Published via GitHub Executive Insights | Authored by Dave Burnison

The August ‘25 GitHub Enterprise Roundup is a must-read for any software developer or engineering leader navigating the rapidly evolving landscape of AI-powered development, security, and platform governance. We have curated the most impactful updates, best practices, and strategic insights from GitHub’s own engineering playbook, blog posts, changelogs, and community resources—each post and link is handpicked to help you and your teams ship faster, reduce toil, and unlock new levels of developer creativity.

Why skim every linked post?

• Blueprints for AI Transformation: Dive into GitHub’s internal playbook for building an AI-powered workforce—not just as a tech rollout, but as a holistic change management challenge. Learn how to scale AI fluency from executive strategy to grassroots advocacy, with practical steps for accelerating delivery and reducing developer friction.
• Platform & Security Innovations: Stay ahead of the curve with detailed changelogs and posts on GitHub Platform, Actions, and Security. Discover new features like API rate limit transparency, improved repository creation, and advanced artifact attestation management—critical for maintaining compliance and governance at scale.
• CI/CD & Supply Chain Security: Explore actionable guides on streamlining GitHub API calls in Azure Pipelines, defending against workflow injection attacks, and leveraging Dependabot’s new capabilities for Python and NuGet. These updates are essential for teams focused on continuous integration, deployment, and securing the software supply chain.
• AI & Copilot Deep Dives: Get hands-on with the latest in GitHub Copilot, including new agentic workflows, model selection, and integration with major IDEs. Posts and videos walk you through everything from beginner guides to advanced customizations, code reviews, and leveraging Copilot for .NET modernization.
• Enterprise-Scale Case Studies: Learn from real-world migrations and platform unifications, like Omnissa’s journey consolidating 4,000+ repos and building a new engineering stack in six months. These stories provide practical lessons for leaders managing large-scale rollouts and developer enablement.
• Events & Community: Mark your calendar for GitHub Universe and other marquee events, where you’ll connect with industry leaders, gain hands-on experience, and bring back new skills and certifications to your teams.

Common themes from this month's Posts

1. AI adoption as a change management journey

• GitHub’s approach to AI is not just about tooling, but about transforming culture, upskilling teams, and embedding AI into every layer of the development process. The related posts emphasize executive buy-in, grassroots advocacy, and practical blueprints for scaling AI across the enterprise.

2. Security and compliance by default

• Security is woven throughout—from new artifact attestation controls and dependency management to delegated alert dismissal and secret scanning oversight. The message: security must be embedded into every workflow, not bolted on after the fact.

3. Developer velocity through automation

• Continuous improvements to CI/CD, Copilot, and agentic workflows are all about reducing manual toil, accelerating code reviews, and empowering developers to focus on high-value work. Automation is positioned as the key to both productivity and quality.

4. Governance and platform flexibility

• Updates to repository creation, policy enforcement, and model access reflect a growing need for governance that doesn’t slow down innovation. Leaders are encouraged to leverage new controls to balance compliance with developer autonomy.

Why this matters

For enterprise software developers and leaders, this roundup is more than a list of updates—it’s a strategic guide to building resilient, innovative, and AI-empowered teams. Skimming through the linked posts will equip you with actionable insights, practical tools, and proven strategies to lead your organization through the next wave of software development.

How to use this Enterprise Roundup

Below, you’ll find a carefully selected list of key innovations, expert insights, and must-know resources to help your team innovate faster, boost productivity, and enhance security. Share with your teams and stakeholders so they can also get the most out of their GitHub experience.

We don't expect every person to read every word of this post. Skim through the topics that apply to how you and your teams use GitHub and dig into links that are the most relevant to you. Since some readers may skip over entire sections, you may see the same link appear in multiple sections such as a link that applies to both Code Security and CI/CD. Pass this Enterprise Roundup along to your colleagues or pass along specific links that will be beneficial to others.

Let’s dive in!

Contents at a glance

1. Events
2. Developer skills
3. AI & ML – GitHub Copilot
4. AI & ML – GitHub models
5. Security
6. CI/CD
7. GitHub platform
8. Engineering
9. Legend

Events

While GitHub hosts our own marquee events like Universe and Galaxy each year, you will also find GitHub participating in other industry events. Here is the latest news about upcoming events.

