a href="https://github.com/features/copilot">GitHub Copilot</a>, <a href="https://docs.github.com/en/copilot/concepts/agents/coding-agent/about-coding-agent">GitHub Copilot coding agent</a>, <a href="https://githubnext.com/projects/github-spark">GitHub Spark</a>, and more, our focus on security is stronger than ever—especially as we pioneer new ways to assist developers with intelligent coding. Collaboration with skilled security researchers remains essential, helping us identify and resolve vulnerabilities across both traditional and emerging technologies.</p>
<p>We have also been closely auditing the researchers participating in our public program—to identify those who consistently demonstrate expertise and impact—and inviting them to our exclusive VIP bounty program. VIP researchers get direct access to:</p>
<ul class="wp-block-list">
<li>Early previews of beta products and features before public launch</li>
<li>Dedicated engagement with GitHub Bug Bounty staff and the engineers behind the features they’re testing 😄</li>
<li>Unique Hacktocat swag—including this year’s brand new <a href="https://bugbounty.printengine.com/page/2/">collection</a>!</li>
</ul>
<p>Explore <a href="https://github.blog/security/vulnerability-research/githubs-revamped-vip-bug-bounty-program/#how-can-one-receive-an-invite">this blog post</a> to learn more about our VIP program and discover how you can <a href="https://bounty.github.com/#:~:text=How%20can%20I%20earn%20an%20invitation%20to%20the%20GitHub%20VIP%20program%3F">earn an invitation</a>!</p>
<p>As part of ongoing <a href="https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-awareness-month-2025-researcher-spotlights-and-enhanced-incentives/">Cybersecurity Awareness Month celebration</a> this October, we’re spotlighting another outstanding researcher from our Bug Bounty program and exploring their unique methodology, techniques, and experiences hacking on GitHub. <strong>@dev-bio</strong> is particularly skilled in identifying injection-related vulnerabilities and has discovered some of the most subtle and impactful issues in our ecosystem. They are also known for providing thorough, detailed reports that greatly assist with impact assessments and enable us to take quicker, more effective action.</p>
<hr class="wp-block-separator has-alpha-channel-opacity">
<p><strong>How did you get involved with Bug Bounty? What has kept you coming back to it?</strong></p>
<p>I got involved with the program quite coincidentally while working on a personal project in my spare time. Given my background in (and passion for) software engineering, I’m always curious about how systems behave, especially when it comes to handling complex edge cases. That curiosity often leads me to pick apart new features or changes I encounter to see how they hold up—something that has taken me down fascinating rabbit holes and ultimately led to some findings with great impact.</p>
<p>What keeps me going is the thrill of showing how seemingly minor issues can have real-world impact. Taking something small and possibly overlooked, exploring its implications, and demonstrating how it could escalate into a serious vulnerability feels very rewarding.</p>
<p><strong>What do you enjoy doing when you aren’t hacking?</strong></p>
<p>Having recently become a father of two, much of my time outside of work revolves around being present with my family and striving to be the best version of myself for them. I also want to acknowledge that my partner—my favorite person and better half—has been incredibly supportive. Even if she has no clue what I’m doing during my late-night sessions, she gives me uninterrupted time to work on my side projects, for which I’m deeply grateful.</p>
<p>I’m from Norway, and one of the many benefits of living here is the easy access to incredible nature. We try to make the most of it together through hiking, camping, and cross-country skiing. Being out in the wilderness is a perfect way to disconnect, recharge, and gain perspective away from a busy world. We find that after time outdoors, one can come back more grounded, with a clear mind and renewed focus.</p>
<p><strong>How do you keep up with and learn about vulnerability trends?</strong></p>
<p>I stay up to date by reading write-ups from other researchers, which are an excellent way to see how others are approaching problems and what kinds of vulnerabilities are being uncovered. While this is important, one should also attempt to stay ahead of the curve, so I try to identify and dive into areas that are in need of further research.</p>
<p>Professionally, as a security engineer, my primary area of expertise is software supply chain security, an often-neglected but increasingly important field. I spend much of my time researching gaps and developing solutions to mitigate emerging threats. I’m also very lucky to work closely with some of the best talent in Norway.</p>
<p><strong>What tools or workflows have been game-changers for your research? Are there any lesser-known utilities you recommend?</strong></p>
<p>When doing research in my spare time, I prefer to write my own tools rather than relying solely on what you get off the shelf, as I find that it gives me a deeper understanding of the problem and helps me identify new areas that could be worth exploring in the future.</p>
<p>None of my personal security tooling has been published yet, but I plan to—eventually™—release a toolkit to build comprehensive offline graphs of GitHub organizations with an extensible query suite to quickly uncover common misconfigurations and hidden attack paths.</p>
<p><strong>What are your favorite classes of bugs to research and why?</strong></p>
<p>I’m particularly drawn to injection-related vulnerabilities, subtle logical flaws, and overlooked assumptions that may not seem important at first glance. Recently, I’ve been intrigued by novel techniques for bypassing even the strictest content security policies.</p>
<p>What I enjoy most is demonstrating how seemingly benign findings can be chained together into something with significant impact. These vulnerabilities often expose weaknesses in the underlying design rather than just surface-level issues. My passion for building resilient systems naturally shapes this approach, driving me to explore how small cracks can compromise a system’s overall integrity.</p>
<p><strong>You’ve found some complex and significant bugs in your work. Can you talk a bit about your process?</strong></p>
<p>The most significant discoveries I have made in my spare time have been coincidental and, in most cases, a side effect of being sidetracked by my own curiosity, rather than the result of a targeted approach with a rigid methodology.</p>
<p>I’ve always had an insatiable curiosity and fascination with how systems work under the hood, and I let that curiosity guide my process outside of work. When I notice something unusual, I dig deeper, peeling back the layers until I fully understand what’s happening. From there—if it’s worthwhile—I carefully document each step to map out potential attack paths and piece together a clear, comprehensive picture of the vulnerability, which enables me to build a strong foundation for further analysis and reporting.</p>
<p><strong>Do you have any advice or recommended resources for researchers looking to get involved with Bug Bounty?</strong></p>
<p>Don’t settle for a simple finding. Dig deeper and explore its implications. When you have a grasp of the bigger picture, seemingly benign issues could turn out to have substantial impact.</p>
<p><strong>Do you have any social media platforms you’d like to share with our readers?</strong></p>
<p>Currently I have a <a href="https://pages.dev.bio/">page</a>, where I’ll be posting interesting content in the near future. I’m also on <a href="https://www.linkedin.com/in/storfjord">LinkedIn</a>.</p>
<hr class="wp-block-separator has-alpha-channel-opacity">
<p>Thank you, @dev-bio, for participating in GitHub’s bug bounty researcher spotlight! Each submission to our bug bounty program is a chance to make GitHub, our products, and our customers more secure, and we continue to welcome and appreciate collaboration with the security research community. So, if this inspired you to go hunting for bugs, feel free to report your findings through <a href="https://www.hackerone.com/Github">HackerOne</a>.</p>
</body></html>
<p>The post <a href="https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/">Top security researcher shares their bug bounty process</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91734</post-id> </item>
<item>
<title>How to update community health files with AI</title>
<link>https://github.blog/ai-and-ml/github-copilot/how-to-update-community-health-files-with-ai/</link>
<dc:creator><![CDATA[Alexandra Lietzke]]></dc:creator>
<pubDate>Tue, 21 Oct 2025 16:00:00 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[community health files]]></category>
<category><![CDATA[maintainers]]></category>
<guid isPermaLink="false">https://github.blog/?p=91663</guid>
<description><![CDATA[<p>Have you ever thought about using AI to update community health files for your repositories? This blog shares actionable next steps for doing just that, including a starter kit with a checklist and tutorials on how to create three useful files.</p>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/how-to-update-community-health-files-with-ai/">How to update community health files with AI</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Maintaining your project’s community health files shouldn’t get in the way of writing code. <a href="https://github.com/features/copilot">GitHub Copilot</a> can help you update and enhance your documentation, so you can stay focused on what really matters: working on the projects that excite you most.</p>
<p>In this blog, we’ll touch on some of the most common community health files (focusing on <code>README</code>, contributor guides, and licenses) and why they’re so important for maintainers, along with actionable steps you can take to add them to your projects. ✨</p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--2" style="border-top-width:4px">
<h2 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-what-is-github-copilot" style="margin-top:0">What is GitHub Copilot?</h2>
<p><a href="https://github.com/features/copilot">GitHub Copilot</a> has evolved from a smart autocomplete tool into a multi-model, agentic assistant that understands your entire codebase and can carry out cross-file refactors, run terminal commands, and even draft pull requests.</p>
</aside>
<h2 class="wp-block-heading" id="what-are-community-health-files-and-why-are-they-so-important">What are community health files and why are they so important?</h2>
<p><strong>Community health files</strong> are standardized documents that help maintain a welcoming, organized, and collaborative environment in <a href="https://github.blog/open-source/new-to-open-source-heres-everything-you-need-to-get-started/">open source projects</a>. These files communicate expectations, guide contributors, and support the overall health of a repository. They do <em>not</em> include technical documentation or code itself, but rather the scaffolding that supports healthy collaboration. You can typically find them in a repository’s root directory or in a special <code>.github</code> folder (if they need to be applied across multiple repositories).</p>
<p>Keeping these files up-to-date should be considered <a href="https://opensource.guide/building-community/">a practical investment into your project’s future and reputation</a>, as they’re often the first touchpoint for new contributors, and their existence signals project maturity and maintainability. They not only improve transparency, consistency, and collaboration, but also help set the tone for how contributors and maintainers interact and engage productively. </p>
