Published via GitHub Executive Insights | Authored by Dave Burnison

GitHub is shipping new features, product updates, and best practices faster than ever. To help you stay ahead, our Enterprise Advocacy team has curated this monthly roundup—bringing you a concise, enterprise-focused summary of the most important updates you might have missed.

Below, you’ll find a carefully selected list of key innovations, expert insights, and must-know resources—guided by feedback from GitHub’s largest customers—to help your team innovate faster, boost productivity, and enhance security. Share with your teams and stakeholders so they can also get the most out of their GitHub experience.

How to use this Enterprise Roundup: We don't expect every person to read every word of this post. Skim through the topics that apply to how you and your teams use GitHub and dig into links that are the most relevant to you. Since some readers may skip over entire sections, you may see the same link appear in multiple sections such as a link that applies to both Code Security and CI/CD. Pass this Enterprise Roundup along to your colleagues or pass along specific links that will be beneficial to others.

Key items worth mentioning right off the top are:

Microsoft named a Leader in The Forrester Wave™: DevOps Platforms, Q2 2025, Check out the Analyst Reports section for details.
GitHub Copilot continues to be the most active category with articles on the importance of developer expertise in the age of AI and several product updates.
There are some great articles and videos in the Security section this month, especially related to Supply Chain Security.

Let’s dive in!

Contents at a Glance

Analyst Reports
AI & ML – GitHub Copilot
AI & ML – GitHub models
Security
Developer skills
Events
CI/CD
GitHub platform
Engineering
Legend

Analyst Reports

📚 Microsoft named a Leader in The Forrester Wave™: DevOps Platforms, Q2 2025 - Forrester has named Microsoft, recognizing both GitHub and Azure DevOps, a Leader in The Forrester Wave™: DevOps Platforms, Q2 2025 report. Microsoft’s vision for an agentic DevOps ecosystem is all about helping organizations build better software, faster. With GitHub as the cornerstone of this journey, we’re delivering AI-powered solutions, seamless integrations, and developer-focused experiences that empower teams to innovate with confidence. Read the full report to see why we were recognized as a leader.

NOTE: Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here .

AI & ML - GitHub Copilot

All things GitHub Copilot, from new and upcoming features to research and data collected from customers showing how GitHub Copilot is accelerating developer productivity. GitHub Copilot is truly getting better all the time!