• 📅 GitHub Universe - Join us at GitHub Universe, happening October 28–29 at the historic Fort Mason in San Francisco. It’s our biggest event of the year—what we like to call the world’s fair of software—bringing together enterprise leaders and engineering experts shaping the future with AI. This year, we’re zeroing in on how companies like yours are:

  • Streamlining your CI/CD pipelines to improve developer velocity
  • Increasing visibility across your application
  • Implementing AI-native threat detection
  • Embedding security into the developer workflow

  You’ll hear from top industry voices, explore hands-on product demos, and connect with other enterprise leaders to learn how they’re driving innovation forward.

  New this year: Each general admission pass includes a GitHub certification exam, so your teams will have even more skills to bring back to your organization.

• 📅 Check out the complete upcoming conference schedule and upcoming webinar schedule.

Developer skills

General developer expertise based on our own experience and the collective experience of our customers and partners. It's time to start diving into how AI is going to work along side of you to make you a better, more productive developer not, replace you. Check out the new posts 📢, documentation 📄, and articles 📚 to see how AI can make you an awesome developer and guidance for how large enterprises should approach adopting AI.

• 📚 GitHub’s internal playbook for building an AI-powered workforce - Discover how GitHub transformed its workforce by treating AI adoption not as a tech rollout, but as a company-wide change management challenge. This post offers a practical, battle-tested blueprint for scaling AI fluency—from executive strategy to grassroots advocacy—designed to help teams ship faster, reduce toil, and unlock developer creativity.
• 📚 The executive's guide: How engineering teams are balancing AI and human oversight in modern code reviews - Discover how leading engineering teams are redefining code review practices in the age of AI—balancing speed and innovation with critical human oversight. This post shares real-world insights on how developers are using AI tools like Copilot to accelerate reviews while maintaining quality, accountability, and architectural integrity.
• 📢 & 📺 From chaos to clarity: Using GitHub Copilot agents to improve developer workflows - Discover how to provide the GitHub Copilot coding agent with custom instructions and copilot setup steps to streamline development tasks and reduce friction in your workflows. A must-read for teams exploring agentic automation.
• 📢 Beyond prompt crafting: How to be a better partner for your AI pair programmer - Learn how context-rich development environments improve Copilot’s suggestions and how to foster productive human-AI collaboration. Discover how custom instructions, prompt files and MCP servers are the keys to success when working with your AI pair programmer.
• 📢 Code review in the age of AI: Why developers will always own the merge button - Explore how GitHub Copilot can assist in code reviews while reinforcing the developer’s role in final decisions. While AI can handle much of the routine work in code reviews, developer judgment remains irreplaceable for architectural decisions, mentoring and knowledge transfer, and context-specific decisions that require understanding of your product and users.

AI & ML - GitHub Copilot

All things GitHub Copilot, from new and upcoming features to research and data collected from customers showing how GitHub Copilot is accelerating developer productivity. GitHub Copilot is truly getting better all the time! This month it was pretty easy to provide subcategories for all of the GitHub Copilot related updates.

• NOTE: Key capabilities that are still in Preview as of 2025-08-01 are: GitHub Copilot coding agent, Copilot Spaces, Upgrade assistant for Java in VS Code. To quickly see which GitHub Copilot capabilities are in Preview, go to GitHub Copilot · Your AI pair programmer, Click on "For Business" and scroll down to see a complete list of features. This list highlights which features are Preview.