<p>If crucial community health files are missing or outdated, everyone feels the effects. Picture this: Your open source project starts gaining traction with new contributors. They want to help, but your repository doesn’t have the right files, which leads to contributors unintentionally formatting pull requests incorrectly, opening vague issues, and even introducing security vulnerabilities—all because they didn’t know the proper procedures from the start. Now, your maintainers are overwhelmed and faced with answering the same questions over and over, while also trying to retroactively enforce standards.</p>
<p>It’s clear that the presence of these files helps promote efficiency and clearly communicates best practices, which in turn, creates a better environment for contributors and makes life easier for maintainers—and thanks to AI, the process doesn’t have to be manual. AI tools like GitHub Copilot, for example, can automatically detect missing or stale files, suggest updates, and even generate drafts—saving time and reducing human error. </p>
<p>Here are three common types of community health files and why they’re so important for building a welcoming community (and don’t worry, we’ll tell you exactly how you can generate your own with Copilot later in this blog!): </p>
<p><strong>README</strong><br>Often one of the first things a visitor sees when viewing a repository, a<strong> </strong><a href="http://readme.md"><strong><code>README.MD</code></strong></a><strong> </strong>introduces the project and explains its purpose, along with how to get started. Intended to help remove barriers, this document gives your users crucial information they need to quickly get up and running—like what the project is, information on its features, and how to install or use it. </p>
<p><strong>CONTRIBUTOR GUIDE</strong><strong><br></strong>A <strong>contributor guide</strong> provides guidelines on how contributors can and should participate—things like coding standards and pull request instructions. This guide tells users how they can efficiently contribute and what to expect. For instance, does the project even accept contributions? Contributor guides help set standards and expectations.</p>
<p><strong>LICENSE</strong><strong><br></strong>A <strong>license </strong>specifies the legal terms under which the project can be used, modified, and distributed. In short, it tells people how they can use your software. A common example of this type of file is the MIT License. </p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--3" style="border-top-width:4px">
<h2 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-choosing-the-right-kind-of-license-for-your-project" style="margin-top:0">Choosing the right kind of license for your project</h2>
<p>While you are not required to choose a license for your repository, if you don’t add one, others do not have permission to use, modify, or distribute your code. If you want your repository to be recognized as Open Source, according to the <a href="https://opensource.org/">Open Source Initiative</a> (OSI) and its definition, you should select a widely used OSI-approved <a href="https://opensource.org/licenses">Open Source License</a>.</p>
<p>Here are some resources on how to choose the right license and add it to your repository: </p>
<ul class="wp-block-list">
<li><a href="https://choosealicense.com/">How to choose an open source license</a></li>
<li><a href="https://opensource.guide/legal/#which-open-source-license-is-appropriate-for-my-project">The Legal Side of Open Source</a></li>
<li><a href="https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository">Licensing a repository</a></li>
<li><a href="https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/adding-a-license-to-a-repository">Adding a license to a repository</a></li>
</ul>
</aside>
<p>Here are some other popular <a href="https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file">community health files</a>: </p>
<figure class="wp-block-table"><table class="has-fixed-layout"><tbody><tr><td><strong>ISSUE/PULL REQUEST TEMPLATES</strong></td><td>Standardizes the format and information required when submitting issues or pull requests.</td></tr><tr><td><strong>SECURITY</strong></td><td>Provides instructions for reporting vulnerabilities and outlines the project’s security policy.</td></tr><tr><td><strong>GOVERNANCE</strong></td><td>Explains how the project is managed, including roles, responsibilities, and decision-making processes.</td></tr><tr><td><strong>CODE OF CONDUCT</strong></td><td>Defines standards for how to engage in a community.</td></tr><tr><td><strong>SUPPORT</strong></td><td>Shares specific guidance on how others can get help with your project.</td></tr><tr><td><strong>FUNDING</strong></td><td>Displays a sponsor button in your repository to increase the visibility of funding options for your open source project.</td></tr></tbody></table></figure>
<p>And while it’s not exactly considered a community health file, we wanted to give an honorable mention to… the <a href="https://docs.github.com/en/copilot/how-tos/configure-custom-instructions/add-repository-instructions"><strong>Copilot instructions file</strong></a>, which is an AI configuration that complements health docs. It uses the other community health files as context and tells GitHub Copilot exactly how to interact with the codebase, including what to prioritize or avoid. This file helps ground the LLM—whether you’re using GitHub Copilot or another LLM in VS Code, on <a href="https://github.com">github.com</a>, or Copilot coding agent—giving it an understanding of what your project is and how it’s structured, allowing for consistency across your codebase. </p>
<p>Having these kinds of files in your project is so important, especially when it comes to scaling open source projects where maintainers probably don’t have time to personally help every contributor.<br><br>That’s where time-saving tools like GitHub Copilot come in handy. Keep on reading for actionable next steps, tips, and tutorials on the most efficient ways to add these files to your repositories. ✨</p>
<h2 class="wp-block-heading" id="starter-kit-how-to-update-community-health-files-using-github-copilot">Starter kit: How to update community health files using GitHub Copilot</h2>
<p>We created a starter kit for you that explains how you can use AI to add these valuable files to your projects, complete with prompting best practices, a checklist full of things to consider, and step-by-step tutorials on how to add three common files to your repository using Copilot. Let’s dive in. </p>
<h3 class="wp-block-heading" id="h-part-one-prompting">Part one: Prompting</h3>
<p>Whether you’re starting from scratch or refining existing documentation, GitHub Copilot can help you write clearer, more consistent community health files with just a few prompts. </p>
<p>One thing to note: The LLMs powering GitHub Copilot are nondeterministic, which means that you can receive different outputs each time you prompt the model. <a href="https://github.blog/ai-and-ml/generative-ai/prompt-engineering-guide-generative-ai-llms/">Prompt engineering</a> can drastically improve the quality and relevance of the outputs you get from an LLM, but you’ll still want to verify the accuracy of these outputs, especially when using Copilot to generate more sensitive files like licenses that have legal weight.  </p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--4" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-prompting-best-practices" style="margin-top:0">Prompting best practices</h3>
<p>Want better suggestions from Copilot when generating community health files? Try these tips when writing your prompts:</p>
<ul class="wp-block-list">
<li>Write clear, structured prompts, like “Generate a <code>CONTRIBUTING.md</code> file for a <code>Node.js</code> project that includes setup instructions, coding standards, and pull request guidelines.”</li>
<li>For an even better prompt, make sure you include important context like audience type, project goals, and tone.</li>
<li>Use <a href="https://docs.github.com/en/copilot/tutorials/customization-library/prompt-files/create-readme">existing prompt files</a> to help standardize requests.</li>
</ul>
</aside>
<h3 class="wp-block-heading" id="h-part-two-checklist">Part two: Checklist</h3>
<p>This checklist helps ensure that Copilot-generated content is accurate, inclusive, secure, and aligned with your project’s goals.</p>
<h4 class="wp-block-heading" id="h-before-you-start">🔍 Before you start</h4>
<ul class="wp-block-list">
<li>Have you reviewed existing community health files in similar or related repositories?</li>
<li>Do you have clear goals for what each file should communicate (e.g., onboarding, behavior expectations, security reporting)?</li>
<li>Are you familiar with your organization’s GitHub usage policies and branding guidelines?</li>
</ul>
<h4 class="wp-block-heading" id="%f0%9f%a7%a0-prompting-copilot-effectively">🧠 Prompting Copilot effectively</h4>
<ul class="wp-block-list">
<li>Are your prompts specific and contextual? (e.g., “Generate a <code>CONTRIBUTING.md</code> for a Python-based open source project with a code style guide.”)</li>
<li>Have you included examples or tone preferences in your prompt? (e.g., “Use inclusive language and a welcoming tone.”)</li>
</ul>
<h4 class="wp-block-heading" id="%f0%9f%9b%a1%ef%b8%8f-security-privacy">🛡️ Security & privacy</h4>
<ul class="wp-block-list">
<li>Are you avoiding prompts that include sensitive or proprietary information (e.g., internal credentials, private URLs, confidential project names)?</li>
<li>Have you reviewed your repository’s visibility settings (public vs. private) and ensured that community health files are appropriate for that audience?</li>
<li>Are you familiar with GitHub Copilot’s privacy settings and how your prompts and suggestions are handled?</li>
<li>Will your <code>SECURITY.md</code> include:
<ul class="wp-block-list">
<li>A clear contact method for reporting vulnerabilities?</li>
<li>A brief explanation of how security issues are triaged?</li>
<li>Any relevant links to your organization’s responsible disclosure policy?</li>
</ul>
</li>
</ul>
<h4 class="wp-block-heading" id="%f0%9f%a7%be-reviewing-copilot-output">🧾 Reviewing Copilot output</h4>
<ul class="wp-block-list">
<li>Does the generated content reflect your project’s values and community standards?</li>
<li>Have you checked for hallucinated links, names, or policies that don’t exist?</li>
<li>Are all references to external resources accurate and up-to-date?</li>
</ul>
<h4 class="wp-block-heading" id="%f0%9f%a7%aa-testing-feedback">🧪 Testing & feedback</h4>
<ul class="wp-block-list">
<li>Have you asked a teammate or contributor to review the generated files?</li>
<li>Have you tested any instructions (e.g., setup steps in <code>README</code> or <code>CONTRIBUTING</code>) to ensure they work?</li>
<li>Are you open to iterating based on community feedback?</li>
</ul>
<h3 class="wp-block-heading" id="h-part-three-tutorial">Part three: Tutorial</h3>
<p>In this tutorial, we’ll walk through how you can use Copilot to quickly and easily update <code>README.md</code>, a <code>LICENSE</code> file, and <code>CONTRIBUTING.md</code>.</p>
<h4 class="wp-block-heading" id="%f0%9f%93%9d-create-a-readme">📝 Create a README </h4>
<p><strong>Why make a <code>README</code>? </strong>Adding a <code>README</code> provides a clear overview of your project, helping users and contributors quickly understand its purpose, setup, and usage. Without it, potential users could abandon your repository due to confusion or lack of context.</p>
<p>Here’s how to make one: </p>
<ol class="wp-block-list">
<li><strong>Open GitHub Copilot Chat</strong> in your IDE (e.g., VS Code).</li>
<li><strong>Switch to agent mode</strong> to enable project-aware assistance.</li>
<li><strong>Select your preferred model</strong> (e.g., Claude for strong writing and coding support).</li>
<li><strong>Ensure your project is open</strong> in the IDE so Copilot can read its context (e.g., <code>package.json</code>, <code>app.tsx</code>).</li>
<li>In the chat window, type: “Help me write a <code>README.md</code> for my project. Ensure it includes installation instructions, a project overview, and follows standard <code>README</code> practices.”</li>
<li><strong>Review the generated README.md</strong>. Copilot will analyze your project files and generate a structured <code>README.md</code>.</li>
