FEED Validator

for Atom and RSS and KML

Congratulations!

This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

line 30, column 0: Use of unknown namespace: com-wordpress:feed-additions:1 (11 occurrences) [help]
```
<site xmlns="com-wordpress:feed-additions:1">153214340</site>	<item>
```
line 46, column 0: content:encoded should not contain html tag (8 occurrences) [help]
```
<html><body><p>If you&rsquo;ve tried connecting AI agents to your developmen ...
```
line 46, column 0: content:encoded should not contain body tag (8 occurrences) [help]
```
<html><body><p>If you&rsquo;ve tried connecting AI agents to your developmen ...
```
line 58, column 0: content:encoded should not contain data-color-mode attribute (3 occurrences) [help]
```
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="ligh ...
```
line 58, column 0: content:encoded should not contain data-dark-theme attribute (3 occurrences) [help]
```
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="ligh ...
```
line 58, column 0: content:encoded should not contain data-light-theme attribute (3 occurrences) [help]
```
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="ligh ...
```
line 98, column 0: content:encoded should not contain data-recalc-dims attribute (21 occurrences) [help]
```
<figure class="wp-block-image size-large"><img data-recalc-dims="1" fetchpri ...
```
line 98, column 0: content:encoded should not contain fetchpriority attribute [help]
```
<figure class="wp-block-image size-large"><img data-recalc-dims="1" fetchpri ...
```
line 98, column 0: content:encoded should not contain decoding attribute (21 occurrences) [help]
```
<figure class="wp-block-image size-large"><img data-recalc-dims="1" fetchpri ...
```
line 98, column 0: content:encoded should not contain sizes attribute (21 occurrences) [help]
```
<figure class="wp-block-image size-large"><img data-recalc-dims="1" fetchpri ...
```
line 340, column 0: content:encoded should not contain iframe tag (7 occurrences) [help]
```
<iframe data-testid="embed-iframe" style="border-radius:12px" src="https://o ...
```
line 829, column 0: content:encoded should not contain loading attribute (20 occurrences) [help]
```
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading= ...
```
line 1489, column 0: Non-html tag: summary [help]
```
										<content:encoded><![CDATA[
```

Source: https://github.blog/feed/

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>The GitHub Blog</title>
<atom:link href="https://github.blog/feed/" rel="self" type="application/rss+xml" />
<link>https://github.blog/</link>
<description>Updates, ideas, and inspiration from GitHub to help developers build and design software.</description>
<lastBuildDate>Tue, 16 Sep 2025 16:27:56 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>
hourly </sy:updatePeriod>
<sy:updateFrequency>
1 </sy:updateFrequency>
<generator>https://wordpress.org/?v=6.8.2</generator>
<image>
<url>https://github.blog/wp-content/uploads/2019/01/cropped-github-favicon-512.png?fit=32%2C32</url>
<title>The GitHub Blog</title>
<link>https://github.blog/</link>
<width>32</width>
<height>32</height>
</image>
<site xmlns="com-wordpress:feed-additions:1">153214340</site> <item>
<title>Meet the GitHub MCP Registry: The fastest way to discover MCP Servers</title>
<link>https://github.blog/ai-and-ml/github-copilot/meet-the-github-mcp-registry-the-fastest-way-to-discover-mcp-servers/</link>
<dc:creator><![CDATA[Toby Padilla]]></dc:creator>
<pubDate>Tue, 16 Sep 2025 16:27:54 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[MCP]]></category>
<category><![CDATA[Model Context Protocol]]></category>
<guid isPermaLink="false">https://github.blog/?p=90792</guid>
<description><![CDATA[<p>This is your new home base for discovering MCP servers. Learn how we’re working with the broader community on MCP publication and discovery.</p>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/meet-the-github-mcp-registry-the-fastest-way-to-discover-mcp-servers/">Meet the GitHub MCP Registry: The fastest way to discover MCP Servers</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>If you’ve tried connecting AI agents to your development tools, you know the pain: MCP servers scattered across numerous registries, random repos, buried in community threads — making discovery slow and full of friction without a central place to go. Meanwhile, MCP server creators are worn out from publishing to multiple places and answering the same setup questions again and again.</p>
<p>The result is a fractured environment that’s fraught with potential security risks. </p>
<p>Today, we’re taking the first step toward solving this challenge. The GitHub MCP Registry launches as your new home base for discovering MCP servers. Whether you’re building with GitHub Copilot, agents, or any AI tool that speaks MCP, this is the place to find what you need. With GitHub already home to most MCP servers, the MCP Registry makes them dramatically easier to discover, explore, and use — helping developers find the right tools faster and contribute to a more open, interoperable ecosystem. <a href="http://github.com/mcp?utm_source=blog-source&utm_campaign=mcp-registry-server-launch-2025">Browse the MCP Registry today and start building with the tools that power agentic workflows.</a></p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--1" style="border-top-width:4px">
<h2 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-what-is-mcp" style="margin-top:0">What is MCP?</h2>
<p><a href="https://modelcontextprotocol.io/">Model Context Protocol</a> (MCP) makes it simple for AI agents and tools to talk to each other in a composible, extensible way. They give agents a way to fetch fresh context, interact with the outside world, and integrate into existing systems and workflows.</p>
</aside>
<h2 class="wp-block-heading" id="inside-the-github-mcp-registry">Inside the GitHub MCP Registry</h2>
<p>We’re starting simple and building in the open. The <a href="http://github.com/mcp?utm_source=blog-source&utm_campaign=mcp-registry-server-launch-2025">MCP Registry</a> launches with a curated directory of MCP servers from leading partners and the open source community. Each server is backed by its GitHub repository, so you can learn what it does, how to get started, and make informed choices quickly. </p>
<p><strong>Here’s what you’ll find:</strong></p>
<ul class="wp-block-list">
<li>Discoverability inside VS Code with one-click installation</li>
<li>Signal over noise with servers sorted by GitHub stars and community activity</li>
<li>Works with your stack including GitHub Copilot and any MCP-compatible host</li>
</ul>
<p>From day one, the MCP Registry is shaped by contributions from across the ecosystem — including our launch partners who are helping define what the quality of MCP servers look like. This collaborative foundation ensures developers have access to tools they can trust, and sets the stage for a healthier, more interoperable AI ecosystem.</p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" fetchpriority="high" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/mcp2.jpg?resize=1024%2C538" alt="" class="wp-image-90794" srcset="https://github.blog/wp-content/uploads/2025/09/mcp2.jpg?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/mcp2.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/09/mcp2.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/09/mcp2.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/mcp2.jpg?w=1536 1536w" sizes="(max-width: 1000px) 100vw, 1000px" /></figure>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>With the launch of GitHub’s MCP Registry, developers can easily bring Figma context into Copilot through our Dev Mode MCP server, accelerating their design-to-code workflow by generating code that’s both production-ready and aligned with their design system.</p>
<cite>Anna Kohnen, VP of Business Development, Figma</cite></blockquote>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>At Postman, we see MCP as a foundational layer of the AI agents stack and a vital part of building AI-ready APIs. The GitHub MCP Registry helps developers access the entire Postman platform from inside their coding assistants, further bridging the gap between code, documentation, and execution in a way that wasn’t possible before.</p>
<cite>Bajali Raghavan, Head of Engineering, Postman</cite></blockquote>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Terraform empowers developers with consistent infrastructure management. With the launch of GitHub’s MCP Registry, they can now easily discover official MCP servers, such as HashiCorp’s Terraform MCP server, and add them to their workflows with a single click—making it faster than ever to bring Terraform’s capabilities into day-to-day development.</p>
<cite>Chris Audie, SVP Product Management, HashiCorp (an IBM Company)</cite></blockquote>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>By bringing the Dynatrace MCP server to the GitHub MCP Registry, developers get AI-powered observability, security, and performance insights right at their fingertips—so teams can deliver faster, more resilient, and more robust software with less context switching and reduced cognitive load. We’ve seen rapid adoption across our own engineering organization because the integrated agentic AI experience helps our developers to ship faster and with more confidence—all without leaving their IDEs.</p>
<cite>Bonifaz Kaufmann, VP Product, Dynatrace</cite></blockquote>
<p>We’re also excited to include the Remote GitHub MCP Server, <a href="https://github.blog/changelog/2025-09-04-remote-github-mcp-server-is-now-generally-available/">which recently launched in general availability</a>. It allows agents to connect with the rich context found in GitHub repositories, issues, and pull requests — unlocking deeper, multi-step agentic workflows. Its inclusion in the registry reinforces our commitment to open interoperability and gives developers a trusted way to integrate GitHub context into any MCP-compatible tool.</p>
<h2 class="wp-block-heading" id="building-an-open-ecosystem-together">Building an open ecosystem together</h2>
<p>The launch of the GitHub MCP Registry is just the beginning. We’re working closely with Anthropic and the MCP Steering Committee to build an open-source MCP registry that integrates seamlessly with GitHub’s. Together with the broader community, we’re shaping the open standard and contribution model for MCP.</p>
<p>Developers will be able to self-publish MCP servers directly to the <a href="https://github.com/modelcontextprotocol/registry/">OSS MCP Community Registry</a>. Once published, those servers will automatically appear in the GitHub MCP Registry, creating a unified, scalable path for discovery.</p>
<p>This publication flow will:</p>
<ul class="wp-block-list">
<li>Reduce duplication across registries</li>
<li>Surface transparent metadata and verification signals</li>
<li>Enable contribution at scale across the ecosystem</li>
</ul>
<p>The result is a healthier, more open ecosystem — one that leads with quality and accelerates innovation.</p>
<h2 class="wp-block-heading" id="the-road-ahead">The road ahead</h2>
<p>Together with the open source community, Anthropic, and the MCP Steering Committee, we’re building an open ecosystem where discovering the right AI capability is as simple as searching GitHub. The GitHub MCP Registry is your fastest path from idea to integration, and the foundation for a healthier, more interoperable AI toolchain.</p>
<p><strong>Ready to explore? </strong><a href="http://github.com/mcp?utm_source=blog-source&utm_campaign=mcp-registry-server-launch-2025">Browse the GitHub MCP Registry</a> to discover curated MCP servers from across the ecosystem. You can also contribute to the <a href="https://github.com/modelcontextprotocol/registry/">OSS MCP Community Registry</a> and help shape the future of open agentic workflows. Let’s build the future of AI tooling together!</p>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/meet-the-github-mcp-registry-the-fastest-way-to-discover-mcp-servers/">Meet the GitHub MCP Registry: The fastest way to discover MCP Servers</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">90792</post-id> </item>
<item>
<title>Post-quantum security for SSH access on GitHub</title>
<link>https://github.blog/engineering/platform-security/post-quantum-security-for-ssh-access-on-github/</link>
<dc:creator><![CDATA[brian m. carlson]]></dc:creator>
<pubDate>Mon, 15 Sep 2025 16:00:00 +0000</pubDate>
<category><![CDATA[Engineering]]></category>
<category><![CDATA[Platform security]]></category>
<category><![CDATA[Git]]></category>
<category><![CDATA[Security]]></category>
<category><![CDATA[SSH]]></category>
<guid isPermaLink="false">https://github.blog/?p=90756</guid>
<description><![CDATA[<p>GitHub is introducing post-quantum secure key exchange methods for SSH access to better protect Git data in transit.</p>
<p>The post <a href="https://github.blog/engineering/platform-security/post-quantum-security-for-ssh-access-on-github/">Post-quantum security for SSH access on GitHub</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Today, we’re announcing some changes that will improve the security of accessing Git data over SSH.</p>
<h2 class="wp-block-heading" id="h-what-s-changing">What’s changing?</h2>