GitHub Copilot coding agent and Agent Mode

• 📺 What's new with the GitHub Copilot coding agent (1:52) - See some of the recent updates to the GitHub Copilot coding agent such as viewing your recent coding agent sessions from the agents page, the coding agent uses Playwright MCP by default, validating and posting screenshots of UI changes and remote MCP servers are now supported.
• 📺 When to use GitHub Copilot coding agent versus agent mode (3:06) - This video breaks down the difference between Copilot coding agent (for autonomous, background tasks) and Copilot Agent Mode (for interactive, iterative development).
• 📢 Onboarding your AI peer programmer: Setting up GitHub Copilot coding agent for success - Discover how to onboard GitHub Copilot as your AI peer programmer by configuring its environment, crafting effective prompts, and extending its capabilities with custom instructions and MCP servers. This guide walks you through setting up Copilot coding agent and agent mode for success—ensuring they deliver high-quality pull requests that align with your team’s standards and workflows.
• 📢 & 📺 From idea to PR: A guide to GitHub Copilot’s agentic workflows - A tactical guide to turning issues into tested pull requests using Copilot’s agentic workflows and remote MCP servers.
• 📢 & 📺 Debugging UI with AI: GitHub Copilot agent mode meets MCP servers - Explore how you can use agentic tools like GitHub Copilot agent mode and the Playwright MCP server to accelerate troubleshooting and debugging of UI issues, while revisiting the importance of clear requirements.
• 🚢 GitHub Copilot coding agent now uses one premium request per session - A new pricing model simplifies Copilot agent usage and improves cost predictability.
• 🚢 Agents page for GitHub Copilot coding agent - A centralized dashboard helps teams manage and monitor Copilot agent tasks more effectively.
• 🚢 Agents page: Set the base branch for GitHub Copilot coding agent tasks - GitHub Changelog - Now you can guide GitHub Copilot coding agent to start from your chosen branch—not just the default—giving you more control over how and where it contributes to your code.
• 🚢 Copilot coding agent now supports remote MCP servers - Enterprises can now deploy Copilot agents across distributed infrastructure with remote server support.
• 🚢 Copilot coding agent now has its own web browser - Copilot agents gain browsing capabilities for enhanced context and task execution.
• 🚢 Copilot coding agent now supports .instructions.md custom instructions - Teams can now tailor Copilot’s behavior with markdown-based instructions, enabling more precise automation and task execution.
• 🚢 Agent mode for JetBrains, Eclipse, and Xcode is now generally available - Copilot’s agent mode expands to major IDEs, enabling task delegation and automation across environments.
• 🚢 Start and track GitHub Copilot coding agent sessions from Visual Studio Code - Developers can now launch and monitor Copilot agent sessions directly from VS Code for streamlined workflows.
• 🚢 Configure internet access for Copilot coding agent - Teams can now control external connectivity for Copilot agents, improving security and compliance.

GitHub Copilot and Model Context Protocol (MCP) servers

• 🚢 Model Context Protocol (MCP) support in VS Code is generally available - GitHub Copilot in VS Code just got a major upgrade—Model Context Protocol (MCP) is now generally available, unlocking seamless integration with your own tools and APIs.
• 📢 & 📺 A practical guide on how to use the GitHub MCP server - This guide shows how to upgrade to GitHub’s remote MCP server—unlocking secure OAuth authentication, dynamic toolsets, and seamless automation for pull requests, CI/CD, and security triage. Discover how to streamline your AI workflows and prepare for the future of agent-to-agent collaboration with zero infrastructure overhead.
• 📢 5 ways to transform your workflow using GitHub Copilot and MCP - Explore five practical use cases for integrating Copilot with MCP servers to accelerate development and reduce manual overhead.
• 📢 How to build secure and scalable remote MCP servers - Building secure and scalable MCP servers requires attention to authentication, authorization, and deployment architecture. The patterns in this guide will give you a head start in creating reliable MCP servers that can handle sensitive tools and data.

Providing context to GitHub Copilot

• 📺 Turn Copilot into a subject matter expert with GitHub Copilot Spaces (1:03) - This video explains how you can use a shared space to ground Copilot in a specific context, like your team's accessibility standards. Watch how you can attach your own components and ask if they are compliant, receiving a specific, high-quality response based only on that curated knowledge.
• 📺 How to create your first GitHub Copilot Space (Step-by-step guide) (1:22) - This tutorial shows you how to get started by creating and configuring a new space from scratch. Learn to add custom instructions and attach files from your repository to ground Copilot in a specific context, making it easier to perform tasks like building out your test coverage.
• 📢 Introducing the Awesome GitHub Copilot Customizations repo - Microsoft for Developers - The Awesome Copilot repo is a community-driven resource with custom instructions, reusable prompts, and custom chat modes that helps you get consistent AI assistance. In other words, Awesome Copilot helps you get the most out of GitHub Copilot by letting you tailor it to your needs. And even better, the available content in the Awesome Copilot repo will grow and grow as we encourage folks to contribute instructions, prompts, and chat modes they find useful!