<li><strong>Validate the installation instructions manually</strong> to ensure accuracy (LLMs may <a href="https://github.blog/ai-and-ml/llms/demystifying-llms-how-they-can-do-things-they-werent-trained-to-do/#hallucinations">hallucinate)</a>.</li>
<li>If satisfied, <strong>click “Keep”</strong> to save the <code>README.md</code> file.</li>
<li><strong>Commit the <code>README.md</code></strong> to your repository.</li>
</ol>
<h4 class="wp-block-heading" id="%f0%9f%93%84-add-a-license">📄 Add a license</h4>
<p><strong>Why make a license? </strong>A license defines how others can legally use, modify, and distribute your code, protecting both your rights and theirs. It removes ambiguity and prevents misuse, making your project safer to adopt and contribute to.</p>
<p>Here’s how to add one: </p>
<ol class="wp-block-list">
<li><strong>Open GitHub Copilot Chat</strong> in your IDE.</li>
<li>Decide <a href="https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository">what kind of license you want to add</a>.</li>
<li>Type the following prompt: “Can you add [the license you want] to my project?”</li>
<li>Copilot will generate a <code>LICENSE</code> file with the license of your choice. </li>
<li><strong>Review the license</strong> to ensure it’s accurate (especially any copyright owner names and statements).</li>
<li>If correct, <strong>click “Keep”</strong> to save the file.</li>
<li><strong>Commit the <code>LICENSE</code> file</strong> to your repository.</li>
</ol>
<h4 class="wp-block-heading" id="%f0%9f%a4%9d-create-a-contributor-guide">🤝  Create a contributor guide</h4>
<p><strong>Why make a contributor guide? </strong>A contributor guide streamlines collaboration by outlining contribution standards, workflows, and expectations. This makes it easier for others to get involved with your project. The goal is to reduce friction and errors while also encouraging consistent, scalable contributions.</p>
<p>Here’s how to create one: </p>
<ol class="wp-block-list">
<li><strong>Open GitHub Copilot Chat</strong> in your IDE.</li>
<li>Click the <strong>“+” icon</strong> to start a new chat.</li>
<li>Type this prompt: <em>“Create a contributing guide file that follows best practices and link it in the <code>README</code>.”</em></li>
<li>Copilot will generate a <code>CONTRIBUTING.md</code> file with:
<ul class="wp-block-list">
<li>Contribution guidelines</li>
<li>Code standards</li>
<li>Pull request instructions</li>
<li>Issue reporting process</li>
</ul>
</li>
<li><strong>Review and edit</strong> the guide to match your team’s workflow.</li>
<li><strong>Save and commit</strong> the <code>CONTRIBUTING.md</code> file.</li>
<li><strong>Update your README</strong> to include a link to the contributor guide:</li>
</ol>
<pre class="wp-block-code"><code>## Contributing
See <a href="https://m365.cloud.microsoft/CONTRIBUTING.md">CONTRIBUTING.md</a> for guidelines.</code></pre>
<h2 class="wp-block-heading" id="take-this-with-you">Take this with you</h2>
<p>GitHub Copilot isn’t just for writing code—it can be your documentation sidekick, too. Helping you write smarter, faster, and with less friction, Copilot sharpens your community health files, scales best practices, and turns good intentions into great documentation. </p>
<p>The result? Better docs, stronger communities, and happier maintainers.</p>
<div class="wp-block-group post-content-cta has-global-padding is-layout-constrained wp-block-group-is-layout-constrained">
<p><a href="https://docs.github.com/en/copilot/about-github-copilot/github-copilot-features">Read the Docs</a> to learn more about GitHub Copilot features or <a href="https://resources.github.com/copilot-for-business/?ef_id=_k_Cj0KCQjwsp6pBhCfARIsAD3GZubTXuCGU1hy65GlbZ2fA1YjoRRhw64GoF8UI-lrQsnWSqAWJ7dC3QoaAqQ4EALw_wcB_k_&OCID=AIDcmmc3fhtaow_SEM__k_Cj0KCQjwsp6pBhCfARIsAD3GZubTXuCGU1hy65GlbZ2fA1YjoRRhw64GoF8UI-lrQsnWSqAWJ7dC3QoaAqQ4EALw_wcB_k_&gclid=Cj0KCQjwsp6pBhCfARIsAD3GZubTXuCGU1hy65GlbZ2fA1YjoRRhw64GoF8UI-lrQsnWSqAWJ7dC3QoaAqQ4EALw_wcB">get started</a> today.</p>
</div>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/how-to-update-community-health-files-with-ai/">How to update community health files with AI</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91663</post-id> </item>
<item>
<title>Inside the breach that broke the internet: The untold story of Log4Shell</title>
<link>https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/</link>
<dc:creator><![CDATA[Gregg Cochran]]></dc:creator>
<pubDate>Mon, 20 Oct 2025 16:00:16 +0000</pubDate>
<category><![CDATA[Open Source]]></category>
<category><![CDATA[Log4j]]></category>
<category><![CDATA[open source]]></category>
<category><![CDATA[Security]]></category>
<guid isPermaLink="false">https://github.blog/?p=91594</guid>
<description><![CDATA[<p>Log4Shell proved that open source security isn't guaranteed and isn’t just a code problem. It's about supporting, enabling, and empowering the people behind the projects that build our digital infrastructure.</p>
<p>The post <a href="https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/">Inside the breach that broke the internet: The untold story of Log4Shell</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>When Christian Grobmeier went to help his son with a Minecraft problem, he found the game displaying a warning: “We are suffering from a security hole from Log4J, please be careful and update immediately.”</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>I stared at the screen and told my son,<strong> ‘I’m sorry, it’s my fault.’</strong></p>
<cite>Christian Grobmeier, Log4j maintainer</cite></blockquote>
<p>This is the untold story of how one maintainer and the <a href="https://github.com/apache/logging-log4j2">Log4j</a> team navigated a crisis that exposed critical gaps in our digital infrastructure and demonstrated the importance of open source security and sustainability. Now, initiatives like the <a href="https://resources.github.com/github-secure-open-source-fund/">GitHub Secure Open Source Fund</a> are working to make sure it never happens again.</p>
<p>It all started a few hours earlier on a cold November day, when Christian, who is a maintainer of the open source project Log4j, planned to spend time playing games with his son. Instead, he found himself staring at his phone, watching notifications pile up in his inbox—10, then 20 emails flooding in. When he saw the words “remote code execution,” his first thought was: “Maybe I’m on the wrong mailing list.”</p>
<p>He wasn’t. And within hours, Christian would be at the center of what became known as Log4Shell: the most severe vulnerability in internet history, affecting billions of devices from Fortune 500 companies to Minecraft servers worldwide.</p>
<p>“I told my son, I will play with you in like five minutes,” Christian recalls. “But he didn’t see me for the next couple of days.”</p>
<figure class="wp-block-table"><table class="has-fixed-layout"><tbody><tr><td><strong>Watch the full interview with Christian Grobmeier and Gregg Cochran, staff program manager at GitHub, above. 👆</strong></td></tr></tbody></table></figure>
<h2 class="wp-block-heading" id="h-the-ubiquity-that-made-log4shell-a-perfect-storm">The ubiquity that made Log4Shell a perfect storm</h2>
<p>Log4j is foundational software. This 20+ year-old Java logging library quietly powers system events in applications worldwide, like user logins and calculation results. But this small piece of software had quietly become a dependency in thousands of projects across the Java ecosystem.</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Log4j is such a small, tiny library. But everybody can use it in their software.</p>
<cite>Christian Grobmeier</cite></blockquote>
<p>That ubiquity made Log4Shell devastating. Financial services companies relied on it for compliance auditing. E-commerce systems used it to track security incidents. Insurance companies needed it to monitor their software behavior. In a 2022 Tidelift survey, 49% of open source developers reported that their organization relies on Java—and most of them were using Log4j without even knowing it.</p>
<p>When Christian realized the scope of the vulnerability, the weight hit him immediately: “Literally all Java applications in the world could be affected. Even 10% would be a major problem. This would be catastrophic.”</p>
<h2 class="wp-block-heading" id="h-a-vulnerability-that-scored-a-perfect-10">A vulnerability that scored a perfect 10</h2>
<p>Log4Shell reveals how a seemingly innocent feature became an attack vector. Log4j used <a href="https://docs.oracle.com/cd/E19747-01/819-0076/jndi.html">Java’s Naming and Directory Interface</a> (JNDI) to provide flexibility, allowing developers to load software components from remote servers. But the library didn’t validate whether JNDI lookup strings were coming from trusted sources.</p>
<p>“How can a string break the internet?” Christian asks. </p>
<p>The exploitation was frighteningly simple. An attacker could input a malicious JNDI string into any application field that gets logged—a username field, a search box, even a Minecraft chat message—and execute remote code on the target system.</p>
<pre class="wp-block-code language-plaintext"><code>jndi:<protocol>://<server-name>:<port>/<path-to-object></code></pre>
<p>“You don’t even need to have special knowledge,” Christian notes. “You just run around and push the string wherever you want it.”</p>
<p class="purple-text text-gradient-purple-coral" style="margin-top:var(--wp--preset--spacing--40);margin-bottom:var(--wp--preset--spacing--40)"><strong>The Common Vulnerability Scoring System (CVSS) gave Log4Shell a perfect 10: the highest possible score.</strong></p>
<p class="purple-text text-gradient-purple-coral" style="margin-top:var(--wp--preset--spacing--40);margin-bottom:var(--wp--preset--spacing--40)">“The first time I heard about this score, I thought, maybe it’s not so bad,” Christian remembers. “And then after a couple of days, I thought, yeah, <strong>maybe we should extend this to a score of 15 or 20.</strong>“</p>
<h2 class="wp-block-heading" id="the-human-cost-of-maintaining-critical-infrastructure">The human cost of maintaining critical infrastructure</h2>
<p>The personal toll on maintainers during the Log4Shell crisis reveals the hidden human cost of our software supply chain. Christian and his team, mostly volunteers, suddenly found themselves responsible for patching a vulnerability affecting half the internet. The pressure was immense and deeply personal.</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Some of us stopped sleeping. We all felt that either we fix it right now in the next few days, or we close this project.</p>
<cite>Christian Grobmeier</cite></blockquote>
<p>Fixing the initial vulnerability led to the discovery of additional issues, creating what Christian describes as “a bag of water with a hole. When you patch the hole, you see another one.”</p>
<p>Meanwhile, the community response was mixed. “On the one hand, you have people who really hate you, and on the other hand, you have people who are really behind you,” Christian explains. </p>
<p>Perhaps most telling:</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Nobody stops in to check on you. They check on the project. There’s also nobody standing up and saying, ‘hey, thank you for the good work you’re doing to remediate this issue.’</p>
<cite>Christian Grobmeier</cite></blockquote>
<h2 class="wp-block-heading" id="how-the-github-secure-open-source-fund-is-strengthening-security">How the GitHub Secure Open Source Fund is strengthening security</h2>
<p>The Log4Shell incident highlighted a critical gap in open source security: Maintainers often lack the training and resources to build security into their projects from the ground up. This realization sparked initiatives like the GitHub Secure Open Source Fund, which provides both funding and security training to critical open source projects.</p>
<p>The fund has been effective and efficient as a form of proactive protection, pooled resources, and shared responsibility. Think of it as “insurance” for the open source supply chain—helping make the digital ecosystem safer and reducing risks that could impact billions of users.</p>