NOTE: Key capabilities that are still in Preview as of 2025-07-01 are: GitHub Copilot coding agent, Remote GitHub MCP Server and Copilot Spaces. To quickly see which GitHub Copilot capabilities are in Preview, go to GitHub Copilot · Your AI pair programmer, Click on "For Business" and scroll down to see a complete list of features. This list highlights which features are Preview.
📢 From pair to peer programmer: Our vision for agentic workflows in GitHub Copilot - AI agents in GitHub Copilot don’t just assist developers but actively solve problems through multi-step reasoning and execution. Here’s what that means.
📢 Why developer expertise matters more than ever in the age of AI - AI can help you code faster, but knowing why the code works—and sharpening your human-in-the-loop skills—is what makes you a great developer. The best developers know how to think critically about new problems and take a systems view of solving them. That kind of expertise is what keeps software resilient, scalable, and secure, especially as AI accelerates how quickly we ship. Without it, we risk building faster but breaking more.
📄 Achieving your company's engineering goals with GitHub Copilot - When your company rolls out a new tool such as GitHub Copilot, you will want to measure the impact of the tool on your engineering systems and assess the tool's contribution to your company's goals. Based on the recommendations of GitHub's Engineering System Success Playbook (ESSP), the guides in this documentation show how GitHub Copilot can help you achieve your company's goals in specific areas.
📚 Increasing collaborative development with AI - Check out our ebook, Increasing collaborative development with AI, to learn how AI can help you drive cross-team collaboration and realize the full potential of innersource, the practice that brings open-source methodologies into internal development.
🗣️ GitHub Copilot for Business Analysts: 10 Practical Use Cases You Can Try Today: We explore 10 real-world use cases for GitHub Copilot tailored for BAs—with hands-on prompts and sample code to try yourself in VS Code.
📢 & 📺 The difference between coding agent and agent mode in GitHub Copilot - While they’re both AI agents, they’re tuned for different parts in your day-to-day workflows. WE break down what they are, when to reach for each, and offer some hands‑on tips. AI agents won’t replace engineers; they’ll replace the boring parts of engineering. That means more time for inventive features, better code quality, and building what’s next. And isn’t that why we all love being developers? NOTE: We included this link last month but, the post was updated on June 13th.
📢 How the GitHub billing team uses the coding agent in GitHub Copilot to continuously burn down technical debt - They are transforming what was once a daunting task into a seamless part of their workflow. By leveraging AI, they manage to improve code test coverage, swap out dependencies, standardize patterns, and more, all while maintaining focus on new features and architectural changes. This innovative approach not only enhances productivity but also ensures a healthier, more maintainable codebase over time.
📺 Extend GitHub Copilot coding agent with custom MCP tools (1:50) - Did you know that you can give Copilot coding agent access to additional tools through the Model Context Protocol (MCP)? Learn more in this video, as Copilot uses the Notion MCP server to gather product requirement documents, and provide a PR for review.
📄 Enhancing Copilot agent mode with MCP - A new guide on how to combine use of GitHub Copilot's agent mode with Model Context Protocol (MCP) servers to complete complex tasks through agentic "loops" - illustrated through an accessibility compliance example. The guide also discusses best practices and benefits around using these two features together.
🚢 Remote GitHub MCP Server is now in public preview - The GitHub MCP Server allows AI tools like GitHub Copilot in VS Code and Visual Studio, Claude Desktop, and others to seamlessly access live GitHub context and tools—like issues, pull requests and code files—to power smarter, more dynamic agent workflows.
🚢 Agent mode is now generally available with MCP tools support in Visual Studio - Copilot agent mode is on by default in Visual Studio. Visual Studio now supports Model Context Protocol (MCP) servers (Preview), enabling smarter and more connected AI development.
🚢 GitHub Copilot in VS Code May release (v1.101) - The latest updates to GitHub Copilot in Visual Studio Code deliver significant improvements to agent mode workflows, Model Context Protocol (MCP) support, and development tools integration.
🚢 Improved attachments and larger context in Copilot Chat in public preview - Working with Copilot Chat on GitHub just got more convenient with enhanced attachment capabilities and expanded context limits. You can now convert large text blocks into attachments, attach multiple images, preview HTML with external resources, and store twice as much context in your Copilot Spaces.
🚢 Copilot Chat now supports attaching references using the @ symbol - Talking with GitHub Copilot Chat just got a major boost: you can now attach references for richer, more productive conversations!
🚢 Anthropic Claude Sonnet 4 and Claude Opus 4 are now generally available in GitHub Copilot - Claude Opus 4 is Anthropic’s most powerful model yet, excelling at complex problem solving and powering frontier AI agents. Claude Sonnet 4 is ideal for coding workflows, with a good balance across performance and practicality
📄 Learning a new programming language with GitHub Copilot - GitHub Copilot can help you when you already have a good knowledge of how to code in one or more programming languages, but now you want to learn a new language.
📄 Using Copilot to explore a codebase - If you've been assigned to work on a project that you're not familiar with—or you've found an interesting open source project that you want to contribute to—you'll need some understanding of the codebase before you can start making changes. This guide will show you how to use GitHub Copilot Chat to explore a codebase and quickly learn about the project.
📢 & 📺 GitHub for Beginners: Code review and refactoring with GitHub Copilot - Better code quality with GitHub Copilot. Includes examples of Copilot suggesting performance improvements, creating custom hooks from data-fetching logic, detecting potential bugs, and generating comments, remembering it's a tool to aid human oversight.
🚢 Copilot code review: Customization for all - Copilot code review now supports the same custom instructions used by Copilot Chat and coding agent—unlocking personalized, consistent AI reviews across your workflow.
📢 How to create issues and pull requests in record time on GitHub - Learn how to spin up a GitHub Issue, hand it to Copilot, and get a draft pull request in the same workflow you already know. Learn why the right content in issues and pull requests are critical. Miss the structure and every downstream step—human or AI—slows down.
📢 & 📺 GitHub Copilot Spaces: Bring the right context to every suggestion - GitHub Copilot Spaces is a new feature that acts as a centralized, AI-powered knowledge hub for your organization, making it easy to capture, organize, and reference content like code snippets, documentation, Slack threads, and more. Enabling teams to scale institutional knowledge and maintain trusted context throughout the entire development lifecycle.
📚 & 📺 Managing Copilot: Governance and GitHub Copilot - Luis Pujols shares practical advice for administrators and managers. Learn about different licensing strategies, monitoring adoption via Metrics & User Management APIs, step-by-step enablement, and supporting developers to leverage Copilot safely and productively.
🚢 Update to GitHub Copilot consumptive billing experience - Monthly premium request allowances for paid GitHub Copilot users are now in effect.
🚢 GitHub Copilot coding agent is now available for Copilot Business users - We initially launched GitHub Copilot coding agent in public preview, allowing users with Copilot Pro+ and Copilot Enterprise to delegate tasks to Copilot to work on in the background. Now, we’ve opened this new agent to Copilot Business subscribers.
🚢 GitHub Changelog - Copilot, June, 2025 - Skim through all of the Copilot changes from June.