GitHub Copilot code reviews

• 📺 Using GitHub Copilot for code reviews: from VS Code to github.com (1:29) - See how GitHub Copilot can improve your development workflow with AI-powered code reviews. This demo shows you how to get feedback directly in VS Code before you commit and how to assign Copilot to review entire pull requests on https://github.com.
• 🚢 Copilot code review: Better handling of large pull requests - Copilot now scales better with large PRs, improving review efficiency for enterprise teams.

Additional GitHub Copilot updates

• 🚢 New Copilot Chat features now generally available on GitHub - Copilot Chat gets smarter with expanded capabilities for real-time collaboration and code review.
• 📺 How to use GitHub Copilot (the complete beginner's guide) (1:33:23) - Learn everything you need to know about GitHub Copilot in a single video. This compilation of our entire beginner series on GitHub Copilot will guide you through the essentials, best practices for security, and hands-on projects.
• 🚢 GitHub Copilot app modernization for .NET enters public preview - Copilot now supports .NET modernization workflows, helping teams accelerate legacy code transformation.
• 🚢 GitHub Copilot in Eclipse—smarter, faster, and more integrated - Eclipse users gain deeper Copilot integration, streamlining code suggestions and agent interactions.
• 🚢 New GitHub Copilot activity report with enhanced authentication and usage insights - Enterprise leaders can now track Copilot usage and authentication trends to optimize adoption and governance.
• 🚢 GitHub Copilot in VS Code June release (v1.102) - The latest VS Code release enhances Copilot’s responsiveness and contextual awareness.
• 🗣️ Choosing the Right AI Model for GitHub Copilot: This guide distills top insights from GitHub’s documentation and blog posts, empowering you to choose the ideal AI model to supercharge your workflow.
• 🚢 GitHub Changelog - Copilot, July, 2025 - Skim through all of the Copilot changes from July.

AI & ML - GitHub Models

AI is getting built into solutions everywhere, it's time to experiment with Large Language Models (LLMs) and learn how to build AI into YOUR solutions to keep your customers and stakeholders coming back for more. Now you can leverage GitHub Models from right inside the GitHub platform to learn what dozens of models are capable of, compare the results of models side by side and then see the code that you need to build AI capabilities into your new and existing solutions. NOTE: GitHub Models for organizations and repositories is in public preview.

• 🚢 Enterprise enabled policy for GitHub Models updated - GitHub refines model access policies to better align with enterprise governance and deployment needs. Now, the updated Enabled policy forces GitHub Models on for all organizations and repositories in the enterprise.
• 🚢 GitHub Changelog - Models, July, 2025 - Skim through all of the GitHub Models changes from July.

Security

Application security with GitHub, ensuring the code that lives in GitHub and the dependencies that go into the solutions you build are secure and do not contain any secrets.

Secret Protection

• 🚢 GitHub Apps can now review secret scanning push protection bypass and alert dismissal requests - GitHub Apps gain oversight capabilities for secret scanning exceptions, enhancing auditability.

Code Security

• 📢 How to catch GitHub Actions workflow injections before attackers do - Learn how to proactively defend against one of the most common CI/CD vulnerabilities with actionable insights for secure automation.
• 🚢 Security configurations: Support for running CodeQL in either default or advanced setup - Organizations can now enforce CodeQL security configurations across both default and advanced setups—unlocking greater flexibility without compromising enforcement.
• 🚢 Delegated alert dismissal for code scanning is now generally available – You can now require a review process before dismissing alerts, helping you manage security risks as well as meet audit and compliance requirements.

Supply chain security

• 📢 & 📺 Understand your software’s supply chain with GitHub’s dependency graph - You can’t secure what you can’t see. GitHub’s dependency graph gives you visibility into the 90%+ of your codebase that comes from open source libraries and helps you take action when it counts. Learn how GitHub’s dependency graph helps you visualize and secure your project’s entire dependency tree.
• 🚢 Centralized private registry configuration for Dependabot is now generally available - Streamline your security workflows and eliminate repetitive setup with centralized private registry configuration for Dependabot—now generally available for GitHub organizations.
• 🚢 Managing Dependabot alerts with batched updates is now generally available - You can now manage multiple Dependabot alerts at once—streamlining security workflows across your entire organization.
• 🚢 Dependency auto-submission now supports NuGet - GitHub’s dependency auto-submission unlocks deeper visibility into your .NET projects—powering SBOMs, security alerts, and full transitive insights with just a few clicks.
• 🚢 Dependency auto-submission now supports Python - Python developers can now automatically submit dependency snapshots with pip—completing GitHub’s auto-submission support across all major ecosystems.