<p>Christian participated in the <a href="https://github.blog/open-source/maintainers/securing-the-supply-chain-at-scale-starting-with-71-important-open-source-projects/">GitHub Secure Open Source Fund</a> security training program, and the impact was transformative.</p>
<p>The training didn’t just provide technical knowledge—it shifted his perspective. Christian explains, “With this training, developers are no longer the weakest link. Instead, they’re the first line of defense.”</p>
<p>This change in mindset is crucial. As Christian puts it:</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Ignorance is by far the worst and most critical security hole. It will basically break all software.</p>
<cite>Christian Grobmeier</cite></blockquote>
<p>When asked if the GitHub Secure Open Source Fund training could have prevented Log4Shell, Christian is direct: “If this training had existed five years ago, maybe Log4Shell wouldn’t be here today.”</p>
<h2 class="wp-block-heading" id="technical-lessons-building-security-by-default">Technical lessons: Building security by default</h2>
<p>The Log4Shell incident taught the industry several critical lessons about secure development practices:</p>
<p><strong>1. Validate all external input</strong>: Never trust data that crosses trust boundaries, especially in foundational libraries that process user input.</p>
<p><strong>2. Disable dangerous features by default</strong>: Log4j now ships with JNDI lookups disabled by default. </p>
<p><strong>3. Implement defense in depth</strong>: Modern applications need multiple layers of protection, from input validation to runtime protections.</p>
<p><strong>4. Automate security scanning</strong>: Tools like GitHub’s code scanning and Dependabot can catch vulnerabilities before they reach production.</p>
<p><strong>5. Maintain a software bills of materials (SBOMs)</strong>: When Log4Shell hit, many organizations couldn’t determine if they were affected because they didn’t know their dependencies.</p>
<p>“I got phone calls from colleagues, asking me: ‘Am I really affected?’ SBOMs give you a technical way to find out what dependencies you’re using in a project,” Christian explains. </p>
<h2 class="wp-block-heading" id="industry-wide-lessons-for-sustainable-open-source">Industry-wide lessons for sustainable open source</h2>
<p>While the technical lessons from Log4Shell are crucial, technology changes aren’t enough. The deeper challenge lies in how we support the humans who maintain the open source infrastructure our world depends on. This crisis exposed several systemic issues in how we approach open source sustainability and security:</p>
<p><strong>Community is crucial</strong>: “If you’re maintaining open source software, just as one single person, that’s a risk,” Christian emphasizes.</p>
<p><strong>Security training needs to be accessible</strong>: Traditional security education often doesn’t reach the maintainers who need it most.</p>
<p><strong>Funding alone isn’t enough</strong>: While financial support helps, Christian found that training and community were equally important. When offered funding to pay team members, many declined due to tax implications or existing jobs.</p>
<p><strong>Kindness matters</strong>: “Behind every small open source library, there’s a human writing the code,” Christian reminds us. “If you find something that’s not right, help out instead of being angry.”</p>
<p><strong>Security can be improved for every project</strong>: During the program, Christian implemented multiple new security improvements, including hardening GitHub Actions against script injections, developing a new threat model, and collaborating with ScanCode to identify hidden Log4j artifacts in third-party code.</p>
<h2 class="wp-block-heading" id="your-role-in-securing-the-software-supply-chain">Your role in securing the software supply chain</h2>
<p>The Log4Shell story isn’t just about one vulnerability; it’s about the collective responsibility we all share in maintaining the open source ecosystem that powers the modern internet.</p>
<p><strong>For maintainers</strong>: Apply to programs like the <a href="https://resources.github.com/github-secure-open-source-fund/">GitHub Secure Open Source Fund</a>. <a href="http://gh.io/protect-your-project">Enable built-in security tools</a> like GitHub’s <a href="https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning">code scanning</a> and <a href="https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide">Dependabot</a>. <a href="https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository">Export SBOMs</a> to help downstream users understand their dependencies, and <a href="https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories">publish security advisories</a> for all vulnerabilities found in your project.</p>
<p><strong>For enterprises: </strong>Become a Funding or Ecosystem Partner of the <a href="https://resources.github.com/github-secure-open-source-fund/">GitHub Secure Open Source Fund.</a> Invest engineering time in the upstream projects you depend on. Don’t just consume open source—contribute with code, documentation, security reviews, and funding.</p>
<p><strong>For individual developers</strong>: Select carefully the new dependencies that you pull in, for example by <a href="https://scorecard.dev/">checking their security posture</a>. Consider the data you process may be attacker controlled and strictly validate untrusted inputs to prevent unintended behavior. Contribute test cases and documentation.</p>
<h2 class="wp-block-heading" id="the-path-forward">The path forward</h2>
<p>Today, <a href="https://github.com/apache/logging-log4j2">Log4j</a> has an 8.3 OpenSSF score, which demonstrates good security practices.</p>
<p>But the broader lesson extends beyond any single project. As Christian puts it:</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Learning is the only cure for ignorance. So just keep learning.</p>
<cite>Christian Grobmeier</cite></blockquote>
<p>The Log4Shell incident showed us how quickly our digital world can be threatened by a single vulnerability. But it also demonstrated the power of the open source community to respond, adapt, and improve. The question isn’t whether the next critical vulnerability will emerge—it’s whether we’ll be ready for it.</p>
<hr class="wp-block-separator has-alpha-channel-opacity">
<p><strong>Ready to strengthen your open source project’s security?</strong> The GitHub Secure Open Source Fund provides funding, training, and resources to help maintainers build more secure software:</p>
<ul class="wp-block-list">
<li><strong>Projects and Maintainers:</strong> <a href="https://resources.github.com/github-secure-open-source-fund/">Apply now</a> to the GitHub Secure Open Source Fund and help make open source safer for everyone.</li>
<li><strong>Funding and Ecosystem Partners:</strong> <a href="https://docs.google.com/forms/d/e/1FAIpQLSeLMDmnxjbrneIPKlX8u3vK4I9ym6vRZPtWzMpT27apx6h9dw/viewform">Become a Funding or Ecosystem Partner</a> and support a more secure open source future. Join us on this mission to secure the software supply chain — at scale!</li>
</ul>
<hr class="wp-block-separator has-alpha-channel-opacity">
<h3 class="wp-block-heading" id="thank-you-to-all-of-our-partners">Thank you to all of our partners</h3>
<p>We couldn’t do this without our incredible network of partners. Together, we are helping secure the open source ecosystem for everyone! </p>
<p><strong>Funding Partners: </strong>Alfred P. Sloan Foundation, American Express, Chainguard, Datadog, Herodevs, Kraken, Mayfield, Microsoft, Shopify, Stripe, Superbloom, Vercel, Zerodha, 1Password</p>
<p><strong>Ecosystem Partners: </strong>Ecosyste.ms, CURIOSS, Digital Data Design Institute Lab for Innovation Science, Digital Infrastructure Insights Fund, Microsoft for Startups, Mozilla, OpenForum Europe, Open Source Collective, OpenUK, Open Technology Fund, OpenSSF, Open Source Initiative, OpenJS Foundation, University of California, Santa Cruz OSPO, Sovereign Tech Agency, SustainOSS</p>
</body></html>
<p>The post <a href="https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/">Inside the breach that broke the internet: The untold story of Log4Shell</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91594</post-id> </item>
<item>
<title>Accelerate developer productivity with these 9 open source AI and MCP projects</title>
<link>https://github.blog/open-source/accelerate-developer-productivity-with-these-9-open-source-ai-and-mcp-projects/</link>
<dc:creator><![CDATA[Kevin Crosby]]></dc:creator>
<pubDate>Fri, 17 Oct 2025 16:00:00 +0000</pubDate>
<category><![CDATA[Open Source]]></category>
<category><![CDATA[generative AI]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[LLM]]></category>
<category><![CDATA[machine learning]]></category>
<category><![CDATA[MCP]]></category>
<category><![CDATA[VS Code]]></category>
<guid isPermaLink="false">https://github.blog/?p=91591</guid>
<description><![CDATA[<p>GitHub Copilot and VS Code teams, along with the Microsoft Open Source Program Office (OSPO), sponsored these nine open source MCP projects that provide new frameworks, tools, and assistants to unlock AI-native workflows, agentic tooling, and innovation.</p>
<p>The post <a href="https://github.blog/open-source/accelerate-developer-productivity-with-these-9-open-source-ai-and-mcp-projects/">Accelerate developer productivity with these 9 open source AI and MCP projects</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>With the emergence and rise of Model Context Protocol (MCP), developers are discovering revolutionary ways for AI and agents to interact with tools, codebases, and even browsers.  </p>
<p>Building on top of the core technology, we are seeing projects, such as browser extensions and tools within code editors, enabling AI-native workflows and unlocking a new category of agentic tooling: innovative ecosystems and new projects focused on MCP-powered capabilities are changing the way we work. </p>
<p>In partnership with the Microsoft Open Source Program Office (OSPO), the GitHub Copilot and VS Code teams sponsored nine projects to accelerate innovation, security, and sustainability within open source. Below you’ll find the projects and the three major themes we’re seeing across their work.</p>
<h2 class="wp-block-heading" id="h-framework-and-platform-integrations-ecosystem-integrations-for-real-world-use-cases">Framework and platform integrations: Ecosystem integrations for real-world use cases  </h2>
<p>These projects integrate <em>bring MCP capabilities into popular frameworks and ecosystems for AI-native tooling and help </em>MCP with widely used platforms, and enable agents to interact with real-world apps and workflows: </p>
<ul class="wp-block-list">
<li><a href="https://github.com/tadata-org/fastapi_mcp"><strong>fastapi_mcp</strong></a>: Expose secure FastAPI endpoints as MCP tools with minimal setup, authentication, and limited configuration—all with a unified infrastructure. </li>
<li><a href="https://github.com/antfu/nuxt-mcp"><strong>nuxt-mcp</strong></a>: Nuxt developer tools for route inspection and SSR debugging make it easier for your team to make models understand your Vite/Nuxt app better. </li>
<li><a href="https://github.com/CoplayDev/unity-mcp"><strong>unity-mcp</strong></a>: Unity MCP allows you to interface with game engine APIs for AI-assisted game development and gives your AI tools to manage assets, control scenes, edit scripts, and automate tasks within Unity </li>
</ul>
<h2 class="wp-block-heading" id="h-developer-experience-and-ai-enhanced-coding-ai-first-developer-productivity">Developer experience and AI-enhanced coding: AI-first developer productivity  </h2>
<p>These projects empower AI,  LLMs and agents to act as intelligent IDE assistants and code editors by improving developer workflows, semantic code understanding, and safe code execution.</p>
<ul class="wp-block-list">