<p>We’re adding a new post-quantum secure SSH key exchange algorithm, known alternately as <code>sntrup761x25519-sha512</code> and <code>sntrup761x25519-sha512@openssh.com</code>, to our SSH endpoints for accessing Git data.</p>
<p>This only affects SSH access and doesn’t impact HTTPS access at all.</p>
<p>It also does not affect GitHub Enterprise Cloud with data residency in the United States region.</p>
<h2 class="wp-block-heading" id="h-why-are-we-making-these-changes">Why are we making these changes?</h2>
<p>These changes will keep your data secure both now and far into the future by ensuring they are protected against future decryption attacks carried out on quantum computers.</p>
<p>When you make an SSH connection, a <a href="https://en.wikipedia.org/wiki/Key_exchange">key exchange algorithm</a> is used for both sides to agree on a secret. The secret is then used to generate encryption and integrity keys. While today’s key exchange algorithms are secure, new ones are being introduced that are secure against <a href="https://en.wikipedia.org/wiki/Cryptanalytic_attack">cryptanalytic attacks</a> carried out by quantum computers.</p>
<p>We don’t know if it will ever be possible to produce a quantum computer powerful enough to break traditional key exchange algorithms. Nevertheless, an attacker could save encrypted sessions now and, if a suitable quantum computer is built in the future, decrypt them later. This is known as a “<a href="https://www.nist.gov/cybersecurity/what-post-quantum-cryptography">store now, decrypt later</a>” attack.</p>
<p>To protect your traffic to GitHub when using SSH, we’re rolling out a hybrid post-quantum key exchange algorithm: <code>sntrup761x25519-sha512</code> (also known by the older name <code>sntrup761x25519-sha512@openssh.com</code>). This provides security against quantum computers by combining a new post-quantum-secure algorithm, <a href="https://ntruprime.cr.yp.to/">Streamlined NTRU Prime</a>, with the classical <a href="https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman">Elliptic Curve Diffie-Hellman</a> algorithm using the <a href="https://en.wikipedia.org/wiki/Curve25519">X25519 curve</a>. Even though these post-quantum algorithms are newer and thus have received less testing, combining them with the classical algorithm ensures that security won’t be weaker than what the classical algorithm provides.</p>
<p>These changes are rolling out to <a href="http://github.com">github.com</a> and non-US resident GitHub Enterprise Cloud regions. Only FIPS-approved cryptography may be used within the US region, and this post-quantum algorithm isn’t approved by FIPS.</p>
<h2 class="wp-block-heading" id="h-when-are-these-changes-effective">When are these changes effective?</h2>
<p>We’ll enable the new algorithm on September 17, 2025 for GitHub.com and GitHub Enterprise Cloud with data residency (with the exception of the US region).</p>
<p>This will also be included in GitHub Enterprise Server 3.19.</p>
<h2 class="wp-block-heading" id="h-how-do-i-prepare">How do I prepare?</h2>
<p>This change only affects connections with a Git client over SSH. If your Git remotes start with <code>https://</code>, you won’t be impacted by this change.</p>
<p>For most uses, the new key exchange algorithm won’t result in any noticeable change. If your SSH client supports <code>sntrup761x25519-sha512@openssh.com</code> or <code>sntrup761x25519-sha512</code> (for example, OpenSSH 9.0 or newer), it will automatically choose the new algorithm by default if your client prefers it. No configuration change should be necessary unless you modified your client’s defaults.</p>
<p>If you use an older SSH client, your client should fall back to an older key exchange algorithm. That means you won’t experience the security benefits of using a post-quantum algorithm until you upgrade, but your SSH experience should continue to work as normal, since the SSH protocol automatically picks an algorithm that both sides support.</p>
<p>If you want to test whether your version of OpenSSH supports this algorithm, you can run the following command: <code>ssh -Q kex</code>. That lists all of the key exchange algorithms supported, so if you see <code>sntrup761x25519-sha512</code> or <code>sntrup761x25519-sha512@openssh.com</code>, then it’s supported.</p>
<p>To check which key exchange algorithm OpenSSH uses when you connect to GitHub.com, run the following command on Linux, macOS, Git Bash, or other Unix-like environments:</p>
<pre class="wp-block-code language-plaintext"><code>$ ssh -v git@github.com exit 2>&1 | grep 'kex: algorithm:'</code></pre>
<p>For other implementations of SSH, please see the documentation for that implementation.</p>
<h2 class="wp-block-heading" id="whats-next">What’s next?</h2>
<p>We’ll keep an eye on the latest developments in security. As the SSH libraries we use begin to support additional post-quantum algorithms, including ones that comply with FIPS, we’ll update you on our offerings.</p>
</body></html>
<p>The post <a href="https://github.blog/engineering/platform-security/post-quantum-security-for-ssh-access-on-github/">Post-quantum security for SSH access on GitHub</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">90756</post-id> </item>
<item>
<title>Building personal apps with open source and AI</title>
<link>https://github.blog/open-source/maintainers/building-personal-apps-with-open-source-and-ai/</link>
<dc:creator><![CDATA[Kedasha Kerr]]></dc:creator>
<pubDate>Fri, 12 Sep 2025 16:00:00 +0000</pubDate>
<category><![CDATA[Maintainers]]></category>
<category><![CDATA[Open Source]]></category>
<category><![CDATA[AI]]></category>
<category><![CDATA[GitHub Podcast]]></category>
<category><![CDATA[open source community]]></category>
<guid isPermaLink="false">https://github.blog/?p=90763</guid>
<description><![CDATA[<p>Hear about the personal tools we use to improve our workflows (and how to get started building your own) on this episode of the GitHub Podcast.</p>
<p>The post <a href="https://github.blog/open-source/maintainers/building-personal-apps-with-open-source-and-ai/">Building personal apps with open source and AI</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>There’s something magical about a tool that does exactly what you need, no matter how small the task. In my work on the GitHub Developer Advocacy team (and honestly just in life), I’ve found that the best solutions are often the simplest ones.</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>It doesn’t need to be a Swiss Army knife. It could be just like a really good scissors or paring knife.</p>
</blockquote>
<p>Sometimes, it’s just taking a manual task and automating it. For example, my cohost Cassidy Williams shares a technical interview question with her newsletter subscribers each week. People submit answers in all sorts of formats — GitHub links, CodePen snippets, tweets, you name it. Gathering all those responses and formatting them for publishing used to be a tedious, manual slog. So she wrote a tiny script that converts these answers into a Markdown list.</p>
<p>I’ve also built a tool to convert CSV to Markdown. It’s not fancy, but it’s saved countless hours and so much mental energy.</p>
<p>These little tools may seem mundane. But their impact is huge. They free us from repetitive tasks, help us focus on what matters, and make our days a little brighter.</p>
<p><em>Listen to our full discussion on the <a href="https://open.spotify.com/show/660KitvdJDX2vUmioAbwSQ">GitHub Podcast</a> 👇</em></p>
<iframe data-testid="embed-iframe" style="border-radius:12px" src="https://open.spotify.com/embed/episode/6DaN2Sqb3xE2RJHKHp0Vkh?utm_source=generator" width="100%" height="352" frameborder="0" allowfullscreen="" allow="autoplay; clipboard-write; encrypted-media; fullscreen; picture-in-picture" loading="lazy"></iframe>
<h2 class="wp-block-heading" id="h-open-source-as-a-playground">Open source as a playground</h2>
<p>One of the best things about being part of the open source community is knowing you’re never alone in your needs. Chances are, if you have a problem, someone else has faced it too — and maybe even built a solution!</p>
<p>I love browsing GitHub for those “just right” little tools. Sometimes, someone has already built exactly what I need. Other times, I find something close, fork it, and tweak it to fit my workflow. That’s the beauty of open source: It’s a playground for experimentation and sharing.</p>
<p>And when you open source your own creations, you’re not just helping yourself. You’re potentially helping countless others, maybe even inspiring contributions and new features. For example, my to-do app started as a personal project, but once I put it out there, people suggested new ideas, like a resume button for paused tasks. Some, I’ve added. Others, I encourage folks to fork and make their own.</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>That’s where open source comes in… fork it and use it.</p>
</blockquote>
<h2 class="wp-block-heading" id="h-ai-as-a-force-multiplier">AI as a force multiplier</h2>
<p>If open source is the foundation, AI has become the rocket fuel for personal software. Building something just for yourself used to mean wrestling with unfamiliar frameworks or spending hours debugging arcane errors. Now? AI can help you scaffold a project, troubleshoot issues, or even just explain a tricky codebase.</p>
<p>I’ve seen friends who swore off frontend development, intimidated by the learning curve, turn around and build working dashboards in a single evening (with a little help from tools like GitHub Copilot). AI isn’t a replacement for learning, but it’s a facilitator for unblocking ideas and accelerating progress.</p>
<p><em>Watch me build an app in the demo below 👇</em></p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe title="Rubber Duck Thursday - let's hack" width="500" height="281" src="https://www.youtube.com/embed/0kiYEKqV9DY?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<h2 class="wp-block-heading" id="h-reducing-mental-overhead-and-increasing-joy">Reducing mental overhead and increasing joy</h2>
<p>For me, the biggest benefit of building my own tools isn’t just the time saved, it’s the reduction in mental overhead. When you know that a part of your workflow is handled, you’re free to focus your mind on more creative or meaningful work.</p>
<p>I find it so much more fun to build now because I have my AI sidekick that will tell me where I went wrong or how to fix something that is incorrect. I’m no longer toiling over software that I want to build and crying because I can’t figure out the bugs.</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Building personal software and using open source and AI have made building software more enjoyable.</p>
</blockquote>
<h2 class="wp-block-heading" id="h-security-sharing-and-growing-your-tools">Security, sharing, and growing your tools</h2>
<p>Of course, when a tool is just for me, I don’t worry about making it bulletproof. But the moment I open source it and others start using it, security and maintainability become part of the conversation. That’s where community shines! Others may notice issues, suggest improvements, or even take the project in new directions.</p>
<p>I try to be clear in my contributing guidelines: If you want to add a feature that’s not on my personal roadmap, go ahead and fork it! That’s the beauty of open source — it enables everyone to shape software to their own needs.</p>
<p>Building personal tools, sharing them, and watching them grow is one of the most rewarding parts of being a developer. With open source and AI at our fingertips, there’s never been a better time to create the exact solutions you need — and maybe help someone else along the way.</p>
<div class="wp-block-group post-content-cta has-global-padding is-layout-constrained wp-block-group-is-layout-constrained">
<p>Hear more stories and tips on the <a href="https://open.spotify.com/show/660KitvdJDX2vUmioAbwSQ">GitHub Podcast > </a></p>
</div>
</body></html>
<p>The post <a href="https://github.blog/open-source/maintainers/building-personal-apps-with-open-source-and-ai/">Building personal apps with open source and AI</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">90763</post-id> </item>
<item>
<title>GitHub Availability Report: August 2025</title>
<link>https://github.blog/news-insights/company-news/github-availability-report-august-2025/</link>
<dc:creator><![CDATA[Jakub Oleksy]]></dc:creator>
<pubDate>Thu, 11 Sep 2025 19:53:44 +0000</pubDate>
<category><![CDATA[Company news]]></category>
<category><![CDATA[News & insights]]></category>
<category><![CDATA[GitHub Availability Report]]></category>
<guid isPermaLink="false">https://github.blog/?p=90760</guid>
<description><![CDATA[<p>In August, we experienced three incidents that resulted in degraded performance across GitHub services.</p>
<p>The post <a href="https://github.blog/news-insights/company-news/github-availability-report-august-2025/">GitHub Availability Report: August 2025</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[
<p>In August, we experienced three incidents that resulted in degraded performance across GitHub services.</p>
<p><strong>August 5 15:42 UTC (lasting 32 minutes)</strong></p>