AI & ML - GitHub Models

AI is getting built into solutions everywhere, it's time to experiment with Large Language Models (LLMs) and learn how to build AI into YOUR solutions to keep your customers and stakeholders coming back for more. Now you can leverage GitHub Models from right inside the GitHub platform to learn what dozens of models are capable of, compare the results of models side by side and then see the code that you need to build AI capabilities into your new and existing solutions. NOTE: GitHub Models for organizations and repositories is in public preview.

🚢 GitHub Models now supports moving beyond free limits - GitHub Models now supports pay-as-you-go billing through your GitHub account and bring your own key (BYOK), giving you two flexible paths to scale beyond the free tier.
🚢 AI prompt editor and evaluations tooling now supports multi-turn conversations - You can now save and evaluate multi-turn conversations in the GitHub Models prompt editor and evaluations tooling!
🚢 Use multiple custom variables in AI evaluations tooling - GitHub Models evaluations tooling now supports multiple variables with any names, not just {{input}}!
🚢 Fluency and coherence evaluators added to GitHub Models - Evaluators are like continuous integration for your AI. They help you catch quality issues early and keep outputs aligned with your goals. Today, GitHub Models is adding two new scoring types: fluency and coherence.
🚢 GitHub Changelog - Models, June, 2025 - Skim through all of the GitHub Models changes from June.

Security

Application security with GitHub, ensuring the code that lives in GitHub and the dependencies that go into the solutions you build are secure and do not contain any secrets.

🌐 What Star Wars can teach us about application security | LinkedIn - Leaders from IKEA, SAP, and WirelessCar recently shared their journey to more secure, scalable development with GitHub Advanced Security (GHAS)—and how it's helping their teams build what’s next.
📚 How to use GitHub Security Overview to manage security debt - GitHub Security Overview is a comprehensive tool for managing security debt, tracking vulnerabilities, and enabling teams to prioritize risk effectively. Whether you’re using filters, campaigns, or Autofix, the key is to focus on metrics and workflows that align with your organization’s security and compliance goals.
📚 & 📺 Shift left the right way - creating more secure apps - What does it truly mean to "Shift Left" security effectively in modern development? Angela Wen, Software Engineer III and Dan Shanahan, Field Services Director, Security Products join "Beyond the Commit" to discuss practical strategies for integrating security early in the SDLC.

Secret Protection

🚢 Configuring which secret scanning patterns are included in push protection is in public preview - Security teams can now choose which secret scanning patterns are included in push protection. Previously, push protection only covered a subset of patterns that met strict criteria.
🚢 Delegated alert dismissal for Secret Protection is generally available - Delegated alert dismissal allows you to require a review process before secret scanning alerts are closed.