<li><a href="https://github.com/upstash/context7"><strong>context7</strong></a>: Context7 pulls up-to-date, version-specific documentation and code examples straight from your code and plugs them directly into your AI and LLM prompts LLM’s context.  </li>
<li><a href="https://github.com/oraios/serena"><strong>serena</strong></a>: Semantic code editing and retrieval for agent-driven coding agent toolkit providing semantic retrieval and editing capabilities.  </li>
<li><a href="https://github.com/steipete/Peekaboo"><strong>Peekaboo</strong></a>: Swift code analysis that turns what’s on your screen into actionable AI context to create full GUI automation, and can be used for AI assistants.  </li>
<li><a href="https://github.com/instavm/coderunner"><strong>coderunner</strong></a>: Coderunner turns LLMs into an instant, local execution partner that writes and runs code in a preconfigured sandbox on your machine, auto-installs tools, directly reads files, and returns outputs and generated artifacts. </li>
</ul>
<h2 class="wp-block-heading" id="h-automation-testing-and-orchestration-reliability-and-quality-assurance-for-mcp-infrastructure">Automation, testing and orchestration: Reliability and quality assurance for MCP infrastructure </h2>
<p>These projects help extend MCP infrastructure into production grade tools for automation pipelines and providing robust testing, and debugging tools. These help ensure you can run MCP at scale. </p>
<p> MCP server evaluation: </p>
<ul class="wp-block-list">
<li><a href="https://github.com/czlonkowski/n8n-mcp"><strong>n8n-mcp</strong></a>: n8n-MCP is an ultra-optimized platform that enhances n8n’s workflow automation by streamlining workflow creation and orchestration. It integrates AI models to help users better understand and work with n8n nodes.</li>
<li><a href="https://github.com/MCPJam/inspector"><strong>inspector</strong></a>: A tool for testing and debugging MCP servers by inspecting protocol handshake, tools, resources, prompts, and OAuth flows. It offers a built-in LLM playground and lets you run eval simulations to catch security or performance regressions.  </li>
</ul>
<h2 class="wp-block-heading" id="h-ai-workflows-and-agentic-developer-productivity-with-mcp-and-open-source">AI workflows and agentic developer productivity with MCP and open source </h2>
<p>Developers are building at incredible speed with the power of AI and MCP. These projects represent some of the fastest growing developer tools within the MCP ecosystem and community. They are tools that developers use and care about. GitHub Copilot and VS Code teams are excited to sponsor more open source projects that drive new innovations like MCP for agent-native development. </p>
<hr class="wp-block-separator has-alpha-channel-opacity">
<p>Sign up for<a href="https://github.com/sponsors?utm_source=github&utm_medium=blog&utm_campaign=FY226-Q1-MCP-SPONSORSHIPS"> GitHub Sponsors</a> today to join us in sponsoring these projects (and more!) and help support the<a href="https://modelcontextprotocol.io/"> MCP ecosystem</a>. You can also start exploring MCP with<a href="https://code.visualstudio.com/"> VS Code</a> and<a href="https://github.com/features/copilot?utm_source=github&utm_medium=blog&utm_campaign=FY226-Q1-MCP-SPONSORSHIPS"> GitHub Copilot</a> today!</p>
</body></html>
<p>The post <a href="https://github.blog/open-source/accelerate-developer-productivity-with-these-9-open-source-ai-and-mcp-projects/">Accelerate developer productivity with these 9 open source AI and MCP projects</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91591</post-id> </item>
<item>
<title>How to navigate GitHub Universe (or any tech conference) if you’re an introvert</title>
<link>https://github.blog/news-insights/company-news/how-to-navigate-github-universe-or-any-tech-conference-if-youre-an-introvert/</link>
<dc:creator><![CDATA[GitHub Staff]]></dc:creator>
<pubDate>Thu, 16 Oct 2025 16:14:02 +0000</pubDate>
<category><![CDATA[Company news]]></category>
<category><![CDATA[News & insights]]></category>
<category><![CDATA[GitHub Universe]]></category>
<guid isPermaLink="false">https://github.blog/?p=91588</guid>
<description><![CDATA[<p>If alone time is your love language—don’t worry, it’s ours too—you can still attend, learn from, and enjoy big events like GitHub Universe. Here are some practical tips on how.</p>
<p>The post <a href="https://github.blog/news-insights/company-news/how-to-navigate-github-universe-or-any-tech-conference-if-youre-an-introvert/">How to navigate GitHub Universe (or any tech conference) if you’re an introvert</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>We know that the idea of big tech conferences can be overwhelming, especially if you’re introverted, anxious, or are used to spending most of your day behind your computer. (Which is most of us.) And that’s okay! </p>
<p>The good news is that GitHub Universe was designed for folks like you. This isn’t just one long conference in a room with thousands of people and no exit. Universe offers all sorts of opportunities to take breaks, hang in small groups, or watch virtually, so that you can learn and network at whatever pace works for you. We’ve built in events to make the experience extra comfortable, safe, and exciting for all.</p>
<p>[<a href="https://githubuniverse.com/?utm_source=Blog&utm_medium=GitHub&utm_campaign=tech_conference_introvert">Get your IRL pass</a>]</p>
<p>If you’ve already got your pass but are feeling a bit shaky on how it’ll all go, here are some practical tips for how to navigate tech conferences, like GitHub Universe.</p>
<h2 class="wp-block-heading" id="h-1-attend-smaller-sessions-or-workshops">1. Attend smaller sessions or workshops</h2>
<p>Instead of signing up for the largest, busiest sessions, go for the smaller workshops, niche panels, and breakout sessions. Small-group sessions often foster deeper connections and conversations, and they can help keep you from getting lost in the crowd. </p>
<p>This year’s Universe will feature many <strong>interactive workshops</strong> (<a href="https://reg.githubuniverse.com/flow/github/universe25/attendee-portal/page/sessioncatalog?search.sessiontype=1681826483038003zyr1">explore the full list</a>), where the guest list will be small, and the conversations will be deep. You can also add demo-style<strong> sandbox sessions </strong>to your agenda, which include practical exercises, to keep your mind engaged! </p>
<p>You may also want to check out gatherings in our <strong>discussions lounge</strong>, where two to three facilitators will guide small groups through specific topics of interest, prioritizing active participation and collaboration. </p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="683" width="1024" src="https://github.blog/wp-content/uploads/2025/10/image8.jpg?resize=1024%2C683" alt="Attendees working on laptops during conference session in presentation room." class="wp-image-91608" srcset="https://github.blog/wp-content/uploads/2025/10/image8.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2025/10/image8.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/image8.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/image8.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/image8.jpg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h2 class="wp-block-heading" id="h-2-find-quiet-zones-and-recharge-spaces">2. Find quiet zones and recharge spaces</h2>
<p>We all know that introverts recharge alone. So if you need to step away and take some time to reflect, you should!</p>
<p>At Universe, we’ve created <strong>dedicated lounges and recharge spaces</strong>, so you don’t have to choose between skipping content and protecting your peace. Need a few minutes to unwind? We’ll have a quiet room for phone-free decompression, meditation, and prayer. We’ll also have plenty of drink options, snacks, and meals available if you need to keep your blood sugar up.</p>
<p>And don’t forget to step outside and take in the stunning waterfront views at Fort Mason—a quick breath of ocean air can do wonders between sessions.</p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="683" width="1024" src="https://github.blog/wp-content/uploads/2025/10/image7-1.jpg?resize=1024%2C683" alt="Sunset view across the bay with birds flying over water and hills in background." class="wp-image-91609" srcset="https://github.blog/wp-content/uploads/2025/10/image7-1.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2025/10/image7-1.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/image7-1.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/image7-1.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/image7-1.jpg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h2 class="wp-block-heading" id="h-3-join-curated-networking-activities">3. Join curated networking activities</h2>
<p>If large mixers without a planned topic of conversation feel daunting, you can look for guided or themed activities where the conversation already has a starting point. </p>
<p>At Universe, you can connect with people who share your passions at <a href="https://github.blog/news-insights/company-news/explore-the-best-of-github-universe-9-spaces-built-to-spark-creativity-connection-and-joy/">structured networking meetup spots</a>, including: </p>
<ul class="wp-block-list">
<li><strong>Recess!: </strong>Meet fellow attendees over your shared interests beyond the code. Whether you’re a Lego enthusiast or a die-hard Swiftie, there’s an opportunity for everyone to connect and simply have fun.</li>
<li><strong>Makerspace: </strong>Create interactive projects, from art to AI and music to robotics. Whether you build or just tinker, this is your playground.</li>
<li><strong>Open Source Zone: </strong>Connect with contributors and maintainers, explore open source projects, and celebrate the power of community-led software. </li>
</ul>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="683" width="1024" src="https://github.blog/wp-content/uploads/2025/10/image3-1.jpg?resize=1024%2C683" alt="Person at table assembling colorful LEGO buildings including a tower and house with organized brick containers." class="wp-image-91611" srcset="https://github.blog/wp-content/uploads/2025/10/image3-1.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2025/10/image3-1.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/image3-1.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/image3-1.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/image3-1.jpg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h2 class="wp-block-heading" id="h-4-set-personal-goals-and-boundaries">4. Set personal goals and boundaries</h2>
<p>Decide ahead of time what you want to get out of the event. Take a look at the agenda. What are your must-see sessions? Who are the people you want to meet? Build in plenty of breaks—without guilt! </p>
<p>Did you know that we offer a <strong>Universe agenda builder, curated schedules</strong>, and <strong><a href="https://github.blog/news-insights/company-news/github-universe-2025-heres-whats-in-store-at-this-years-developer-wonderland/#h-what-you-ll-experience">content tracks</a></strong>, so you can figure out the right sessions for your interests and goals? This makes it simple to stick to your plan (and pace yourself!). </p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="683" width="1024" src="https://github.blog/wp-content/uploads/2025/10/image4-1.jpg?resize=1024%2C683" alt="Conference attendee in checkered blazer reading event map in crowded exhibition hall." class="wp-image-91612" srcset="https://github.blog/wp-content/uploads/2025/10/image4-1.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2025/10/image4-1.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/image4-1.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/image4-1.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/image4-1.jpg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h2 class="wp-block-heading" id="h-5-bring-a-conversation-starter">5. Bring a conversation starter</h2>
<p>Wearing a T-shirt, pin, or sticker related to your passions makes it easy for someone else to approach <em>you</em>. It may even give you the confidence to approach someone else, too. </p>