<p>At 15:33 UTC on August 5, 2025, we initiated a production database migration to drop a column from a table backing pull request functionality. While the column was no longer in direct use, our ORM continued to reference the dropped column in a subset of pull request queries. As a result, there were elevated error rates across pushes, webhooks, notifications, and pull requests with impact peaking at approximately 4% of all web and REST API traffic.</p>
<p>We mitigated the issue by deploying a change that instructed the ORM to ignore the removed column. Most affected services recovered by 16:13 UTC. However, that fix was applied only to our largest production environment. An update to some of our custom and canary environments did not pick up the fix and this triggered a secondary incident affecting ~0.1% of pull request traffic, which was fully resolved by 19:45 UTC.</p>
<p>While migrations have protections, such as progressive roll-out first targeting validation environments and acknowledge gates, this incident identified an application monitoring gap that would have prevented continued rollout when impact was observed. We will add additional automation and safeguards to prevent future incidents without requiring human intervention. We are also already working on a way to streamline some types of changes across environments, which would have prevented the second incident from occurring.</p>
<p><strong>August 12 13:30 UTC (lasting 3 hours and 44 minutes)</strong></p>
<p>On August 12, 2025, between 13:30 UTC and 17:14 UTC, GitHub search was in a degraded state. Users experienced inaccurate or incomplete results, failures to load certain pages (like issues, pull requests, projects, and deployments) and broken components (like actions workflow and label filters).</p>
<p>Most user impact occurred between 14:00 UTC and 15:30 UTC, when up to 75% of search queries failed, and updates to search results were delayed by up to 100 minutes.</p>
<p>The incident was triggered by intermittent connectivity issues between our load balancers and search hosts. While retry logic initially masked these problems, retry queues eventually overwhelmed the load balancers, causing failure. The query failures were mitigated at 15:30 UTC after throttling our search indexing pipeline to reduce load and stabilize retries. The connectivity failures were resolved at 17:14 UTC after the automated reboot of a search host, causing the rest of the system to recover.</p>
<p>We have improved internal monitors and playbooks, and tuned our search cluster load balancer to further mitigate the recurrence of this failure mode. We’ve identified and resolved a configuration issue in our load balancing tier that was triggering these issues.</p>
<p><strong>August 27 20:35 UTC (lasting 46 minutes)</strong></p>
<p>On August 27, 2025, between 20:35 and 21:17 UTC, Copilot, web, and REST API traffic experienced degraded performance. Copilot saw an average of 36% of requests fail with a peak failure rate of 77%. Approximately 2% of all non-Copilot web and REST API traffic requests failed.</p>
<p>This incident occurred after we initiated a production database migration to drop a column from a table backing copilot functionality. While the column was no longer in direct use, our ORM continued to reference the dropped column. This led to a large number of 5xx responses and was similar to the incident on August 5. At 21:15 UTC, we applied a fix to the production schema, and by 21:17 UTC, all services had fully recovered.</p>
<p>While repairs were in progress to avoid this situation, they were not completed quickly enough to prevent a second incident. We have now implemented a temporary block for all drop column operations as an immediate solution while we add more safeguards to prevent similar issues from occurring in the future. We are also implementing graceful degradation so that Copilot issues will not impact other features of our product.</p>
<hr class="wp-block-separator has-alpha-channel-opacity"/>
<p>Please follow our <a href="https://www.githubstatus.com/">status page</a> for real-time updates on status changes and post-incident recaps. To learn more about what we’re working on, check out the <a href="https://github.blog/category/engineering/">GitHub Engineering Blog</a>.</p>
<p>The post <a href="https://github.blog/news-insights/company-news/github-availability-report-august-2025/">GitHub Availability Report: August 2025</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">90760</post-id> </item>
<item>
<title>GitHub Copilot coding agent 101: Getting started with agentic workflows on GitHub</title>
<link>https://github.blog/ai-and-ml/github-copilot/github-copilot-coding-agent-101-getting-started-with-agentic-workflows-on-github/</link>
<dc:creator><![CDATA[Alexandra Lietzke]]></dc:creator>
<pubDate>Thu, 11 Sep 2025 16:00:00 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[AI]]></category>
<category><![CDATA[coding agent]]></category>
<guid isPermaLink="false">https://github.blog/?p=90718</guid>
<description><![CDATA[<p>Delegate it a task, and coding agent can independently write, run, and test code. Here’s how you can make the most of it.</p>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/github-copilot-coding-agent-101-getting-started-with-agentic-workflows-on-github/">GitHub Copilot coding agent 101: Getting started with agentic workflows on GitHub</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Earlier this year, GitHub introduced an integrated, enterprise-ready <a href="https://github.blog/news-insights/product-news/github-copilot-meet-the-new-coding-agent/">coding agent</a> for <a href="https://github.com/features/copilot">Copilot</a>. Coding agent is a software engineering (SWE) agent that runs independently in the background to complete assigned tasks — similar to a peer developer. </p>
<p>The agent starts its work when you hand it a task. Then it spins up a fully customizable development environment, powered by <a href="https://github.com/features/actions">GitHub Actions</a>. You can track it every step of the way, from issue to pull request to review to approval. </p>
<p>The agent is designed to help you offload tasks like fixing bugs, test coverage, or refactoring code, so you can work on what interests you most. ✨</p>
<p>Let’s learn more about coding agent, how it works, and how you can use it to work more efficiently.</p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe title="What's new with the Copilot coding agent | GitHub Checkout" width="500" height="281" src="https://www.youtube.com/embed/t4ERV6aHCPM?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<h2 class="wp-block-heading" id="h-what-is-github-copilot-coding-agent">What is GitHub Copilot coding agent?</h2>
<p>Designed to amplify developer workflows and tackle assigned tasks end to end, GitHub Copilot coding agent works as your asynchronous AI teammate. You can hand tasks to coding agent multiple ways: </p>
<ul class="wp-block-list">
<li><strong>GitHub Issues: </strong><a href="https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/assign-copilot-to-an-issue">Assign an issue</a> to Copilot on github.com or GitHub Mobile.</li>
<li><strong>Visual Studio Code: </strong>Delegate tasks to Copilot and track running tasks with the <a href="https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-pull-request-github">GitHub Pull Requests extension</a>.</li>
<li><strong>Agents panel: </strong>Hand new tasks to Copilot and track existing tasks without navigating away from your current work by clicking <strong>View all tasks</strong>, or bookmark<a href="https://github.com/copilot/agents"> github.com/copilot/agents</a> for direct access.</li>
</ul>
<p>It’s more than just a pair programmer. Coding agent takes on low-to-medium complexity tasks so you can focus on what matters to you. To do its work, the agent reviews your repository’s context, including related issues, pull request discussions, and custom instructions.</p>
<p>Coding agent can help you:</p>
<ul class="wp-block-list">
<li>Fix bugs</li>
<li>Implement incremental features</li>
<li>Refactor code</li>
<li>Improve test coverage</li>
<li>Update documentation</li>
<li><a href="https://github.blog/ai-and-ml/github-copilot/how-we-accelerated-secret-protection-engineering-with-copilot/">Accelerate secret scanning</a></li>
<li><a href="https://github.blog/ai-and-ml/github-copilot/how-the-github-billing-team-uses-the-coding-agent-in-github-copilot-to-continuously-burn-down-technical-debt/">Address technical debt</a></li>
</ul>
<p>Built with security in mind, coding agent’s pull requests require human approval before any CI/CD workflows run, which adds an additional layer of protection. And with built-in audit logs and branch protections, every change is reviewed before it ships to keep you in control.</p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--2" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-security-first-built-in-protections-for-copilot-coding-agent" style="margin-top:0">Security first: Built-in protections for Copilot coding agent</h3>
<p>Designed with security at its core, coding agent operates in a sandboxed environment with restricted internet access and limited repository permissions. The agent has many security features already baked in:  </p>
<ul class="wp-block-list">
<li>It can only push to branches it creates (e.g., copilot/*), ensuring your main and team-managed branches remain untouched. </li>
<li>All pull requests require independent human review since Copilot can’t approve or merge its own work. </li>
<li>CI/CD checks in GitHub Actions won’t run without your approval, and all commits are co-authored for traceability. </li>
<li>Your existing org policies and branch protections apply automatically.</li>
</ul>
</aside>
<h2 class="wp-block-heading" id="how-is-coding-agent-different-from-traditional-ai-coding-assistants">How is coding agent different from traditional AI coding assistants?</h2>
<p>When it comes to using a traditional AI coding assistant in an IDE, any code you write is stored locally. The assistant helps write the code, but developers still do most of the heavy lifting. They have to create the branch, write commit messages, push changes, open and write the pull request, manage reviews, iterate, and repeat. Doing all this work takes valuable time and effort.<br><br>On the other hand, Copilot coding agent helps automate developer workflows. Rather than working in isolated IDE sessions, the agent operates directly within the GitHub pull request workflow. It asynchronously automates tedious tasks like branch creation, commit writing, and pull request reviews, making the process more transparent and collaborative. Every step is logged, visible, and open to team input — turning solo coding into a shared, streamlined experience.</p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--3" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-what-s-the-difference-between-coding-agent-and-agent-mode" style="margin-top:0">What’s the difference between coding agent and agent mode?</h3>
<p>Coding agent is an asynchronous collaborator and works on your behalf like a teammate. It is an SWE agent that runs inside GitHub Actions, picks up issues you assign it, explores the repository for context, writes code, passes tests, and opens a pull request for your review.</p>
<p>Agent mode pairs with you synchronously as you work inside your IDE of choice — whether VS Code or JetBrains, Eclipse, and Xcode — as a real-time collaborator that iterates on code, runs tests, and fixes its own mistakes in real time.</p>
<p>BTW: Both use <a href="https://docs.github.com/en/copilot/managing-copilot/monitoring-usage-and-entitlements/about-premium-requests">Copilot premium requests</a> (coding agent only requires one), and coding agent uses <a href="https://docs.github.com/en/billing/managing-billing-for-your-products/managing-billing-for-github-actions/about-billing-for-github-actions">GitHub Actions minutes</a>, so plan and budget accordingly with your teams.</p>
</aside>
<h2 class="wp-block-heading" id="how-does-coding-agent-work">How does coding agent work?</h2>
<p>Designed to fit into your development flow on GitHub, Copilot coding agent is built directly into GitHub’s native control layer. It starts working when you <a href="https://docs.github.com/en/enterprise-cloud@latest/copilot/how-tos/use-copilot-agents/coding-agent/assign-copilot-to-an-issue">assign a GitHub Issue to Copilot</a>, <a href="https://github.blog/news-insights/product-news/agents-panel-launch-copilot-coding-agent-tasks-anywhere-on-github/">start a task from the agents panel</a>, or <a href="https://docs.github.com/en/enterprise-cloud@latest/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-visual-studio-code">initiate a task from Copilot Chat in VS Code</a>. From there, the agent opens a draft pull request, pushes commits as it works, and logs key steps along the way so you can track its progress in real time.</p>
<p>Even though coding agent does the work, you remain in control throughout the entire process. You can review, give feedback, and ask Copilot to iterate via pull request reviews.</p>
<p>Under the hood, Copilot runs in a secure, ephemeral development environment powered by GitHub Actions, which is the world’s largest (and GitHub’s native) automation and CI/CD ecosystem. In its development environment, Copilot can explore your codebase for context, make changes, run tests and linters, and more. You can <a href="https://docs.github.com/en/enterprise-cloud@latest/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment">customize this development environment</a> with the tools and dependencies you need, leveraging the catalog 25,000 community based actions.</p>