Additional security updates

• 🚢 Added a “Not set” option for GitHub Code Security features - Teams can now explicitly opt out of certain security features for better configuration control.
• 🚢 GitHub Changelog - Security, July, 2025 - Skim through all of the security related changes from July.

CI/CD

Continuous Integration & Continuous Deployment with GitHub Actions.

• 📢 How to catch GitHub Actions workflow injections before attackers do - Learn how to proactively defend against one of the most common CI/CD vulnerabilities with actionable insights for secure automation.
• 📢 How to streamline GitHub API calls in Azure Pipelines - Whether you’re looking to enhance your existing CI/CD processes or build entirely new automated workflows, the combination of Azure Pipelines and GitHub API through GitHub Apps provides a robust foundation for modern DevOps practices. This will allow you to enrich your existing pipelines with GitHub capabilities as you move your code from Azure Repos to GitHub.
• 🚢 npm trusted publishing with OIDC is generally available - This feature enables you to securely publish npm packages directly from CI/CD workflows using OpenID Connect (OIDC) for authentication, reducing the need to manage long-lived tokens. This brings cryptographic trust and automatic provenance to every package release.
• 🚢 Manage artifact attestations with deletion, filtering, and bulk actions - New controls help teams manage software provenance at scale.
• 🚢 GitHub Changelog - Actions, July, 2025 - Skim through all of the security related changes from July.

GitHub platform

Resources to assist those who manage the rollout and maintenance of GitHub for hundreds if not thousands of stakeholders.

• 🌐& 📺 How Omnissa unified 4,000 repos (and its future) with GitHub - GitHub Enterprise on LinkedIn - It's not often that a 2000+ developer organization needs to build a new engineering stack within the span of six months. Omnissa (the former End User Computing business unit at VMware) did exactly this. See how they built on top of GitHub, covering everything from the selection of GitHub to the migrations from Perforce, GitLab, and BitBucket Server, to self-hosted runners, adoption of GHAS, and OSS management using FOSSA.
• 🚢 npm trusted publishing with OIDC is generally available - This feature enables you to securely publish npm packages directly from CI/CD workflows using OpenID Connect (OIDC) for authentication, reducing the need to manage long-lived tokens. This brings cryptographic trust and automatic provenance to every package release.
• 🚢 Improved repository creation experience now available in public preview - The redesigned repository creation flow simplifies setup and enforces governance from the very first click.
• 🚢 Including timeouts in primary rate limits - GitHub improves API rate limit transparency with timeout indicators for better developer experience. The most significant change affects organizations and enterprises using custom repository properties and repository policies. Now, custom property inputs can respond to your organization’s policies, letting you set or limit repository names and visibility right at creation. This helps maintain compliance from the start.
• 🚢 GitHub Changelog - GitHub Platform, July, 2025 - Skim through all of the GitHub Platform related changes from July.

Engineering

An inside look at how we’re building the home for all developers. Resources based on our internal experiences.

• 📚 GitHub’s internal playbook for building an AI-powered workforce - Discover how GitHub transformed its workforce by treating AI adoption not as a tech rollout, but as a company-wide change management challenge. This post offers a practical, battle-tested blueprint for scaling AI fluency—from executive strategy to grassroots advocacy—designed to help teams ship faster, reduce toil, and unlock developer creativity.

Legend

• 📅 Events
• 📢 GitHub Blog
• 📺 GitHub on YouTube
• 🚢 The GitHub Changelog
• 📚 GitHub Resources
• 📄 GitHub Docs
• 🗣️ GitHub public feedback & discussions
• 🌐 Third Party Web Site

That’s it for the August '25 edition of the enterprise roundup. Check back in to the GitHub Executive Insights at the beginning of next month to see the next round of key updates.

We want to hear from you! Did you find this curated list of updates from GitHub helpful? Do you have suggestions on how we can provide the information that is going to be the most useful and timely for your role? Visit the GitHub Community. August ‘25 enterprise roundup - community · Discussion