<p>Universe swag (and plenty of community stickers) are designed to help spark those natural, low-pressure conversations. And if you don’t have any swag before the event, you can always visit <strong>The GitHub Shop</strong> and grab something day-of. We’ll have a brand new GitHub Universe collection, so you’ll be able to rep our latest and greatest. </p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="683" width="1024" src="https://github.blog/wp-content/uploads/2025/10/image6-1.jpg?resize=1024%2C683" alt="Two attendees having conversation at tech conference, one wearing GitHub Star tag and blue cap." class="wp-image-91613" srcset="https://github.blog/wp-content/uploads/2025/10/image6-1.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2025/10/image6-1.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/image6-1.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/image6-1.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/image6-1.jpg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h2 class="wp-block-heading" id="h-6-take-it-online-with-livestream-or-on-demand-sessions">6. Take it online with livestream or on-demand sessions</h2>
<p>If attending in-person still doesn’t feel right, don’t forget that you can attend GitHub Universe virtually or catch keynotes and select session recordings later on-demand. Our goal: Make sure you can still participate and stay connected in a way that works best for you. </p>
<p>To note: This might not always be an option at other tech conferences or events, but it’s always worth checking to see if there are ways to learn and connect from home if that’s your preferred method. </p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="683" width="1024" src="https://github.blog/wp-content/uploads/2025/10/image5-1.jpg?resize=1024%2C683" alt='Speaker presenting GitHub Models to large audience with "A new generation of AI engineers on GitHub" displayed on screen.' class="wp-image-91614" srcset="https://github.blog/wp-content/uploads/2025/10/image5-1.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2025/10/image5-1.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/image5-1.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/image5-1.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/image5-1.jpg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h2 class="wp-block-heading" id="h-conclusion">Conclusion</h2>
<p>We hope you see you at GitHub Universe this year. Don’t forget that however you plan to attend—in-person, virtually, just a few workshops, or somewhere in between—it’s all in your control. Whether you’re introverted (like us) or extroverted, or somewhere in between, we hope you have the best time! </p>
<p>[<a href="https://githubuniverse.com/?utm_source=Blog&utm_medium=GitHub&utm_campaign=tech_conference_introvert">Register now</a>]</p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="683" width="1024" src="https://github.blog/wp-content/uploads/2025/10/image2-1.jpg?resize=1024%2C683" alt="View of Alcatraz Island through a colorful art installation frame with visitors silhouetted at waterfront." class="wp-image-91615" srcset="https://github.blog/wp-content/uploads/2025/10/image2-1.jpg?w=1999 1999w, https://github.blog/wp-content/uploads/2025/10/image2-1.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/image2-1.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/image2-1.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/image2-1.jpg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
</body></html>
<p>The post <a href="https://github.blog/news-insights/company-news/how-to-navigate-github-universe-or-any-tech-conference-if-youre-an-introvert/">How to navigate GitHub Universe (or any tech conference) if you’re an introvert</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91588</post-id> </item>
<item>
<title>Copilot: Faster, smarter, and built for how you work now</title>
<link>https://github.blog/ai-and-ml/github-copilot/copilot-faster-smarter-and-built-for-how-you-work-now/</link>
<dc:creator><![CDATA[Ashley Willis]]></dc:creator>
<pubDate>Wed, 15 Oct 2025 15:00:00 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[GitHub Copilot CLI]]></category>
<category><![CDATA[LLM]]></category>
<category><![CDATA[MCP]]></category>
<guid isPermaLink="false">https://github.blog/?p=91555</guid>
<description><![CDATA[<p>Discover how GitHub Copilot has evolved from a high-powered autocomplete tool to a powerful, multi-model agentic assistant.</p>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/copilot-faster-smarter-and-built-for-how-you-work-now/">Copilot: Faster, smarter, and built for how you work now</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>You probably remember when <a href="https://github.com/features/copilot?utm_source=blog-generic-copilot-cta-oct-2025&utm_campaign=copilot-generic-promotion-blog-launch-oct-2025">GitHub Copilot</a> first showed up in your editor with that little gray box. It was fast, surprising, and sometimes weird. But it hinted at something bigger: AI could actually <em>help</em> you code, not just autocomplete it.</p>
<p>Fast forward to today, and AI is part of our daily workflows. From Cursor to Windsurf and Claude Code to Gemini to OpenAI Codex, there’s no shortage of new tools. And that’s great. Developers need options.</p>
<p><strong>But with 20 million-plus developers across IDEs, the command line, and pull requests, GitHub Copilot is the most-used AI tool among developers</strong>, according to <a href="https://newsletter.pragmaticengineer.com/p/the-pragmatic-engineer-2025-survey">a recent Pragmatic Engineer survey</a>. Devs have used Copilot to accept more than 3 billion code suggestions to date. And every month, Copilot helps deliver millions of code reviews and contribute 1.2 million pull requests, directly inside GitHub.</p>
<p>And because GitHub is where your code already lives (plus your pull requests, reviews, and tests), Copilot doesn’t stop at writing code. It plugs into everything you rely on via the GitHub MCP Server.</p>
<p>We haven’t always been the fastest (though <a href="https://github.blog/changelog/?label=copilot">our Changelog may beg to differ</a>) or the loudest. But we’ve been building Copilot since before ChatGPT existed, and we are focused on one purpose: to help developers turn TODOs into committed code. And while some chase the bleeding edge, we know developers don’t want their production code balanced on it. </p>
<p>All that to say: if you tried Copilot early on, things have changed in some pretty big ways. </p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1232" height="2146" src="https://github.blog/wp-content/uploads/2025/10/FeatureList_v6.png?resize=1232%2C2146" alt="A table showing how GitHub Copilot can help you code faster (Agent mode, Coding agent, Next edit suggestions, Latency improvements, Model choice, Copilot CLI), Build at scale (JetBrains + VS Code + CLI parity, Custom instructions, GitHub MCP Server, 20M+ developers), and Ship quality (Copilot Autofix, Code review, Improved model reasoning, Security that works, Built-in privacy)." class="wp-image-91570" srcset="https://github.blog/wp-content/uploads/2025/10/FeatureList_v6.png?w=1232 1232w, https://github.blog/wp-content/uploads/2025/10/FeatureList_v6.png?w=172 172w, https://github.blog/wp-content/uploads/2025/10/FeatureList_v6.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/FeatureList_v6.png?w=588 588w, https://github.blog/wp-content/uploads/2025/10/FeatureList_v6.png?w=882 882w, https://github.blog/wp-content/uploads/2025/10/FeatureList_v6.png?w=1176 1176w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h2 class="wp-block-heading" id="h-from-autocomplete-to-actual-collaboration">From autocomplete to actual collaboration 💻</h2>
<p>If 2024 was about showing what’s possible with AI, 2025 is about making it <em>practical</em>. Copilot has quietly grown from a neat autocomplete trick into a multi-modal, multi-model assistant that actually understands your projects and helps you move them forward.</p>
<p>After opening up support for multiple models from different providers in 2024,  we’ve been shipping new models almost as fast as they drop from OpenAI’s latest releases to Google’s Gemini 2.0 Flash. </p>
<p>This evolution didn’t happen by accident. Developers told us what worked, what didn’t, and that they wanted more powerful agentic workflows and multi-file editing. So we made that happen. </p>
<p>And that’s just one part of how far Copilot’s come. It’s all part of a bigger goal: making Copilot smarter without you ever needing to install or configure a thing. </p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--5" style="border-top-width:4px">
<h2 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-built-into-the-platform-you-use-every-day" style="margin-top:0">Built into the platform you use every day</h2>
<p>Every AI vendor is racing to bolt their agentic tools into GitHub. That’s because agents don’t ship code in a vacuum. They plan tasks, open branches, run tests, and submit pull requests. And all of that already happens on GitHub where developers are collaborating on over 518 million projects.</p>
<p>Since Copilot lives inside the GitHub stack and has native support for GitHub MCP server, its agentic capabilities act on <em>real</em> repository context. It respects branch protections, works within your review cycles, and integrates directly with your CI/CD and security checks.</p>
</aside>
<h2 class="wp-block-heading" id="from-idea-to-merge-in-record-time-%e2%9a%a1">From idea to merge in record time ⚡</h2>
<p>Over the last year, raw speed and agentic workflows helped define a new crop of AI tools. We took that as a challenge.</p>
<ul class="wp-block-list">
<li><a href="https://github.blog/ai-and-ml/github-copilot/agent-mode-101-all-about-github-copilots-powerful-mode/"><strong>Agent mode</strong></a><strong>:</strong> Copilot now takes on cross-file tasks, runs commands, refactors entire modules, and suggests terminal operations—all without leaving your editor.<br></li>
<li><a href="https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent"><strong>Coding agent</strong></a><strong>: </strong>Assign an issue to Copilot, and it drafts a pull request with code, tests, and context from your project. Coding agent now contributes to roughly 1.2 million pull requests per month.<br></li>
<li><a href="https://github.blog/changelog/2025-02-06-next-edit-suggestions-agent-mode-and-prompts-files-for-github-copilot-in-vs-code-january-release-v0-24/"><strong>Next-edit suggestions</strong></a><strong>:</strong> Copilot predicts the next change you’ll make and offers it inline. One Tab and you’re done.<br></li>
<li><strong>Low-latency completions:</strong> Most Copilot responses now render in under <strong>400 ms</strong> (fast enough that you stop noticing them).<br></li>
<li><a href="https://github.com/github/copilot-cli?utm_source=blog-cli-cta-oct-2025&utm_campaign=copilot-generic-promotion-blog-launch-oct-2025"><strong>Copilot CLI</strong></a><strong>:</strong> The same brains, now in your terminal. Setup, debug, and script without switching windows.<br></li>
<li><a href="https://docs.github.com/en/copilot/reference/ai-models/model-comparison#recommended-models-by-task"><strong>Multi-model routing</strong></a><strong>:</strong> Different jobs call for different brains. Copilot gives you access to multiple LLMs from leading frontier AI firms. </li>
</ul>
<p>The result: fewer interruptions, faster loops, and a workflow that finally keeps pace with how you think.</p>
<h2 class="wp-block-heading" id="ai-that-scales-with-your-workflow-%f0%9f%93%90">AI that scales with your workflow 📐</h2>
<p>Copilot doesn’t live in a new environment you need to learn. It’s part of the same ecosystem you already use, and scales with it. </p>
<ul class="wp-block-list">
<li><a href="https://docs.github.com/en/copilot/get-started/features"><strong>JetBrains + VS Code + CLI parity</strong></a><strong>:</strong> Same Copilot, wherever you build.<br></li>
<li><a href="https://docs.github.com/en/copilot/how-tos/configure-custom-instructions/add-repository-instructions"><strong>Custom instructions</strong></a><strong>:</strong> Drop a .copilot-instructions.md file in to teach Copilot your naming conventions, test frameworks, comment formats.<br></li>