<h2 class="wp-block-heading" id="how-can-i-use-coding-agent-in-github-copilot">How can I use coding agent in GitHub Copilot?</h2>
<p>The process of using GitHub’s coding agent is similar to assigning a task to a teammate. To start, you can <a href="https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/assign-copilot-to-an-issue">assign an issue</a> to @github on <a href="https://github.com/">GitHub.com</a>, <a href="https://github.com/mobile">GitHub Mobile</a>, or the <a href="https://cli.github.com/">CLI</a>. You can use the<a href="https://docs.github.com/en/enterprise-cloud@latest/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr#asking-copilot-to-create-a-pull-request-from-the-agents-panel-or-page"> agents panel</a> on any page on <a href="http://github.com">GitHub.com</a>. You can also prompt Copilot directly from <a href="https://docs.github.com/en/copilot/how-tos/use-chat">GitHub Copilot Chat</a> in your favorite IDE, or any <a href="https://docs.github.com/en/copilot/concepts/about-mcp">Model Context Protocol (MCP)</a>–supported tool. MCP lets you extend the agent’s capabilities with external data sources, and can even support vision models, so you can assign issues with screenshots or mockups.</p>
<p><strong>Here’s a step-by-step guide on how to use coding agent: </strong></p>
<ol class="wp-block-list">
<li>Hand a task to Copilot, for example by assigning an issue or <a href="https://github.blog/news-insights/product-news/agents-panel-launch-copilot-coding-agent-tasks-anywhere-on-github/">using the agents panel</a></li>
<li>Coding agent opens a draft pull request tagged [WIP] that it uses to track and complete its work. </li>
<li>Once Copilot is done, it will update the pull request with a clear title and description and tag you for review</li>
<li>If anything needs to be changed, you can leave comments tagging @copilot on the draft pull request, and coding agent will use your feedback to iterate on its work.</li>
</ol>
<h2 class="wp-block-heading" id="unlocking-copilots-full-potential-with-mcp">Unlocking Copilot’s full potential with MCP</h2>
<p>When you pair Copilot with <a href="https://docs.github.com/en/copilot/concepts/coding-agent/mcp-and-coding-agent">Model Context Protocol</a> (MCP), its capabilities expand dramatically.</p>
<p>MCP is an open standard that allows applications to share context with large language models (LLMs). Coding agent has both <a href="https://github.com/microsoft/playwright-mcp">Playwright</a> and GitHub MCP servers built right in, and you can add your own.</p>
<p>One thing to note: Copilot’s access to the internet is limited by a <a href="https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-firewall">firewall</a>, but default rules allow access to a number of hosts that Copilot uses to interact with GitHub or to download dependencies.<br></p>
<p>To get started, repository admins can configure MCP servers using a JSON file in the repo settings. Once enabled, coding agent uses these tools autonomously, streamlining workflows and reducing developer overhead.<br><br>Whether you’re building a feature or <a href="https://github.blog/ai-and-ml/github-copilot/debugging-ui-with-ai-github-copilot-agent-mode-meets-mcp-servers/">triaging bugs</a>, MCP turns Copilot into an even more context-aware, tool-savvy, and capable coding partner.</p>
<h2 class="wp-block-heading" id="take-this-with-you">Take this with you</h2>
<p>Copilot coding agent can help you do your best work. It takes on the more tedious parts of development so you can stay in the zone, move faster, and focus on solving real problems.</p>
<p>Whether you’re working on developing a brand new idea or simply trying to get through a long list of fixes, coding agent can help you build momentum — with less friction and more flow. Happy coding!</p>
<div class="wp-block-group post-content-cta has-global-padding is-layout-constrained wp-block-group-is-layout-constrained">
<p>Looking to try coding agent? <a href="https://docs.github.com/en/copilot/about-github-copilot/github-copilot-features">Read the Docs</a> or <a href="https://resources.github.com/copilot-for-business/?ef_id=_k_Cj0KCQjwsp6pBhCfARIsAD3GZubTXuCGU1hy65GlbZ2fA1YjoRRhw64GoF8UI-lrQsnWSqAWJ7dC3QoaAqQ4EALw_wcB_k_&OCID=AIDcmmc3fhtaow_SEM__k_Cj0KCQjwsp6pBhCfARIsAD3GZubTXuCGU1hy65GlbZ2fA1YjoRRhw64GoF8UI-lrQsnWSqAWJ7dC3QoaAqQ4EALw_wcB_k_&gclid=Cj0KCQjwsp6pBhCfARIsAD3GZubTXuCGU1hy65GlbZ2fA1YjoRRhw64GoF8UI-lrQsnWSqAWJ7dC3QoaAqQ4EALw_wcB">get started</a> today.</p>
</div>
<h3 class="wp-block-heading" id="more-resources-to-explore">More resources to explore:</h3>
<ul class="wp-block-list">
<li><a href="https://docs.github.com/en/copilot/how-tos/administer-copilot/manage-for-organization/add-copilot-coding-agent">Learn how to add Github copilot coding agent to your organization</a></li>
<li><a href="https://docs.github.com/en/copilot/using-github-copilot/coding-agent">Explore Copilot coding agent documentation</a> </li>
<li><a href="https://docs.github.com/en/copilot/responsible-use-of-github-copilot-features/responsible-use-of-copilot-coding-agent-on-githubcom">Learn more about responsible use of Copilot coding agent on GitHub.com</a></li>
</ul>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/github-copilot-coding-agent-101-getting-started-with-agentic-workflows-on-github/">GitHub Copilot coding agent 101: Getting started with agentic workflows on GitHub</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">90718</post-id> </item>
<item>
<title>Your guide to GitHub Universe 2025: The schedule just launched!</title>
<link>https://github.blog/news-insights/company-news/your-guide-to-github-universe-2025-the-schedule-just-launched/</link>
<dc:creator><![CDATA[GitHub Staff]]></dc:creator>
<pubDate>Wed, 10 Sep 2025 20:52:28 +0000</pubDate>
<category><![CDATA[Company news]]></category>
<category><![CDATA[News & insights]]></category>
<category><![CDATA[GitHub Universe]]></category>
<guid isPermaLink="false">https://github.blog/?p=90703</guid>
<description><![CDATA[<p>Create your own agenda of favorites, sign up for one-on-on mentoring sessions, and register if you haven’t already. We’ll see you there!</p>
<p>The post <a href="https://github.blog/news-insights/company-news/your-guide-to-github-universe-2025-the-schedule-just-launched/">Your guide to GitHub Universe 2025: The schedule just launched!</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Huzzah! The GitHub Universe schedule just dropped, and it’s full of exciting sessions (over 100!), demos, and panels covering the boundless potential of AI-powered development. </p>
<p>If you haven’t yet registered, here’s what you need to know. This two-day event hosts some of the greatest minds in tech. We have experts from companies like Red Hat, HubSpot, CVS, General Motors, and more leading our sessions — covering everything from vibe coding and automation at scale to AI-driven security. You’ll also have the opportunity to chat with the GitHub team one-on-one, get your questions answered, and even get career advice. Did we mention there are two demo stages this year? One with donuts and one with a silent disco. </p>
<ul class="wp-block-list">
<li><strong>When</strong>: October 28-29</li>
<li><strong>Where</strong>: Fort Mason Center, San Francisco, CA</li>
</ul>
<p>Some more good news: We’re extending our Early Bird discount through Wednesday, September 17. This will be your last chance to save $400 on an in-person pass. The best part? You can combine that savings with our group discounts: 25% off when you buy 3+ passes and 35% off when you buy 8+ passes. Be sure to pick up your passes now before prices go up!</p>
<p>[<a href="https://githubuniverse.com/?utm_source=Blog&utm_medium=GitHub&utm_campaign=sessions">Register now</a>]</p>
<h2 class="wp-block-heading" id="h-the-schedule">The schedule</h2>
<p>Here’s a sneak peek of some of the sessions we have planned. You can jump to the <a href="https://githubuniverse.com/#agenda">full agenda</a> right here — be sure to mark your favorites to build your own personal calendar. </p>
<h3 class="wp-block-heading" id="h-build-faster-stay-in-flow">Build faster, stay in flow</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table1-1.png?resize=1024%2C538" alt="How to practice compassion (not criticism) during code reviews" class="wp-image-90704" srcset="https://github.blog/wp-content/uploads/2025/09/table1-1.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table1-1.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table1-1.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table1-1.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table1-1.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table1-2.png?resize=1024%2C538" alt="Tackling your tech debt with Copilot coding agent" class="wp-image-90706" srcset="https://github.blog/wp-content/uploads/2025/09/table1-2.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table1-2.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table1-2.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table1-2.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table1-2.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table1-4.png?resize=1024%2C538" alt="Co-op with GitHub Copilot: Building games the smarter way" class="wp-image-90708" srcset="https://github.blog/wp-content/uploads/2025/09/table1-4.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table1-4.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table1-4.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table1-4.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table1-4.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table1-3.png?resize=1024%2C538" alt="Building GitHub with Copilot: How our engineers multiply their impact and reliably ship features" class="wp-image-90707" srcset="https://github.blog/wp-content/uploads/2025/09/table1-3.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table1-3.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table1-3.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table1-3.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table1-3.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h3 class="wp-block-heading" id="h-automate-and-scale-with-confidence">Automate and scale with confidence </h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table2-1.png?resize=1024%2C538" alt="Dawn of the agents: Leveraging AI-powered tools to accelerate software development" class="wp-image-90730" srcset="https://github.blog/wp-content/uploads/2025/09/table2-1.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table2-1.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table2-1.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table2-1.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table2-1.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table2-2.png?resize=1024%2C538" alt="Flying high with AI: Cathay Pacific on transforming software development" class="wp-image-90731" srcset="https://github.blog/wp-content/uploads/2025/09/table2-2.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table2-2.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table2-2.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table2-2.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table2-2.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table-2-4.png?resize=1024%2C538" alt="From burnout to breakthrough: Building agentic workflows that save millions" class="wp-image-90733" srcset="https://github.blog/wp-content/uploads/2025/09/table-2-4.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table-2-4.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table-2-4.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table-2-4.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table-2-4.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table-2-3.png?resize=1024%2C538" alt="5 ways to automate everyday workflows with GitHub Actions" class="wp-image-90732" srcset="https://github.blog/wp-content/uploads/2025/09/table-2-3.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table-2-3.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table-2-3.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table-2-3.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table-2-3.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h3 class="wp-block-heading" id="h-secure-every-commit">Secure every commit</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table3-1.png?resize=1024%2C538" alt="" class="wp-image-90734" srcset="https://github.blog/wp-content/uploads/2025/09/table3-1.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table3-1.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table3-1.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table3-1.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table3-1.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table3-2.png?resize=1024%2C538" alt="" class="wp-image-90735" srcset="https://github.blog/wp-content/uploads/2025/09/table3-2.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table3-2.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table3-2.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table3-2.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table3-2.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table-3-4.png?resize=1024%2C538" alt="" class="wp-image-90736" srcset="https://github.blog/wp-content/uploads/2025/09/table-3-4.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table-3-4.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table-3-4.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table-3-4.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table-3-4.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/09/table3-3.png?resize=1024%2C538" alt="" class="wp-image-90737" srcset="https://github.blog/wp-content/uploads/2025/09/table3-3.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/table3-3.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/table3-3.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/table3-3.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/table3-3.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>[<a href="https://reg.githubuniverse.com/flow/github/universe25/attendee-portal/page/sessioncatalog?utm_source=Blog&utm_medium=GitHub&utm_campaign=sessions">See the full agenda</a>]</p>
