April ‘25 enterprise roundup

Published via GitHub Executive Insights | Authored by Dave Burnison

GitHub is shipping new features, product updates, and best practices faster than ever. To help you stay ahead, our Enterprise Advocacy team has curated this monthly roundup—bringing you a concise, enterprise-focused summary of the most important updates you might have missed.

Below, you’ll find a carefully selected list of key innovations, expert insights, and must-know resources—guided by feedback from GitHub’s largest customers—to help your team innovate faster, boost productivity, and enhance security. Share with your teams and stakeholders so they can also get the most out of their GitHub experience.

How to use this Enterprise Roundup: We don't expect every person to read every word of this post. Skim through the topics that apply to how you and your teams use GitHub and dig into links that are the most relevant to you. Since some readers may skip over entire sections, you may see the same link appear in multiple sections such as a link that applies to both Code Security and CI/CD. Pass this Enterprise Roundup along to your colleagues or pass along specific links that will be beneficial to others.

Let’s dive in!

Events

While GitHub hosts our own marquee events like Universe and Galaxy each year, you will also find GitHub participating in other industry events. Here is the latest news about upcoming events.

📅 GitHub Universe - 🎉 Universe 2025 Call for Sessions & Speaker Nominations will be open from April 9th to May 2nd! Universe thrives on brilliant talks and demos from technical experts. The perspective that comes from our partners and customers are exactly what makes Universe such a powerful event for the global tech community.
Plot Twist! Alongside the regular Call for Sessions, we’re excited to introduce the launch of our NEW Speaker Nomination Process! No session idea? No problem! If you (or someone you know) has inspiring stories, innovative ideas, or industry insights to share but isn’t sure about crafting a full session pitch, this is your chance. Selected speakers from the nomination pool may be invited to lead their own session, co-present, or join a panel discussion. Watch the "Universe" category on GitHub Discussions during April for more information. Have questions? Email speakersupport@github.com.
📅 Microsoft Build - We’re officially on the road to Microsoft Build, and we’re calling all developers and builders to join us, whether you’re a general dev, back-end, full-stack, or an AI innovator. GitHub will show up in a big way this year! Learn about everything waiting for you in Seattle and be sure to register by April 9—in-person tickets are currently $400 off with our early-bird discount. Learn more here.

AI & ML - GitHub Copilot

Copilot keeps getting smarter—and more customizable. This month, we’ve seen improvements in code completions, expanded model options for Copilot Chat, and new capabilities like agent mode, next edit suggestions, vision input, and more. GitHub Copilot is designed to work alongside you—not replace you—making development faster, easier, and more enjoyable. Dive into the latest updates, see how large enterprises are adopting AI, and explore resources to level up your own Copilot usage.