Code Security

📢 Hack the model: Build AI security skills with the GitHub Secure Code Game - Dive into the novel security challenges AI introduces with the open source game that over 10,000 developers have used to sharpen their skills, https://gh.io/securecodegame.
🚢 Enhanced metrics for CodeQL pull request alerts and Copilot autofixes and Mean time to remediate metric for CodeQL pull request alerts now included on the security overview dashboard - These changes enable you to gain a better understanding of how Copilot Autofix contributes to the remediation of security alerts and helps improve your organization’s security posture.
🚢 CodeQL can be enabled at scale on C/C++ repositories in public preview using build-free scanning - CodeQL can now analyze C/C++ projects without needing a build.
🚢 CodeQL 2.22.0 improves coverage for Go and adds support for Swift 6.1.2 - We’ve added support for a new query for Go. We’ve updated CodeQL to support analysis of apps built with Swift 6.1.2.
🚢 Private registries for Go CodeQL scans - This makes your scans more comprehensive, helping to ensure you receive all important alerts regardless of where your dependencies are stored.

Supply Chain Security

📢 & 📺 Understand your software’s supply chain with GitHub’s dependency graph & How 21 dependencies become 1,000: Understanding your software supply chain | GitHub Checkout (9:06) - Did you know that up to 97% of your application's code can come from open source dependencies? Securing the software supply chain is critical. We explore the GitHub Dependency Graph, the feature that gives you a full picture of every package your project relies on, helping you find and prioritize vulnerabilities with Dependabot before they become major issues.
🚢 The Dependabot metrics page helps GHAS Code Security users prioritize their vulnerabilities for remediation - A new section in the Security tab, available at the organization level. This update helps application security managers cut through the noise and focus on remediating the vulnerabilities that need attention first.
📢 GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them - The GitHub Advisory Database is a powerful resource for tracking open source software vulnerabilities. By focusing on popular package registries, GitHub allows you to definitively connect vulnerabilities to the packages you are using. Additional data such as CVSS and EPSS scores help you properly prioritize your mitigation efforts.

Additional Security Updates

🚢 GitHub Changelog - Security, June, 2025 - Skim through all of the security related changes from June.

Developer Skills

General developer expertise based on our own experience and the collective experience of our customers and partners. It's time to start diving into how AI is going to work along side of you to make you a better, more productive developer not, replace you. Check out the new posts 📢, documentation 📄, and articles 📚 to see how AI can make you an awesome developer and guidance for how large enterprises should approach adopting AI.

📢 Why developer expertise matters more than ever in the age of AI - AI can help you code faster, but knowing why the code works—and sharpening your human-in-the-loop skills—is what makes you a great developer. The best developers know how to think critically about new problems and take a systems view of solving them. That kind of expertise is what keeps software resilient, scalable, and secure, especially as AI accelerates how quickly we ship. Without it, we risk building faster but breaking more.
📚 Increasing collaborative development with AI - Check out our ebook, Increasing collaborative development with AI, to learn how AI can help you drive cross-team collaboration and realize the full potential of innersource, the practice that brings open-source methodologies into internal development.

Events

While GitHub hosts our own marquee events like Universe and Galaxy each year, you will also find GitHub participating in other industry events. Here is the latest news about upcoming events.

🗣️ WATCH: Exclusive GitHub Copilot Webinar by GitHub's Customer Success Architecture Team: Our team brought the energy with a Copilot webinar exploring how GitHub Copilot has grown and changed, exciting new features, and a live demo in action! Get the full recording in our discussion.
📅 Check out the complete upcoming conference schedule and upcoming webinar schedule.

CI/CD

Continuous Integration & Continuous Deployment with GitHub Actions.