<p>Not sure what to pick? We also have <a href="https://reg.githubuniverse.com/flow/github/universe25/attendee-portal/page/curatedagendas">curated agendas</a> that are built around specific goals, roles, or industries. Whether you’re a developer, or you’re working in financial services, or simply want to know what’s new in the AI era, we have an agenda to suit your needs.   </p>
<h2 class="wp-block-heading" id="more-opportunities-to-learn-before-during-and-after-universe">More opportunities to learn before, during, and after Universe </h2>
<p>Even when you’re not in-session (as it were), there will be so much to enjoy (and learn) from this experience. </p>
<h3 class="wp-block-heading" id="github-hq-day-of-learning-experience-and-certifications">GitHub HQ day of learning experience and certifications</h3>
<p>New this year: <strong>On October 30, </strong>you’ll also have the opportunity to join the <strong>exclusive GitHub HQ day of learning experience.  Your general admission pass to GitHub Universe now includes a GitHub or Microsoft Certification exam</strong>. Spaces are limited and available on a first-come, first-served basis, so be sure to sign up early!</p>
<p>Whether you’re looking to sharpen your GitHub Copilot expertise, deepen your understanding of GitHub Advanced Security, or explore other certifications, this is your chance to bring valuable skills back to your workplace or showcase your proficiency for your next career move.</p>
<p>Here’s what to expect at HQ:</p>
<ul class="wp-block-list">
<li><strong>Certification exams</strong>: Earn official GitHub or Microsoft Learn credentials (pre-registration required). Available exams include GitHub Actions, GitHub Administration, GitHub Advanced Security, GitHub Foundations and GitHub Copilot. Plus, Microsoft DevOps Engineer Expert, Microsoft Azure Administrator Associate, and Microsoft Azure Developer Associate. <em>Note: If you don’t take your certification exam at HQ, you can still take your exam remotely up to 90 days after Universe. </em></li>
<li><strong>Applied Skills labs</strong>: Test your knowledge in real-world, interactive challenges designed to strengthen your expertise.</li>
<li><strong>HQ tours</strong>: Step inside GitHub’s San Francisco headquarters for a rare behind-the-scenes experience.</li>
<li><strong>Community and celebration</strong>: Enjoy swag, raffles, and the opportunity to connect with GitHub leaders and fellow learners.</li>
</ul>
<h3 class="wp-block-heading" id="one-on-one-sessions">One-on-one sessions</h3>
<p>If you’re already registered for Universe, don’t forget to <a href="https://reg.githubuniverse.com/flow/github/universe25/attendee-portal/login">sign up</a> for one-on-one meetings at the Career Corner (if you’re looking for job advice) or the GitHub Expert Center (for help on just about everything else!). </p>
<h3 class="wp-block-heading" id="on-site-explorations">On-site explorations</h3>
<p>There’s no shortage of <a href="https://github.blog/news-insights/company-news/explore-the-best-of-github-universe-9-spaces-built-to-spark-creativity-connection-and-joy/">activities</a> in between sessions. Head to the Open Source Zone to connect with contributors, maintainers, and community leaders, then to The Shop to pick up the latest Copilot swag. Recess is a spot to meet fellow attendees who share your non-dev passions and Makerspace is where you can reimagine what code can do. </p>
<p>[<a href="https://githubuniverse.com/?utm_source=Blog&utm_medium=GitHub&utm_campaign=sessions">Get your pass</a>] </p>
<h3 class="wp-block-heading" id="virtual-micro-mentoring-for-students">Virtual micro-mentoring for students</h3>
<p>As part of our <a href="https://github.com/social-impact">Social Impact</a> programming, we’re offering current students the opportunity to connect with a GitHub employee through a virtual micro-mentoring session ahead of GitHub Universe. These 30-minute, one-on-one sessions will be held between October 20 and October 31, and mentees can expect everything from personalized resume feedback and career advice to skill development tips. Spots are limited, so be sure to apply by September 19.</p>
<p>[<a href="https://docs.google.com/forms/d/e/1FAIpQLSf6TEK0lGutzz836bNBOmOfsFUQlCzT1kMMY-rUSaL6Wtwo4Q/viewform">Apply here</a>]</p>
<p>See you soon! </p>
<h2 class="wp-block-heading" id="additional-resources-%f0%9f%93%9a">Additional resources 📚</h2>
<ul class="wp-block-list">
<li>Learn more about <a href="https://github.blog/news-insights/company-news/explore-the-best-of-github-universe-9-spaces-built-to-spark-creativity-connection-and-joy/">what to expect at GitHub Universe this year</a></li>
<li>Need help convincing your manager? Use our <a href="https://githubuniverse.com/convince">customizable email template</a> to make your case.</li>
<li>Still have questions? See if it’s been answered in our <a href="https://githubuniverse.com/#faq">FAQ</a>.    </li>
</ul>
</body></html>
<p>The post <a href="https://github.blog/news-insights/company-news/your-guide-to-github-universe-2025-the-schedule-just-launched/">Your guide to GitHub Universe 2025: The schedule just launched!</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">90703</post-id> </item>
<item>
<title>How to use the GitHub and JFrog integration for secure, traceable builds from commit to production</title>
<link>https://github.blog/enterprise-software/devsecops/how-to-use-the-github-and-jfrog-integration-for-secure-traceable-builds-from-commit-to-production/</link>
<dc:creator><![CDATA[April Yoho]]></dc:creator>
<pubDate>Tue, 09 Sep 2025 22:00:00 +0000</pubDate>
<category><![CDATA[DevSecOps]]></category>
<category><![CDATA[Enterprise software]]></category>
<category><![CDATA[compliance]]></category>
<category><![CDATA[supply chain security]]></category>
<guid isPermaLink="false">https://github.blog/?p=90682</guid>
<description><![CDATA[<p>Connect commits to artifacts without switching tools.</p>
<p>The post <a href="https://github.blog/enterprise-software/devsecops/how-to-use-the-github-and-jfrog-integration-for-secure-traceable-builds-from-commit-to-production/">How to use the GitHub and JFrog integration for secure, traceable builds from commit to production</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Today, we’re introducing a new integration between GitHub and JFrog that connects your source code and your attested binaries in one secure, traceable workflow.</p>
<p>For developers who often find themselves jumping between multiple tools to figure out which commit produced which artifact — or piecing together results from separate security scans for code and binaries — this integration can save time and effort, centralizing everything you need all in one place.</p>
<p>Below, we’ll dig into why the GitHub and JFrog integration is important, how it works, and how you can start using it today.</p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="GitHub and JFrog: Artifact Attestation from Commit to Customer" width="500" height="281" src="https://www.youtube.com/embed/DH15vD6RPYQ?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<h2 class="wp-block-heading" id="h-why-we-built-the-github-and-jfrog-integration-nbsp">Why we built the GitHub and JFrog integration </h2>
<p>Modern software delivery is a supply chain. Your source code, build pipelines, and production artifacts are all links in that chain — and every link needs to be secure, traceable, and automated. Likewise, any weak link is a point of ingress for bad actors to gain access to data that should remain private and secure. </p>
<p>But keeping this complete supply chain secure is challenging for developers who have numerous (and continually growing) responsibilities. When we talked to teams shipping at scale, we kept hearing the same pain points:</p>
<ul class="wp-block-list">
<li>“We lose traceability once the build leaves GitHub.”</li>
<li>“Security scanning is split between multiple systems, and we have to reconcile results manually.”</li>
<li>“Our CI/CD pipelines feel stitched together instead of seamless.”</li>
</ul>
<p>To address these issues, we worked closely with JFrog’s engineers to design a workflow where the commit that triggers a build is cryptographically linked to the artifact it produces, security scanning happens automatically and in context — providing the vulnerability scan attestations located in JFrog Evidence, and publishing and promoting artifacts, in compliance with an organization’s policies, is just another step in your GitHub Actions workflow, not a separate process.</p>
<p>Our goal: to remove friction, reduce risk, and give developers more time to focus on building features instead of managing handoffs. </p>
<p>The integration we’re announcing today unlocks a seamless experience that lets you:</p>
<ul class="wp-block-list">
<li><strong>Run unified security scans, </strong>prioritizing Dependabot alerts based on production context from JFrog.</li>
<li><strong>Publish and promote artifacts</strong> using policy-based gating of artifact promotion.</li>
<li><strong>Automatically</strong> have all attestations created on GitHub (provenance, SBOM, custom attestations) ingested into JFrog evidence and associated with the build artifact. </li>
</ul>
<h2 class="wp-block-heading" id="h-here-s-how-it-works">Here’s how it works</h2>
<p>The integration connects GitHub’s developer platform with JFrog’s software supply chain platform using secure authentication and build metadata.</p>
<p><strong>Here’s the flow:</strong></p>
<ol class="wp-block-list">
<li>Push code to GitHub.</li>
<li>Build and test with GitHub Actions.</li>
<li>Link commits, builds, and artifacts for full lifecycle visibility.</li>
<li>Publish artifacts to Artifactory automatically.</li>
<li>Scan code with GitHub Advanced Security and artifacts with JFrog Xray.</li>
</ol>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="658" width="1024" src="https://github.blog/wp-content/uploads/2025/09/jfrog1.png?resize=1024%2C658" alt="Diagram showing the GitHub and JFrog integration." class="wp-image-90684" srcset="https://github.blog/wp-content/uploads/2025/09/jfrog1.png?w=1252 1252w, https://github.blog/wp-content/uploads/2025/09/jfrog1.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/jfrog1.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/jfrog1.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h2 class="wp-block-heading" id="h-setting-it-up">Setting it up</h2>
<ol class="wp-block-list">
<li>Enable the GitHub integration in JFrog Artifactory by navigating to Administration → General Management → Manage Integrations → GitHub. Toggle “Enable GitHub Actions” and authenticate your GitHub organization. Select your token type. Then create a pull request.</li>
</ol>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="576" width="1024" src="https://github.blog/wp-content/uploads/2025/09/jfrog2.jpg?resize=1024%2C576" alt="JFrog Artifactory integration screen." class="wp-image-90685" srcset="https://github.blog/wp-content/uploads/2025/09/jfrog2.jpg?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/jfrog2.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/09/jfrog2.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/09/jfrog2.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/jfrog2.jpg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<ol start="2" class="wp-block-list">
<li>Trigger a build of your GitHub Actions workflow to build the artifact and generate the attestation. Make sure that your GitHub Actions workflow is using the ‘jfrog/jfrog-setup-cli’ and ‘actions/attest-build-provenance’ actions.</li>
</ol>
<pre class="wp-block-code language-plaintext"><code>- name: Attest docker image
uses: actions/attest-build-provenance@v2
with:
subject-name: oci://${{ env.JF_REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.build-and-push.outputs.digest }}</code></pre>
<p>Here’s an example of a workflow that you can use to generate the attestation and push it to Artifactory:</p>
<pre class="wp-block-code language-plaintext"><code>name: Build, Test & Attest
on:
push:
branches:
- main
env:
OIDC_PROVIDER_NAME: [...]