📢 Blog | 📺 YouTube | 🚢 Changelog | 🗣️ Discussions | 📚 Resources

📄 Docs

You are not limited to using the default models for Copilot chat and code completion. You can choose from a selection of other models, each with their own particular strengths. We continue to expand and update the list of models available in GitHub Copilot. We keep the documentation updated with the complete list. Refer to 📄 Changing the AI model for Copilot Chat & 📄 Changing the AI model for Copilot code completions. Here are some of the latest related updates:
🚢 GPT-4o Copilot: Your new code completion model is now generally available &
📺 Advancing code completion with GPT-4o Copilot | GitHub Checkout (9:56) - The new GPT-4o Copilot code completion model for GitHub Copilot provides faster performance, support for 33 additional languages, and improved context-awareness through FastAPI and async code examples.
🚢 Onboarding additional model providers with GitHub Copilot for Claude Sonnet models in public preview &
📺 Demo: Using Claude 3.7 Sonnet with GitHub Copilot (1:19) - GitHub has onboarded Google Cloud Platform and Anthropic PBC as providers of the public preview models Claude 3.5 Sonnet and Claude 3.7 Sonnet. This change will result in increased Claude Sonnet rate limits and greater service quality in GitHub Copilot when using these models.
📺 Copilot agent mode new features in Visual Studio Code | GitHub Checkout (11:54) - Explore the latest updates to GitHub Copilot's agent mode in Visual Studio Code, demonstrating how it automates codebase searches, terminal commands, and UI test generation through natural language prompts.
📢 Mastering GitHub Copilot: When to use AI agent mode - Ever find yourself staring at an AI coding assistant, wondering why it’s not quite nailing what you need? Maybe it’s spitting out code that’s close but not quite right, or you’re stuck wrestling with a problem that spans multiple files, wishing it could just get the bigger picture. Often, it’s less about the tool, and more about knowing how to use it. Discover the differences between agent mode and Copilot Edits—and when to use them in your workflows.
📺 Copilot Next Edit Suggestions in Visual Studio Code explained: (12:11) - Next Edit Suggestions is reshaping how developers interact with their editor, cutting hours of tedious work. Unlike standard completions, it updates all related code, keeping you in flow and making refactoring feel like magic.
📢 Not just for developers: How product and security teams can use GitHub Copilot - GitHub Copilot isn’t just for developers—it’s a productivity powerhouse for everyone. By automating tedious tasks, simplifying complex processes, and bridging the gap between technical and non-technical teams, Copilot acts as a mentor and force multiplier. So, why not let Copilot help you work smarter, not harder? Whether you’re a product manager, security professional, or community manager, there’s a use case waiting to transform your workflow.
🗣️ How AI can make you an awesome developer - Staying relevant in this era of AI requires not only adapting to new technologies, but also honing in on your skills. It is extremely relevant to address the elephant in the room, how AI is not going to replace us, but make us much better developers. Let’s explore five key strategies to help you stay relevant and thrive in this new era of AI-driven development.
📚 How Thomson Reuters successfully adopted AI (and how your organization can, too) - Lessons for enterprise leaders For enterprise leaders like you looking to adopt AI tools like GitHub Copilot, This article contains the timeless lessons from Thomson Reuters that led to:
- 46% faster task completion rate for developers using GitHub Copilot.
- 39% improvement in code quality.
- 68% of developers reported a positive user experience, describing the tool as intuitive and easy to integrate into their workflows.
📚 White Paper: Training and onboarding developers on GitHub Copilot - Create a clear, repeatable onboarding processes and provide practical examples of how Copilot can solve real-world problems. This white paper covers:
- How Copilot differs from other products.
- The four key pillars for a successful rollout.
- Suggested approaches for helping developers adopt Copilot.
- A sample 90-day onboarding plan.
Welcome to season two of GitHub for Beginners! Last season, we introduced you to GitHub and helped you go from beginner to confidently using the platform. This season, we’re continuing your journey by leading you into the world of AI with GitHub Copilot.
- 📢 GitHub for Beginners: How to get started with GitHub Copilot &
  📺 Getting started with GitHub Copilot | Tutorial (10:54)
- 📢 GitHub for Beginners: Essential features of GitHub Copilot &
  📺 GitHub Copilot 101 - Essential features | Tutorial (11:27)
- 📢 GitHub for Beginners: How to get LLMs to do what you want &
  📺 Prompt engineering essentials: Getting better results from LLMs | Tutorial (9:01)
📢 How to debug code with GitHub Copilot - Whether you’re troubleshooting in your IDE, using Copilot Chat’s slash commands like /fix, or reviewing pull requests (PR) on github.com, GitHub Copilot offers flexible, intelligent solutions to speed up your debugging process.
🚢 Code review in GitHub Copilot is now in public preview (Update: now in general availability) - Copilot code review helps you offload basic reviews to a Copilot agent that finds bugs, potential performance problems, and even suggests automatic fixes.
🚢 Copilot Chat users can now use the Vision input in VS Code and Visual Studio in public preview - You can now attach images and work with them directly in Copilot Chat in VS Code or Visual Studio. Share screenshots of errors and Copilot will interpret the image and resolve the issue. Or share mockups of new designs, and Vision will help you bring them to life.
🚢 Personal custom instructions for Copilot are now generally available on github.com - You can provide Copilot with important details about your preferences, such as your preferred language, response style, or even code standards.
🚢 Instant previews, flexible editing, and working with issues in Copilot available in public preview - Working with Copilot Chat on GitHub has become even more seamless. You can instantly preview HTML files, edit files you’ve created, and work on issues right away.
🚢 Copilot Workspace: Showing quota limits, issues in dashboard, and UX improvements - We’ve added an indicator for your daily or hourly quotas, allocated a section of the dashboard to issues assigned to you, and introduced several UX improvements and bug fixes.
🚢 Instant semantic code search indexing now generally available for GitHub Copilot - GitHub Copilot now features instant semantic code search indexing, dramatically reducing the time it takes for Copilot to understand and reference your codebase.
🚢 GitHub Copilot updates in Visual Studio Code February Release (v0.25), including improvements to agent mode and Next Exit Suggestions, general availability of custom instructions, and more!
🚢 Enhance your productivity with Copilot Edits in JetBrains IDEs - Quickly refactor, optimize, and iterate more efficiently across multiple files. Use Copilot Edits to smoothly make changes in one or multiple files directly from Copilot Chat.
🚢 JetBrains Copilot code referencing support is generally available - When GitHub Copilot suggests code that matches public code, you will be notified of this match.
🚢 GitHub Copilot Chat for Eclipse now in public preview - You can enable GitHub Copilot in Eclipse with any  GitHub account and experience both code completions and in-editor chat assistance today.
🚢 Code completion in GitHub Copilot for Eclipse is now generally available - If you’re an Eclipse user, you can now leverage AI-powered suggestions directly within your IDE to write code faster and with greater ease.