<li><a href="https://github.com/github/github-mcp-server?utm_source=blog-mcp-server-cla-oct-2025&utm_campaign=copilot-generic-promotion-blog-launch-oct-2025"><strong>GitHub MCP Server</strong></a><strong>:</strong> Lets any AI tool securely access your GitHub context (pull requests, issues, actions) without leaving GitHub.<br></li>
<li><a href="https://code.visualstudio.com/docs/copilot/customization/prompt-files"><strong>Workspace prompt files</strong></a><strong>:</strong> Reusable blueprints for consistent prompts across teams.<br></li>
<li><strong>20M+ developers strong:</strong> Every Copilot update compounds through the world’s largest network of real developer data (and feedback).</li>
</ul>
<p>Copilot isn’t a separate tool you “add” to GitHub. It’s part of what makes GitHub a full-stack development platform. Other tools might help you code; Copilot helps you build, test, secure, and ship.</p>
<h2 class="wp-block-heading" id="smarter-cleaner-and-safer-code-%f0%9f%94%8d">Smarter, cleaner, and safer code 🔍</h2>
<p>Fast is nice. Correct is better (ask us how we know). We’ve spent a lot of cycles quietly leveling up Copilot’s overall code quality and security guardrails where they matter most to you. </p>
<ul class="wp-block-list">
<li><a href="https://docs.github.com/en/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning"><strong>Copilot Autofix</strong></a><strong>: </strong>Detects and patches vulnerabilities automatically (it was used to fix over a million vulnerabilities this year alone).<br></li>
<li><a href="https://docs.github.com/en/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review"><strong>Code review</strong></a><strong>: </strong>Summarizes diffs, flags logic bugs, and suggests fixes right inside your pull requests with a tool that powers millions of code reviews a month on GitHub.<br></li>
<li><strong>Improved model reasoning: </strong>Generates more readable, test-passing code with fewer lint errors and less regressions.<br></li>
<li><strong>CodeQL integration: </strong>Integrations with <a href="https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security">GitHub Advanced Security</a>, <a href="https://docs.github.com/en/copilot/tutorials/copilot-chat-cookbook/analyze-security/manage-dependency-updates">Dependabot</a>, and <a href="https://github.blog/ai-and-ml/github-copilot/from-chaos-to-clarity-using-github-copilot-agents-to-improve-developer-workflows/">GitHub Actions</a> keeps your supply chain solid.<br></li>
<li><a href="https://docs.github.com/en/copilot/how-tos/configure-content-exclusion"><strong>Built-in privacy</strong></a><strong>: </strong>Enterprise isolation, audit logs, and tenant-level control mean your work stays off the grid. </li>
</ul>
<p>Our research shows new code written with Copilot tends to have higher readability, better reliability, and improved maintainability scores. </p>
<p>Here’s the good news: Copilot’s backed by the same security stack that protects the world’s largest open source ecosystem and more than 90% of Fortune 100 companies.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1232" height="2104" src="https://github.blog/wp-content/uploads/2025/10/LeapForward_v5.png?resize=1232%2C2104" alt="A table demonstrating GitHub Copilot's leap forward from 2024 to 2025: Single model to Multi-model support, Single-file edits to Agent mode with multi-file reasoning, Basic completions to Next-edit suggestions and inline task automation, Chat in VS Code to IDE + JetBrains + CLI, Limited customization to Project-level instructions & workspace prompts, Text only to Image, diagram, and UI inputs, Early security hints to Copilot Autofix & deeper security integrations, and Competitive lag to 400ms responses & GitHub MCP Server." class="wp-image-91572" srcset="https://github.blog/wp-content/uploads/2025/10/LeapForward_v5.png?w=1232 1232w, https://github.blog/wp-content/uploads/2025/10/LeapForward_v5.png?w=176 176w, https://github.blog/wp-content/uploads/2025/10/LeapForward_v5.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/LeapForward_v5.png?w=600 600w, https://github.blog/wp-content/uploads/2025/10/LeapForward_v5.png?w=899 899w, https://github.blog/wp-content/uploads/2025/10/LeapForward_v5.png?w=1199 1199w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h2 class="wp-block-heading" id="real-talk-copilot-vs-the-rest-%f0%9f%91%80">Real talk: Copilot vs. the rest 👀</h2>
<p>Let’s be honest: there are some great tools out there that make agentic coding workflows feel intuitive and bring real polish to multi-file editing. </p>
<p>Copilot lives in GitHub. That means it’s close to everything else you do, whether it’s your pull requests, GitHub Actions workflows, or CI/CD pipelines. Every day, GitHub powers over <strong>3 million pull request merges</strong> and <strong>50 million actions runs</strong>. And Copilot lives in that flow. </p>
<p>Other tools might help you write code faster. But Copilot helps you ship better software.</p>
<p>That means: </p>
<ul class="wp-block-list">
<li><strong>No migration, no new IDE, no new habits: </strong>Copilot lives inside the tools you already use. </li>
<li><strong>Full-stack awareness: </strong>Your pull requests, reviews, tests, and workflows are part of the same conversation. </li>
<li><strong>End-to-end coverage: </strong>Copilot brings AI assistance to real-world delivery. </li>
</ul>
<h2 class="wp-block-heading" id="whats-next-%f0%9f%9a%80">What’s next 🚀</h2>
<p>We’re just getting started.</p>
<p>At the end of this month, <strong>GitHub Universe 2025</strong> kicks off, and you can expect a <em>lot</em> of news. From smarter agent workflows to deeper multi-model integration and next-gen security features, we’re building what’s next for how software gets built.</p>
<p>Because our goal hasn’t changed. We’re here to help every developer commit code faster instead of chasing TODOs. </p>
<div class="wp-block-group post-content-cta has-global-padding is-layout-constrained wp-block-group-is-layout-constrained">
<p><strong>Ready to see how far we’ve come?</strong> Get started with <a href="https://github.com/features/copilot?utm_source=blog-generic-copilot-cta-oct-2025&utm_campaign=copilot-generic-promotion-blog-launch-oct-2025">GitHub Copilot</a> ></p>
</div>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/copilot-faster-smarter-and-built-for-how-you-work-now/">Copilot: Faster, smarter, and built for how you work now</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91555</post-id> </item>
<item>
<title>How GitHub Copilot and AI agents are saving legacy systems</title>
<link>https://github.blog/ai-and-ml/github-copilot/how-github-copilot-and-ai-agents-are-saving-legacy-systems/</link>
<dc:creator><![CDATA[Andrea Griffiths]]></dc:creator>
<pubDate>Tue, 14 Oct 2025 16:00:00 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[AI agents]]></category>
<category><![CDATA[COBOL]]></category>
<category><![CDATA[enterprise development]]></category>
<category><![CDATA[mainframe modernization]]></category>
<guid isPermaLink="false">https://github.blog/?p=91444</guid>
<description><![CDATA[<p>GitHub Copilot and AI agents are making legacy COBOL systems accessible to modern developers.</p>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/how-github-copilot-and-ai-agents-are-saving-legacy-systems/">How GitHub Copilot and AI agents are saving legacy systems</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Picture this: you’re a developer in 2025, and your company just told you they need to modernize a mainframe system that processes millions of ATM transactions daily. We’re talking about <a href="https://en.wikipedia.org/wiki/COBOL#">COBOL</a>, a programming language that’s been around for 65 years. That’s older than the internet.</p>
<p>Now, your first instinct might be to laugh or maybe cry a little. But here’s the thing—COBOL isn’t going anywhere. In fact, it’s powering some of the largest and most critical systems on the planet right now.</p>
<p>The problem? <strong>Finding developers who understand COBOL is like finding unicorns.</strong> The original developers are retiring, and yet 200 billion lines of COBOL code are still running our banks, insurance companies, and government systems.</p>
<p>But here’s the plot twist: we now have the opportunity to support the unicorns. We have GitHub Copilot and autonomous AI agents.</p>
<h2 class="wp-block-heading" id="h-meet-the-developer-who-s-modernizing-cobol-without-learning-cobol">Meet the developer who’s modernizing COBOL (without learning COBOL)</h2>
<p>I recently spoke with <a href="https://www.linkedin.com/in/julia-kordick/">Julia Kordick</a>, Microsoft Global Black Belt, who’s modernizing COBOL systems using AI. What’s remarkable? She never learned COBOL.</p>
<p>Julia brought her AI expertise and worked directly with the people who had decades of domain knowledge. That partnership is the key insight here. She didn’t need to become a COBOL expert. Instead, she focused on what she does best: designing intelligent solutions. The COBOL experts provided the legacy system knowledge.</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>When this whole idea of Gen AI appeared, we were thinking about how we can actually use AI to solve this problem that has not been really solved yet.</p>
<cite>Julia Kordick, Microsoft Global Black Belt</cite></blockquote>
<h2 class="wp-block-heading" id="h-the-three-step-framework-for-ai-powered-legacy-modernization">The three-step framework for AI-powered legacy modernization</h2>
<p>Julia and her team at Microsoft have cracked the code (pun intended) with a systematic approach that works for any legacy modernization project, not just COBOL. Here’s their GitHub Copilot powered, battle-tested framework.</p>
<h3 class="wp-block-heading" id="h-step-1-code-preparation-reverse-engineering">Step 1: Code preparation (reverse engineering)</h3>
<p>The biggest problem with legacy systems? <strong>Organizations have no idea what their code actually does anymore.</strong> They use it, they depend on it, but understanding it? That’s another story.</p>
<p>This is where GitHub Copilot becomes your archaeological tool. Instead of hiring consultants to spend months analyzing code, you can use AI to:</p>
<ul class="wp-block-list">
<li>Extract business logic from legacy files.</li>
<li>Document everything in markdown for human review.</li>
<li>Automatically identify call chains and dependencies.</li>
<li>Clean up irrelevant comments and historical logs.</li>
<li>Add additional information as comments where needed.</li>
</ul>
<figure class="wp-block-table"><table class="has-fixed-layout"><tbody><tr><td>💡<strong>Pro tip:</strong> Always have human experts review AI-generated analysis. AI is incredible at pattern recognition, but domain knowledge still matters for business context.</td></tr></tbody></table></figure>
<p>Here’s what GitHub Copilot generates for you: </p>
<pre class="wp-block-code language-plaintext"><code># Business Logic Analysis Generated by GitHub Copilot
## File Inventory
- listings.cobol: List management functionality (~100 lines)
- mainframe-example.cobol: Full mainframe program (~10K lines, high complexity)
## Business Purpose
Customer account validation with balance checking
- Validates account numbers against master file
- Performs balance calculations with overdraft protection
- Generates transaction logs for audit compliance
## Dependencies Discovered
- DB2 database connections via SQLCA
- External validation service calls
- Legacy print queue system</code></pre>
<h3 class="wp-block-heading" id="step-2-enrichment-making-code-ai-digestible">Step 2: Enrichment (making code AI-digestible)</h3>
<p>You usually need to add context to help AI understand your code better. Here’s what that looks like:</p>
<p><strong>Translation:</strong> If your code has Danish, German, or other non-English comments, translate them. Models work better with English context.</p>
<p><strong>Structural analysis: </strong>COBOL has deterministic patterns. Even if you’ve never written COBOL, you can leverage these patterns because they’re predictable. Here’s how:</p>