JF_URL: ${{ vars.JF_URL }}
JF_REGISTRY: ${{ vars.JF_REGISTRY }}
JF_DOCKER_REPO: [...]
IMAGE_NAME: [...]
BUILD_NAME: [...]
jobs:
build-test-deploy:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
attestations: write # Required for attestation
id-token: write # Added for OIDC token access
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Install JFrog CLI
id: setup-jfrog-cli
uses: jfrog/setup-jfrog-cli@v4.5.13
env:
JF_URL: ${{ env.JF_URL }}
with:
version: 2.78.8
oidc-provider-name: ${{ env.OIDC_PROVIDER_NAME }}
- name: Docker login
uses: docker/login-action@v3
with:
registry: ${{ env.JF_REGISTRY }}
username: ${{ steps.setup-jfrog-cli.outputs.oidc-user }}
password: ${{ steps.setup-jfrog-cli.outputs.oidc-token }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ env.JF_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.run_number }}
build-args: ${{ env.BUILD_ARGS }}
- name: Attest docker image
uses: actions/attest-build-provenance@v2
with:
subject-name: oci://${{ env.JF_REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.build-and-push.outputs.digest }}</code></pre>
<ol start="3" class="wp-block-list">
<li>Once the build has run and the attestation has been generated, it will push the artifact to the JFrog Artifactory staging repo. The artifact is now ready to be validated. </li>
</ol>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="310" width="1024" src="https://github.blog/wp-content/uploads/2025/09/jfrog3.png?resize=1024%2C310" alt="Artifactory view of the attestation in the dev environment." class="wp-image-90686" srcset="https://github.blog/wp-content/uploads/2025/09/jfrog3.png?w=1564 1564w, https://github.blog/wp-content/uploads/2025/09/jfrog3.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/jfrog3.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/jfrog3.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/jfrog3.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<ol start="4" class="wp-block-list">
<li>Once the artifact has been verified, confirming that a valid GitHub-signed provenance matches the trusted conditions (for example the issuer, repo, workflow, branch), on the policy passing, JFrog can automatically promote the attestation from the dev environment to the production environment. </li>
<li>Now that artifacts have been promoted to production, Dependabot continues scanning  its source repository, looking for dependencies and vulnerabilities. When a critical CVE is discovered, administrators will receive an alert of the security threat. </li>
</ol>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="692" width="1024" src="https://github.blog/wp-content/uploads/2025/09/jfrog4.jpg?resize=1024%2C692" alt="View of critical Dependabot alerts." class="wp-image-90687" srcset="https://github.blog/wp-content/uploads/2025/09/jfrog4.jpg?w=1538 1538w, https://github.blog/wp-content/uploads/2025/09/jfrog4.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/09/jfrog4.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/09/jfrog4.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/jfrog4.jpg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<ol start="6" class="wp-block-list">
<li>To find the alerts and vulnerabilities for artifacts that made it to production, we can filter with the following tag: <code>artifact-registry:jfrog-artifactory</code>.<br><br>With this integration enabled, artifact lifecycle data is automatically pushed from JFrog to GitHub using <a href="https://docs.github.com/en/rest/orgs/artifact-metadata?apiVersion=2022-11-28#create-artifact-metadata-storage-records">GitHub’s new artifact metadata API</a>. When an artifact is promoted to production in JFrog Artifactory, JFrog will automatically notify GitHub about the promotion, so that the artifact is picked up with the new Dependabot filter.</li>
</ol>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="387" width="1024" src="https://github.blog/wp-content/uploads/2025/09/jfrog5.jpg?resize=1024%2C387" alt="Dependabot filter for JFrog." class="wp-image-90688" srcset="https://github.blog/wp-content/uploads/2025/09/jfrog5.jpg?w=1551 1551w, https://github.blog/wp-content/uploads/2025/09/jfrog5.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/09/jfrog5.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/09/jfrog5.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/jfrog5.jpg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<ol start="7" class="wp-block-list">
<li>Once an alert has been identified, it can be remediated using the suggested dependency update, which then allows you to rebuild and redeploy with fresh provenance.</li>
</ol>
<p>To get the most out of using GitHub and Jfrog Artifactory, here are a few best practices: </p>
<ul class="wp-block-list">
<li><strong>Use OIDC</strong> to avoid long-lived credentials in your workflows.</li>
<li><strong>Automate promotions</strong> in Artifactory to move artifacts from dev → staging → production.</li>
<li><strong>Set security gates early</strong> so unattested or vulnerable builds never make it to production.</li>
<li><strong>Leverage provenance attestations</strong> in JFrog Evidence for instant traceability.</li>
</ul>
<h2 class="wp-block-heading" id="h-what-s-next">What’s next</h2>
<p>You can enable the GitHub and JFrog integration today to start building a more secure, automated, and traceable software supply chain. </p>
<p>For more details, check out the<a href="https://jfrog.com/help/r/jfrog-and-github-integration-guide/jfrog-for-github-dependabot"> JFrog integration guide</a> and the<a href="https://docs.github.com/en/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-production-context"> GitHub documentation</a>.</p>
</body></html>
<p>The post <a href="https://github.blog/enterprise-software/devsecops/how-to-use-the-github-and-jfrog-integration-for-secure-traceable-builds-from-commit-to-production/">How to use the GitHub and JFrog integration for secure, traceable builds from commit to production</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">90682</post-id> </item>
<item>
<title>How to debug a web app with Playwright MCP and GitHub Copilot</title>
<link>https://github.blog/ai-and-ml/github-copilot/how-to-debug-a-web-app-with-playwright-mcp-and-github-copilot/</link>
<dc:creator><![CDATA[Christopher Harrison]]></dc:creator>
<pubDate>Fri, 05 Sep 2025 16:00:00 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[MCP]]></category>
<category><![CDATA[Model Context Protocol]]></category>
<guid isPermaLink="false">https://github.blog/?p=90624</guid>
<description><![CDATA[<p>Reproduce and debug web app issues with ease using the Playwright MCP server and GitHub Copilot.</p>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/how-to-debug-a-web-app-with-playwright-mcp-and-github-copilot/">How to debug a web app with Playwright MCP and GitHub Copilot</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>I know it can feel like a unicorn, but most bug reports do, in fact, contain steps to reproduce the error (or repro steps). As wonderful as it is to have those, the process of walking through and validating everything is still tedious. In a perfect world, we’d have end-to-end or acceptance tests that could automate the process. Sadly, many projects lack robust testing.</p>
<p>Fortunately, GitHub Copilot with the help of the Playwright Model Context Protocol (MCP) server can automate that entire process.</p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="Automate debugging with the Playwright MCP server" width="500" height="281" src="https://www.youtube.com/embed/Sh9D3lQs3A8?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<p>Let’s explore how we pass the repro steps to Copilot agent mode, and let it use the Playwright MCP server to walk through them and validate the bug. In turn, it will track down and resolve the error.</p>
<h2 class="wp-block-heading" id="h-what-are-playwright-and-mcp-a-quick-overview-nbsp">What are Playwright and MCP? A quick overview </h2>
<p><a href="https://playwright.dev/">Playwright</a> is an end-to-end testing framework for web apps. You can use it to create scripts to act as a user, validate your application’s feature set, and assure quality.</p>
<p>For example, if you were building a shopping app, you could create a series of scripts to walk through the entire flow of searching for a product, adding it to the cart, and completing the purchase. These scripts are automated, allowing you to validate the process within seconds.</p>
<p>Originally developed by Anthropic, <a href="https://github.blog/ai-and-ml/llms/what-the-heck-is-mcp-and-why-is-everyone-talking-about-it/">MCP</a> is an open (and open source) protocol for exposing tools to AI agents. These tools could include providing additional context and information, or to allow the AI agent to perform actions.</p>
<p>Bringing this together: there’s a <a href="https://github.com/microsoft/playwright-mcp/blob/main/README.md">Playwright MCP server</a>, which provides tools from Playwright to AI agents (or GitHub Copilot in this case), to both create those scripts and perform the actions directly. This allows Copilot to actually walk through the repro steps for us!</p>
<h2 class="wp-block-heading" id="h-how-to-configure-playwright-mcp-server-for-github-copilot-in-vs-code">How to configure Playwright MCP server for GitHub Copilot in VS Code</h2>
<p>For you to use the Playwright MCP server, it needs to be available in your IDE. In VS Code, you can <a href="https://insiders.vscode.dev/redirect?url=vscode%3Amcp%2Finstall%3F%257B%2522name%2522%253A%2522playwright%2522%252C%2522command%2522%253A%2522npx%2522%252C%2522args%2522%253A%255B%2522%2540playwright%252Fmcp%2540latest%2522%255D%257D">install the Playwright MCP server</a> to make it available to all projects, or create a file in your <code>.vscode</code> folder tiled <code>mcp.json</code> and add the following:</p>
<pre class="wp-block-code language-javascript"><code>{
"servers": {
"playwright": {
"command": "npx",
"args": [
"@playwright/mcp@latest"
]
}
}
}</code></pre>
<p>Once you do that, you’ll notice a small <strong>play</strong> button appear just over <code>playwright</code> in the file. When you select that button, it’ll start the server so you can use it with Copilot agent mode! (<a href="https://github.blog/ai-and-ml/github-copilot/agent-mode-101-all-about-github-copilots-powerful-mode/">Get the guide</a> to using agent mode in Copilot.)</p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="816" width="1024" src="https://github.blog/wp-content/uploads/2025/09/image.png?resize=1024%2C816" alt='A screenshot showing the play button below "servers", just above "playwright", in a VS Code window.' class="wp-image-90625" srcset="https://github.blog/wp-content/uploads/2025/09/image.png?w=1330 1330w, https://github.blog/wp-content/uploads/2025/09/image.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/image.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/image.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>You’ll likely need to <a href="https://playwright.dev/docs/test-configuration">configure Playwright</a>, especially if you have a complex startup process for your website. My project is based on the <a href="https://github.com/github-samples/agents-in-sdlc">website in the Agents in SDLC workshop</a> (available on <a href="https://github.com/github-samples/agents-in-sdlc">GitHub samples</a>), and already has a frontend written with Astro & Svelte, and a backend using Flask. This configuration allowed Playwright to properly <a href="https://playwright.dev/docs/api/class-testconfig#test-config-web-server">start the app</a>. Also, fun fact: The config file was actually created by Copilot!</p>
<p>I used this prompt with Copilot agent mode to do it, and you can modify it for your particular requirements:</p>
<pre class="wp-block-code language-plaintext"><code>Add Playwright to this project. When configuring Playwright, note the startup script for the site. Ensure the configuration uses this startup script, and reuses the server if one is already launched.</code></pre>
<h2 class="wp-block-heading" id="the-scenario">The scenario</h2>
<p>Let’s say we have a crowdfunding website for DevOps-themed board games (a truly booming industry). Filters are available to the user to search by publisher and category. After discovering the publisher filter doesn’t work, a user files the following issue on GitHub:</p>
<pre class="wp-block-code language-plaintext"><code>## Error
The publisher filter doesn't actually filter the games by publisher.