📚 & 📺 Don't repeat yourself - automate all the things - Apply the "Don't Repeat Yourself" principle beyond just your code! Jessica Deen, Staff Enterprise Advocate and Brittany Ellich, Software Engineer join Beyond the Commit to discuss automating your entire development workflow efficiently using GitHub Actions. Learn about the power of reusable workflows, leveraging the Marketplace, key security considerations like OIDC, and getting clear job summaries to build consistent and reliable CI/CD pipelines.
🚢 GitHub Actions: New Azure private networking regions are available - GitHub Actions has expanded the number of supported Azure private networking regions available to customers, with the following new additions: Canada East, Canada Central, Japan West, Uk West.
🚢 GitHub Actions fine-grain permissions are now generally available for custom repository roles - With this release, organization administrators can now create custom repository roles with specific GitHub Actions permissions.
🚢 Actions Runner Controller 0.12.0 release - This release introduces several enhancements including: public preview support for Red Hat OpenShift Kubernetes clusters and vault-based secret management, improvements to Docker-in-Docker (DinD) container mode, and more.
🚢 Upcoming breaking change for GitHub Actions: Removal of larger hosted runners from self-hosted API - The orgs/{org}/actions/runners API currently shows self-hosted runners and individual larger hosted runner instances. As of July 3rd, 2025, we will no longer show larger hosted runner instances.
🚢 GitHub Changelog - Actions, June, 2025 - Skim through all of the security related changes from June.

GitHub Platform

Resources to assist those who manage the rollout and maintenance of GitHub for hundreds if not thousands of stakeholders.

🚢 Enterprise-level access for GitHub Apps and installation automation APIs - Say goodbye to clicking on hundreds of installation buttons! GitHub Apps can now be installed onto enterprise accounts, with new permissions that let them call enterprise management APIs. The public preview of this new access pattern unblocks significant automation opportunities. We’re also introducing a new set of enterprise APIs that allow you to manage which GitHub Apps are installed, and what they can access, across the organizations in your enterprise.
📚 & 📺 Managing Copilot: Governance and GitHub Copilot - Luis Pujols shares practical advice for administrators and managers. Learn about different licensing strategies, monitoring adoption via Metrics & User Management APIs, step-by-step enablement, and supporting developers to leverage Copilot safely and productively.
🗣️ Introduction to GitHub's Enhanced Billing Platform: Learn about this suite of features, the benefits, and how to get started.
🚢 Update to GitHub Copilot consumptive billing experience - Monthly premium request allowances for paid GitHub Copilot users are now in effect.
🚢 Increasing GitHub Enterprise Importer's repository size limits - You can now migrate significantly larger repositories to GitHub Enterprise Cloud using GitHub Enterprise Importer.
🚢 Filter-based ruleset targeting - The ruleset selection interface has been updated with a query-based filter, mirroring GitHub’s search functionality. This provides a consistent and intuitive way to select repositories across the platform.
🚢 Managing cost centers via API is now available - Enterprise customers can manage the full lifecycle of cost centers using the REST API.
🗣️ Understanding GitHub API Rate Limits: REST, GraphQL, and Beyond: A deep dive into how API rate limits work on GitHub Enterprise Cloud, why they exist, and best practices for staying within the boundaries.
🚢 Enterprise owners can now discover and manage repositories owned by Enterprise Managed Users [General Availability] - This feature set increases visibility of user-owned repositories to administrators while also empowering administrators to control these repositories as needed.
🚢 Enterprise Managed User repository collaborators are generally available - This enables the “outside collaborator” access pattern for EMUs, letting you add users to a repository without adding them to the owning organization.
🚢 GitHub Changelog - GitHub Platform, June, 2025 - Skim through all of the GitHub Platform related changes from June.

Engineering

An inside look at how we’re building the home for all developers. Resources based on our internal experiences.

📢 How GitHub engineers tackle platform problems - Discover how GitHub engineers tackle platform problems with best practices for quickly identifying, resolving, and preventing issues at scale. From understanding your domain to leveraging Infrastructure as Code and knowledge sharing, this post provides invaluable insights for both product and platform engineers. Dive in to learn how these strategies can enhance your engineering approach and improve system reliability.

Legend

📅 Events
📢 GitHub Blog
📺 GitHub on YouTube
🚢 The GitHub Changelog
📚 GitHub Resources
📄 GitHub Docs
🗣️ GitHub public feedback & discussions
🌐 Third Party Web Site

That’s it for the July '25 edition of the enterprise roundup. Check back in to the GitHub Executive Insights at the beginning of next month to see the next round of key updates.

We want to hear from you! Did you find this curated list of updates from GitHub helpful? Do you have suggestions on how we can provide the information that is going to be the most useful and timely for your role? Visit the GitHub Community July ‘25 enterprise roundup - community · Discussion.