<p>COBOL programs always follow the same four-division structure:</p>
<ul class="wp-block-list">
<li>IDENTIFICATION DIVISION (metadata about the program)</li>
<li>ENVIRONMENT DIVISION (file and system configurations)</li>
<li>DATA DIVISION (variable declarations and data structures)</li>
<li>PROCEDURE DIVISION (the actual business logic)</li>
</ul>
<p>Ask GitHub Copilot to map these divisions for you. Use prompts like:</p>
<pre class="wp-block-code language-plaintext"><code>"Identify all the divisions in this COBOL file and summarize what each one does"
"List all data structures defined in the DATA DIVISION and their purpose"
"Extract the main business logic flow from the PROCEDURE DIVISION"</code></pre>
<p>The AI can parse these structured sections and explain them in plain English. You don’t need to understand COBOL syntax. You just need to know that COBOL’s rigid structure makes it easier for AI to analyze than more flexible languages.</p>
<p><strong>Documentation as source of truth:</strong> Save everything AI generates as markdown files that become the primary reference. Julia explained it this way: “Everything that you let Copilot generate as a preparation, write it down as a markdown file so that it can actually reference these markdown files as source of truth.”</p>
<figure class="wp-block-table"><table class="has-fixed-layout"><tbody><tr><td><strong>💡Pro tip:</strong> COBOL’s verbosity is actually an advantage here. Statements like <code>ADD TOTAL-SALES TO ANNUAL-REVENUE</code> are almost self-documenting. Ask Copilot to extract these business rules into natural language descriptions.</td></tr></tbody></table></figure>
<h3 class="wp-block-heading" id="step-3-automation-aids-scaling-the-process">Step 3: Automation Aids (Scaling the Process)</h3>
<p>Once you’ve analyzed and enriched individual files, you need to understand how they all fit together. This is where you move from using Copilot interactively to building automated workflows with AI agents.</p>
<p>Julia’s team built a framework using Microsoft Semantic Kernel, which orchestrates multiple specialized agents. Each agent has a specific job, and they work together to handle the complexity that would overwhelm a single AI call.</p>
<p>Here’s what this orchestration looks like in practice:</p>
<ul class="wp-block-list">
<li><strong>Call chain mapping:</strong> Generate Mermaid diagrams showing how files interact. One agent reads your COBOL files, another traces the CALL statements between programs, and a third generates a visual diagram. You end up with a map of your entire system without manually tracing dependencies.</li>
<li><strong>Test-driven modernization:</strong> Extract business logic (agent 1), generate test cases that validate that logic (agent 2), then generate modern code that passes those tests (agent 3). The tests become your safety net during migration.</li>
<li><strong>Dependency optimization:</strong> Identify utility classes and libraries that you can replace with modern equivalents. An agent analyzes what third-party COBOL libraries you’re using, checks if modern alternatives exist, and flags opportunities to simplify your migration.</li>
</ul>
<p>Think of it like this: Copilot in your IDE is a conversation. This framework is a production line. Each agent does one thing well, and the orchestration layer manages the workflow between them.</p>
<figure class="wp-block-table"><table class="has-fixed-layout"><tbody><tr><td><strong>💡Pro tip:</strong> Use Mermaid diagrams to visualize complex dependencies before making any changes. It helps you catch edge cases early. You can generate these diagrams by asking Copilot to trace all CALL statements in your codebase and output them in Mermaid syntax. Mermaid chart example:</td></tr></tbody></table></figure>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="475" height="908" src="https://github.blog/wp-content/uploads/2025/10/mermaid.png?resize=475%2C908" alt="Flowchart showing the COBOL to Java modernization agent workflow. Seven boxes connected by arrows flow top to bottom: COBOLAnalyzerAgent, DependencyMapperAgent, Business Logic Extractor, Test Generator, JavaConverterAgent, Human Validation, and Production-Ready Java Quarkus Output." class="wp-image-91446" srcset="https://github.blog/wp-content/uploads/2025/10/mermaid.png?w=475 475w, https://github.blog/wp-content/uploads/2025/10/mermaid.png?w=157 157w" sizes="auto, (max-width: 475px) 100vw, 475px" /></figure>
<h2 class="wp-block-heading" id="h-the-reality-check-it-s-not-a-silver-bullet">The reality check: It’s not a silver bullet</h2>
<p>Julia’s brutally honest about limitations:</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Everyone who’s currently promising you, ‘hey, I can solve all your mainframe problems with just one click’ is lying to you.</p>
</blockquote>
<p>The reality is:</p>
<ul class="wp-block-list">
<li>Humans must stay in the loop for validation.</li>
<li>Each COBOL codebase is unique and complex.</li>
<li>We’re early in the agentic AI journey.</li>
<li>Full automation is probably at least five years away.</li>
</ul>
<p>But that doesn’t mean we can’t make massive progress today.</p>
<h2 class="wp-block-heading" id="h-see-it-in-action-the-azure-samples-framework">See it in action: the Azure samples framework</h2>
<p>Julia and her team have open-sourced their entire framework. It’s built with Microsoft Semantic Kernel for agentic orchestration and includes:</p>
<ul class="wp-block-list">
<li><strong>Multiple specialized agents:</strong> DependencyMapperAgent, COBOLAnalyzerAgent, JavaConverterAgent</li>
<li><strong>Cost tracking:</strong> See exactly how much each AI operation costs (usually $2-5 per 1000 lines analyzed)</li>
<li><strong>Human validation points:</strong> Built-in checkpoints for expert review</li>
<li><strong><code>doctor.sh</code>:</strong> A configuration and testing script that gets you started quickly</li>
</ul>
<p>Try running the COBOL modernization framework:</p>
<ol class="wp-block-list">
<li><strong>Fork the repository:</strong><a href="https://aka.ms/cobol"> aka.ms/cobol</a></li>
<li><strong>Set up your environment:</strong> Configure Azure OpenAI endpoint (or use local models for sensitive data)</li>
<li><strong>Run the doctor script:</strong> <code>./doctor.sh doctor</code> validates your setup and dependencies</li>
<li><strong>Start modernization:</strong> <code>./doctor.sh run</code> begins the automated process</li>
</ol>
<pre class="wp-block-code"><code># Quick setup for the impatient developer
git clone https://github.com/Azure-Samples/Legacy-Modernization-Agents
cd Legacy-Modernization-Agents
./doctor.sh setup
./doctor.sh run</code></pre>
<h2 class="wp-block-heading" id="the-business-case-that-changes-everything">The business case that changes everything</h2>
<p>This isn’t just about technical debt. It’s about business survival. Organizations are facing a critical shortage of COBOL expertise right when they need it most.</p>
<p>The traditional approach has been to hire expensive consultants, spend 5+ years on manual conversion, and end up with auto-generated code that’s unmaintainable. I’ve seen this play out at multiple organizations. The consultants come in, run automated conversion tools, hand over thousands of lines of generated code, and leave. Then the internal team is stuck maintaining code they don’t understand in a language they’re still learning.</p>
<p>The AI-powered approach changes this. You use AI to understand business logic, generate human-readable modern code, and maintain control of your intellectual property. Your team stays involved throughout the process. They learn the business logic as they go. The code that comes out the other end is something your developers can actually work with.</p>
<p>Julia explained the shift:</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>What a lot of customers do not want to actually give all their intellectual property like a hundred percent to a partner anymore, right? They want to keep it in check.</p>
</blockquote>
<h2 class="wp-block-heading" id="start-here-your-path-to-becoming-the-modernization-hero">Start here: your path to becoming the modernization hero</h2>
<p>Whether you’re dealing with COBOL, ancient Java, or any legacy system, here’s how you can start today:</p>
<h3 class="wp-block-heading" id="start-small">Start small</h3>
<ul class="wp-block-list">
<li>Identify one problematic legacy system (start with fewer than 5,000 lines)</li>
<li>Use GitHub Copilot to analyze a single file</li>
<li>Document what you discover in markdown</li>
<li>Share findings with your team</li>
</ul>
<h3 class="wp-block-heading" id="build-your-ai-toolkit">Build your AI toolkit</h3>
<ul class="wp-block-list">
<li>Experiment with the Azure Samples framework</li>
<li>Learn prompt engineering for code analysis (try: “Analyze this COBOL program and explain its business purpose in simple terms”)</li>
<li>Practice iterative modernization techniques</li>
</ul>
<h3 class="wp-block-heading" id="think-beyond-code">Think beyond code</h3>
<ul class="wp-block-list">
<li>Consider nonfunctional requirements for cloud-native design</li>
<li>Plan for distributed systems architecture</li>
<li>Remember: most COBOL programs are doing simple CRUD operations. They don’t need the complexity of a mainframe. They need the simplicity of modern architecture.</li>
</ul>
<p><strong>Here’s a challenge:</strong> Find a legacy system in your organization. Six-month-old code counts as legacy in our industry. Try using GitHub Copilot to:</p>
<ol class="wp-block-list">
<li>Generate business logic documentation</li>
<li>Identify potential modernization opportunities</li>
<li>Create a migration plan with human validation checkpoints</li>
</ol>
<p>Share your results on LinkedIn and tag me. I’d love to see what you discover.</p>
<h2 class="wp-block-heading" id="the-best-time-to-start-is-now">The best time to start is now</h2>
<p>The most powerful insight from my conversation with Julia is this: <strong>AI doesn’t replace developer expertise. It amplifies it.</strong></p>
<p>COBOL experts bring irreplaceable domain knowledge. Modern developers bring fresh perspectives on architecture and best practices. AI brings pattern recognition and translation capabilities at scale.</p>
<p>When these three forces work together, legacy modernization transforms from an impossible challenge into an achievable project.</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>The best time to modernize legacy code was 10 years ago. The second-best time is now.</p>
</blockquote>
<p>Special thanks to Julia Kordick, Microsoft Global Black Belt, who shared her insights and experiences that made this blog post possible.</p>
<p><strong>Ready to dive deeper?</strong> Check out the full blog post about this project at<a href="https://devblogs.microsoft.com/all-things-azure/how-we-use-ai-agents-for-cobol-migration-and-mainframe-modernization/"> aka.ms/cobol-blog</a> and connect with <a href="https://www.linkedin.com/in/julia-kordick/">Julia on LinkedIn</a> for the latest updates.</p>
<p>The age of legacy code doesn’t have to be a barrier anymore. With the right AI tools and framework, even 65-year-old COBOL can become approachable, maintainable, and modern.</p>
<div class="wp-block-group post-content-cta has-global-padding is-layout-constrained wp-block-group-is-layout-constrained">
<p><strong>What legacy system will you modernize next?</strong> Start building now with <a href="https://github.com/copilot">GitHub Copilot</a> now ></p>
</div>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/how-github-copilot-and-ai-agents-are-saving-legacy-systems/">How GitHub Copilot and AI agents are saving legacy systems</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91444</post-id> </item>
</channel>
</rss>

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):

<a href="http://www.feedvalidator.org/check.cgi?url=https%3A//github.blog/feed/"><img src="valid-rss-rogers.png" alt="[Valid RSS]" title="Validate my RSS feed" /></a>

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=https%3A//github.blog/feed/

Home · About · News · Docs · Terms