## Repro steps
1. Go to the homepage.
2. Select a publisher from the dropdown list; the page updates.
3. Review the updated list, noting no change in the games listed.
## Expected behavior
The only games displayed are ones published by the selected publisher.
## Actual behavior
All games are still displayed.</code></pre>
<h2 class="wp-block-heading" id="how-copilot-agent-mode-automates-bug-reproduction-with-playwright">How Copilot agent mode automates bug reproduction with Playwright</h2>
<p>Copilot agent mode is built to be a peer programmer, which means we can give it tasks and then review its work. In other words, we can describe what we’re looking at, the problems we need to solve, what we expect Copilot to do and let Copilot take it from there!</p>
<p>If you’re following along in the video, you’ll notice I paraphrased the user’s reported issue in my own words. This is something I often do because it allows me to better understand the ask and to go back to the original filer for additional clarity. </p>
<p>In practice, I ended up sending the following prompt to Copilot agent mode:</p>
<pre class="wp-block-code language-plaintext"><code>A user is reporting the publisher filter doesn't do anything. Can you please use Playwright to confirm this is an issue, and if so track it down? Start by going to the landing page, using the dropdown for publisher, and seeing what happens. Thanks!</code></pre>
<figure class="wp-block-table"><table class="has-fixed-layout"><tbody><tr><td>💡 <strong>Pro tip:</strong> If you want to be fancy, you can also incorporate the <a href="https://github.com/github/github-mcp-server/blob/main/README.md">GitHub MCP server</a> into the flow by asking Copilot to track down the issue and to read the text directly. To streamline this blog, I’m going to stick to just the Playwright MCP server (but <a href="https://github.blog/ai-and-ml/generative-ai/a-practical-guide-on-how-to-use-the-github-mcp-server/">you can learn more about the GitHub MCP server and how to use it in our guide</a>).</td></tr></tbody></table></figure>
<p>From there, Copilot got to work. It utilized the Playwright MCP server to start the website and perform the repro steps. It then confirmed the user’s report: The publisher filter didn’t do anything.</p>
<p>With this knowledge, Copilot explored the project to track down the bug. It looked at the frontend code, which looked good. With the help of the Playwright MCP server, it also validated the calls to the API were taking place. Then it looked at the backend and discovered the (admittedly) simple problem: a typo.</p>
<p>What I really appreciated: After proposing a fix, it returned to Playwright to validate that the fix would actually work.</p>
<p>After this was done, I knew Copilot confirmed the bug, generated a fix, and demonstrated the fix resolved the bug. From there, I turned my attention to reviewing the code, running additional tests, and finally creating my pull request.  </p>
<h2 class="wp-block-heading" id="why-you-should-use-playwright-mcp-with-github-copilot-for-web-app-debugging">Why you should use Playwright MCP with GitHub Copilot for web app debugging</h2>
<p>Now yes, the bug itself was straightforward because I wanted to keep the demo focused on Copilot agent mode and Playwright. From experience I can confirm Copilot is invaluable with more complex bugs (I’m speaking from experience).</p>
<p>Here’s why all this matters: Providing Copilot agent mode with the ability to use Playwright allows it to “see” the impact its changes have on the website, and generally interact with your website, too. You can quickly configure Playwright for your project with the help of Copilot to take advantage of this functionality. And you can even take the next step by incorporating Playwright end-to-end tests into your project if you haven’t already done so. </p>
<div class="wp-block-group post-content-cta has-global-padding is-layout-constrained wp-block-group-is-layout-constrained">
<p><a href="https://docs.github.com/en/copilot/tutorials/enhance-agent-mode-with-mcp"><strong>Read the Docs</strong></a><strong> </strong>to start using agent mode in GitHub Copilot ></p>
</div>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/how-to-debug-a-web-app-with-playwright-mcp-and-github-copilot/">How to debug a web app with Playwright MCP and GitHub Copilot</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">90624</post-id> </item>
<item>
<title>GitHub is enabling broader access for developers in Syria following new government trade rules</title>
<link>https://github.blog/company/github-is-enabling-broader-access-for-developers-in-syria-following-new-government-trade-rules/</link>
<dc:creator><![CDATA[Mike Linksvayer]]></dc:creator>
<pubDate>Fri, 05 Sep 2025 06:00:00 +0000</pubDate>
<category><![CDATA[Company]]></category>
<guid isPermaLink="false">https://github.blog/?p=90643</guid>
<description><![CDATA[<p>With the relaxation of sanctions and export controls on Syria, GitHub will once again be broadly available to Syrian developers.</p>
<p>The post <a href="https://github.blog/company/github-is-enabling-broader-access-for-developers-in-syria-following-new-government-trade-rules/">GitHub is enabling broader access for developers in Syria following new government trade rules</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[
<details> <summary>اقرأ باللغة العربية</summary> <p>
<div dir="rtl" lang="ar" style="direction: rtl;text-align: right">
<h1>
أصبحت تتيح وصولاً أوسع للمطورين في سوريا عقب قواعد التجارة الحكومية الجديدة
<span dir="ltr">GitHub</span>
</h1>
<br>
<p>
قبل أكثر من أربع سنوات، اتخذنا موقفًا ظلّ في صميم عملنا لدعم حرية المطوّرين:
«ينبغي أن يتمتّع جميع المطوّرين بالحرية في استخدام <span dir="ltr">GitHub</span>، أينما كانوا».
واليوم نبلغ محطةً مهمةً في ذلك المسعى؛ إذ إن تخفيف العقوبات والقيود المفروضة على الصادرات تجاه سوريا
أتاح إعادة فتح الخدمات الخاصة والمدفوعة على موقع بشكل واسع أمام المطوّرين في حلب، حمص، دمشق،
وفي جميع أنحاء البلد.
</p>
<p>
‎ظلّ التعاون في المشاريع مفتوحة المصدر والمستودعات العامة الأخرى متاحًا دائمًا، كما يظهر في مخطط ابتكار
وهي مجموعة بيانات مفتوحة تُقدم أرقامًا مجمّعة عن مساهمات المستودعات العامة من سوريا.
</p>
<p>
نُعرب عن امتناننا الصادق للمطورين الذين دعوا لهذا التغيير وسعوا باستمرار للحصول على التحديثات.
<span dir="ltr">GitHub</span> ترحّب بالمطورين السوريين للمساهمة بمشاريعهم في مجتمع المطورين العالمي،
سواء كانت مساعيهم كبيرة أم صغيرة. نفتخر بأن نكون الموطن للمطورين الذين يدفعهم شغفهم للابتكار والبناء
والتعلّم والتعليم، ونبقى ملتزمين بجعل <span dir="ltr">GitHub</span> متاحاً لأكبر عدد ممكن من المطورين ضمن إطار القانون.
</p>
<p>
نقوم الآن باتخاذ الخطوات اللازمة بصورة عاجلة لرفع القيود المفروضة على المطورين في السوريا، بما يتيح استعادة وظائف الحساب الكاملة، إضافةً إلى إتاحة خدمة <span dir="ltr">GitHub Copilot</span>. التغييرات جارية ومن المتوقّع أن تصل إلى الحسابات خلال الأسبوع المقبل.
</p>
</div>
</p> </details>
<p>More than four years ago, we <a href="https://github.blog/news-insights/policy-news-and-insights/advancing-developer-freedom-github-is-fully-available-in-iran/">took a stance</a> that has remained at the center of our work advancing developer freedom: “All developers should be free to use GitHub, no matter where they live.” Today marks one important milestone in that endeavor. With the relaxation of <a href="https://ofac.treasury.gov/sanctions-programs-and-country-information/syria-sanctions-inactive-and-archived">sanctions</a> and <a href="https://www.bis.gov/licensing/country-guidance/syria-export-controls">export controls</a> on Syria, private and paid features of <a href="http://github.com">GitHub.com</a> will once again be broadly available to developers in Aleppo, Homs, Damascus, and the entire country. Collaboration on open source projects and other public repositories has always been available, as can be seen in the <a href="https://innovationgraph.github.com/">GitHub Innovation Graph</a>, an open dataset which provides aggregate numbers on <a href="https://innovationgraph.github.com/economies/sy">public repository contributions from Syria</a>.</p>
<p>We extend our sincere gratitude to the developers who advocated for this change and consistently sought updates. GitHub welcomes Syrian developers to contribute their projects to the global developer community,  whether they be big or small endeavors. We are proud to be the home for developers whose passion drives them to innovate, build, learn, and teach—and we remain committed to making GitHub available to as many developers as legally possible.</p>
<p>We are moving promptly to lift restrictions on developers in Syria, enabling normal account functionality, as well as access to GitHub Copilot. Changes are underway and expected to reach accounts within the next week. </p>
<p><br><br></p>
<p>The post <a href="https://github.blog/company/github-is-enabling-broader-access-for-developers-in-syria-following-new-government-trade-rules/">GitHub is enabling broader access for developers in Syria following new government trade rules</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">90643</post-id> </item>
<item>
<title>Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences</title>
<link>https://github.blog/ai-and-ml/github-copilot/building-smarter-interactions-with-mcp-elicitation-from-clunky-tool-calls-to-seamless-user-experiences/</link>
<dc:creator><![CDATA[Chris Reddington]]></dc:creator>
<pubDate>Thu, 04 Sep 2025 16:00:00 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[generative AI]]></category>
<category><![CDATA[MCP]]></category>
<category><![CDATA[Model Context Protocol]]></category>
<category><![CDATA[Rubber Duck Thursdays]]></category>
<guid isPermaLink="false">https://github.blog/?p=90613</guid>
<description><![CDATA[<p>Explore how MCP elicitation transforms AI tool interactions by gathering missing information upfront. </p>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/building-smarter-interactions-with-mcp-elicitation-from-clunky-tool-calls-to-seamless-user-experiences/">Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>When we build software, we’re not just shipping features. We’re shipping experiences that surprise and delight our users — and making sure that we’re providing natural and seamless experiences is a core part of what we do.</p>
<p>In my last post, I <a href="https://github.blog/ai-and-ml/github-copilot/building-your-first-mcp-server-how-to-extend-ai-tools-with-custom-capabilities?utm_campaign=rdt-blog-devrel&utm_source=blog&utm_medium=turnbased-mcp-blog-1">wrote about an MCP server that we started building for a turn-based-game</a> (like tic-tac-toe, or rock, paper, scissors). While it had the core capabilities, like tool calls, resources, and prompts, the experience could still be improved. For example, the player always took the first move, the player could only change the difficulty if they specified in their initial message, and a slew of other papercuts.</p>
<p>So on my most recent <strong>Rubber Duck Thursdays</strong> stream, I covered a feature that’s helped improve the user experience: <strong>elicitation</strong>. <em>See the full stream below 👇</em></p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="Rubber Duck Thursdays - Building a turn-based-game MCP server" width="500" height="281" src="https://www.youtube.com/embed/T8D1hDaCrKc?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<p>Elicitation is kind of like saying, “if we don’t have all the information we need, let’s go and get it.” But it’s more than that. It’s about creating intuitive interactions where the AI (via the MCP server) can pause, ask for what it needs, and then continue with the task. No more default assumptions that provide hard-coded paths of interaction. </p>
<p>👀 <strong>Be aware:</strong> Elicitation is not supported by all AI application hosts. GitHub Copilot in Visual Studio Code supports it, but you’ll want to check the latest state <a href="https://modelcontextprotocol.io/clients#feature-support-matrix">from the MCP docs for other AI apps</a>. Elicitation is a relative newcomer to the MCP spec, <a href="https://modelcontextprotocol.io/specification/2025-06-18/client/elicitation">having been added in the June 2025 revision</a>, and so the design may continue to evolve.</p>
<p>Let me walk you through how I implemented elicitation in <a href="https://gh.io/rdt-blog/game-mcp">my turn-based game MCP server</a> and the challenges I encountered along the way.</p>
<h2 class="wp-block-heading" id="h-enter-elicitation-making-ai-interactions-feel-natural">Enter elicitation: Making AI interactions feel natural</h2>
<p>Before we reached the livestream, I had put together a basic implementation of elicitation, which asked for required information when creating a new game, like difficulty and player name. For tic-tac-toe, it asks which player goes first. For rock, paper, scissors, it asked how many rounds to play. </p>
<p>But rather than completely replacing our existing tools, I implemented these as new tools, so we could clearly see the behavior between the two approaches until we tested and standardized the approach. As a result, we began to see sprawl in the server with some duplicative tools:</p>
<ul class="wp-block-list">
<li><code>create-tic-tac-toe-game</code> and <code>create-tic-tac-toe-game-interactive</code></li>
<li><code>create-rock-paper-scissors-game</code> and <code>create-rock-paper-scissors-game-interactive</code></li>
<li><code>play-tic-tac-toe</code> and <code>play-rock-paper-scissors</code></li>
</ul>
<p>The problem? When you give AI agents like Copilot tools with similar names and descriptions, it doesn’t know which one to pick. On several occasions, Copilot chose the wrong tool because I had created this confusing landscape of overlapping functionality. This was an unexpected learning experience, but an important one to pick up along the way.</p>
<p>The next logical step was to consolidate our tool calls, and make sure we’re using DRY (don’t repeat yourself) principles throughout the codebase instead of redefining constants and having nearly identical implementations for different game types.</p>
<p>After a lot of refactoring and consolidation, when someone prompts “let’s play a game of tic-tac-toe,” the tool call identifies that more information is needed to ensure the user has made an explicit choice, rather than creating a game with a pre-determined set of defaults.</p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="576" width="1024" src="https://github.blog/wp-content/uploads/2025/09/image1.png?resize=1024%2C576" alt="A screenshot of GitHub Copilot Chat in Visual Studio Code where the user has asked "Let's play a game of tictactoe". Copilot has triggered the elicitation experience, requesting additional preferences to customize the experience." class="wp-image-90618" srcset="https://github.blog/wp-content/uploads/2025/09/image1.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/image1.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/image1.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/image1.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/image1.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>The user provides their preferences, and the server creates the game based upon those, improving that overall user experience. </p>
<p>It’s worth adding that my code (like I’m sure many of us would admit?) is far from perfect, and I noticed a bug live on the stream. The elicitation step triggered for <strong>every</strong> invocation of the tool, regardless of whether the user had already provided the needed information. </p>
<p>As part of my rework after the livestream, I added some checks after the tool was invoked to determine what information had already been provided. I also aligned the property names between the tool and elicitation schemas, bringing a bit more clarity. So if you said “Let’s play a game of tic-tac-toe, I’ll go first,” you would be asked to confirm the game difficulty and to provide your name.</p>
<h2 class="wp-block-heading" id="how-my-elicitation-implementation-now-works-under-the-hood">How my elicitation implementation now works under the hood</h2>
<p>The magic happens in the MCP server implementation. As part of my <a href="https://gh.io/rdt-blog/game-mcp">up-to-date implementation</a>, when the MCP server invokes the <code>create_game</code> tool, it:</p>
<ol class="wp-block-list">
<li><a href="https://github.com/github-samples/turn-based-game-mcp/blob/fe1d54d960ad99e2d6c9574fce8c5211301753a1/mcp-server/src/handlers/tool-handlers.ts#L167"><strong>Checks for required parameters</strong></a>: Do we know which game the user wants to play, or did they specify an ID?</li>
<li><a href="https://github.com/github-samples/turn-based-game-mcp/blob/fe1d54d960ad99e2d6c9574fce8c5211301753a1/mcp-server/src/handlers/tool-handlers.ts#L175"><strong>Passes the optional identified arguments to a separate method</strong></a>: Are we missing difficulty, player name, or turn order?</li>
<li><a href="https://github.com/github-samples/turn-based-game-mcp/blob/fe1d54d960ad99e2d6c9574fce8c5211301753a1/mcp-server/src/handlers/tool-handlers.ts#L191-L234"><strong>Initiates elicitation</strong></a>: If information is missing, it pauses the tool execution and gathers only the missing information from the user. This was an addition that I made after the stream to further improve the user experience.</li>
<li><a href="https://github.com/github-samples/turn-based-game-mcp/blob/fe1d54d960ad99e2d6c9574fce8c5211301753a1/mcp-server/src/handlers/elicitation-handlers.ts#L16"><strong>Presents schema-driven prompts</strong></a>: The user sees formatted questions for each missing parameter.</li>
<li><strong>Collects responses</strong>: The MCP client (VS Code in this case) handles the UI interaction.</li>
<li><a href="https://github.com/github-samples/turn-based-game-mcp/blob/fe1d54d960ad99e2d6c9574fce8c5211301753a1/mcp-server/src/handlers/tool-handlers.ts#L237"><strong>Completes the original request</strong></a>: Once the server collects all the information, the tool executes the createGame method with the user’s preferences.</li>
</ol>
<p>Here’s what you see in the VS Code interface when elicitation kicks in, and you must provide some preferences:</p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="576" width="1024" src="https://github.blog/wp-content/uploads/2025/09/image2.png?resize=1024%2C576" alt="A screenshot of GitHub Copilot Chat in Visual Studio Code where a new UI modal appears, prompting the user for their preferences. This example shows the user selecting the Difficulty as hard." class="wp-image-90619" srcset="https://github.blog/wp-content/uploads/2025/09/image2.png?w=1600 1600w, https://github.blog/wp-content/uploads/2025/09/image2.png?w=300 300w, https://github.blog/wp-content/uploads/2025/09/image2.png?w=768 768w, https://github.blog/wp-content/uploads/2025/09/image2.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/09/image2.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>The result? Instead of “Player vs AI (Medium)”, I get “Chris vs AI (Hard)” with the AI making the opening move because I chose to go second.</p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="Implementing elicitation in an MCP Server" width="500" height="281" src="https://www.youtube.com/embed/PL8mTOpZim0?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<h2 class="wp-block-heading" id="what-i-learned-while-implementing-elicitation">What I learned while implementing elicitation</h2>
<h3 class="wp-block-heading" id="challenge-1-tool-naming-confusion">Challenge 1: Tool naming confusion</h3>
<p><strong>Problem:</strong> Tools with similar names and descriptions confuse the AI about which one to use.</p>
<p><strong>Solution:</strong> Where it’s appropriate, merge tools and use clear, distinct names and descriptions. I went from eight tools down to four:</p>
<ul class="wp-block-list">
<li><code>create-game</code> (handles all game types with elicitation)</li>
<li><code>play-game</code> (unified play interface)</li>
<li><code>analyze-game</code> (game state analysis)</li>
<li><code>wait-for-player-move</code> (turn management)</li>
</ul>
<h3 class="wp-block-heading" id="challenge-2-handling-partial-information">Challenge 2: Handling partial information</h3>
<p><strong>Problem:</strong> What if the user provides some information upfront? (“Let’s play tic-tac-toe on hard mode”)</p>
<p><strong>Observation: </strong>During the livestream, we saw that the way I built elicitation asked for all of the preferences each time it was invoked, which is not an ideal user experience.</p>
<p><strong>Solution:</strong> Parse the initial request and only elicit the missing information. This was fixed after the livestream, and is now <a href="https://gh.io/rdt-blog/game-mcp">in the latest version of the sample</a>.</p>
<h2 class="wp-block-heading" id="key-lessons-from-this-development-session">Key lessons from this development session</h2>
<h3 class="wp-block-heading" id="1-user-experience-is-still-a-consideration-with-mcp-servers">1. User experience is still a consideration with MCP servers</h3>
<p>How often do you provide all the needed information straight up? Elicitation provides this capability, but you need to consider how this is included as part of your tool calling and overall MCP experience. It can add complexity, but is it better to ask users for their preferences than force them to work around poor defaults?</p>
<h3 class="wp-block-heading" id="2-tool-naming-matters-more-than-you-think">2. Tool naming matters more than you think</h3>
<p>When building (and even using) tools in MCP servers, naming and descriptions are critical. Ambiguous tool names and similar descriptions can lead to unpredictable behavior, where the “wrong” tool is called.</p>
<h3 class="wp-block-heading" id="h-3-iterative-development-wins">3. Iterative development wins</h3>
<p>Rather than trying to build the perfect implementation upfront, I iterated to:</p>
<ul class="wp-block-list">
<li>Build basic functionality first</li>
<li>Identify pain points through usage</li>
<li>Add elicitation to improve the user experience</li>
<li>Use Copilot coding agent and Copilot agent mode to help cleanup</li>
</ul>
<h2 class="wp-block-heading" id="try-it-yourself">Try it yourself</h2>
<p>Want to see how elicitation works in an MCP server? Or seeking inspiration to build  your own MCP server?</p>
<ol class="wp-block-list">
<li><strong>Fork the repository:</strong> <a href="https://gh.io/rdt/game-mcp">gh.io/rdt-blog/game-mcp</a></li>
<li><strong>Set up your dev environment</strong> by creating a GitHub Codespace</li>
<li><strong>Run the sample </strong>by building the code, starting the MCP server and running the web app / API server. </li>
</ol>
<h2 class="wp-block-heading" id="take-this-with-you">Take this with you</h2>
<p>Building better AI tools isn’t all about the underlying models — it’s about creating experiences that can interpret context, ask good questions, and deliver exactly what users need. Elicitation is a step in that direction, and I’m excited to see how the MCP ecosystem continues to evolve and support even richer interactions.</p>
<p>Join us for the next <a href="https://gh.io/rubberduckthursdays">Rubber Duck Thursdays stream</a> where we’ll continue exploring the intersection of AI tools and developer experience.</p>
<div class="wp-block-group post-content-cta has-global-padding is-layout-constrained wp-block-group-is-layout-constrained">
<p><a href="https://github.blog/ai-and-ml/github-copilot/building-your-first-mcp-server-how-to-extend-ai-tools-with-custom-capabilities?utm_campaign=rdt-blog-devrel&utm_source=blog&utm_medium=turnbased-mcp-blog-1"><strong>Get the guide</strong></a> to build your first MCP server ></p>
</div>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/building-smarter-interactions-with-mcp-elicitation-from-clunky-tool-calls-to-seamless-user-experiences/">Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">90613</post-id> </item>
</channel>
</rss>

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):

<a href="http://www.feedvalidator.org/check.cgi?url=https%3A//github.blog/feed/"><img src="valid-rss-rogers.png" alt="[Valid RSS]" title="Validate my RSS feed" /></a>

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=https%3A//github.blog/feed/

Home · About · News · Docs · Terms