AI & ML - GitHub Copilot

AI is getting built into solutions everywhere, it's time to experiment with Large Language Models (LLMs) and learn how to build AI into YOUR solutions to keep your customers and stakeholders coming back for more. Leverage GitHub Models to learn what dozens of models are capable of, compare the results of models side by side and then see the code that you need to build AI capabilities into your new and existing solutions. There were a few key updates related to the GitHub Models playground.

🚢 Changelog | 📢 Blog | 📄 Docs

🚢 DeepSeek-V3 is now generally available in GitHub Models - DeepSeek-V3 is a 671B parameter Mixture-of-Experts model that excels in mathematics and coding, making it suitable for tasks like solving advanced math problems and generating complex code.
🚢 Mistral Small 3.1 (25.03) is now generally available in GitHub Models - This is a versatile AI model designed to assist with programming, mathematical reasoning, dialogue, and in-depth document comprehension. Equipped with multimodal capabilities, it processes both text and visual inputs, making it suitable for chat-based interactions and instruction-following tasks.
🚢 Quick Action Tasks is now generally available in the GitHub Models playground - This is a new feature that streamlines your experimentation process by helping you choose faster or more cost-effective models, and even includes sources in your responses. This allows you to find the model that best fits your goals, whether you prioritize speed, cost-efficiency, or clarity of information.

Security

Application security with GitHub, ensuring the code that lives in GitHub and the dependencies that go into the solutions you build are secure.

📢 Blog | 🚢 Changelog | 🗣️ Discussions | 📚 Resources

📢 GitHub found 39M secret leaks in 2024. Here's what we're doing to help - We believe that you truly need secret protection everywhere, even for internal solutions, demo repos, etc.. Also, we understand that you may be content with your existing approach to code security or, only want to pay for GitHub Code Security in a select set of repos. Starting April 1, 2025, GitHub Advanced Security (GHAS) is being unbundled and available as two standalone security products: GitHub Secret Protection and GitHub Code Security giving you the freedom to use GitHub Secret Protection everywhere without also needing to pay for code security everywhere. We strongly encourage you to check our innovative capabilities like Copilot Autofix and Security Campaigns that will enable you to burn down security debt faster than ever but, you can prove that out with a few key teams and then expand your use of code security over time.
🚢 Fine-grained PATs are now generally available - There are two major changes to PATs at GitHub. Most notably, fine-grained PATs are now enabled by default for all organizations on GitHub, unless that organization or enterprise explicitly disabled them during the preview. The PAT approval flow is also enabled by default, so developers must request organization owner approval in order to successfully use their fine-grained PAT against their organizations.
🗣️Managing Your Enterprise Identity Provider (IdP) Maintaining the security and integrity of your enterprise's identity infrastructure is paramount. One crucial aspect of this is managing your Identity Provider (IdP) certificates. We have best practices and the steps you need to take to change your certificate.
🗣️Resolving accidental user account takeover by a new LDAP user on GitHub Enterprise Server A step-by-step guide to resolving issues where a new user on GitHub Enterprise Server (GHES) is mistakenly associated with an old user account due to matching LDAP Distinguished Name (DN) mappings.

Secret Protection

📚 Understanding your organization's exposure to secret leaks - Explore the business risks of credential exposure, how to assess your organization’s unique risk profile, and how GitHub Secret Protection is making enterprise-grade security more accessible.
📢 Finding leaked passwords with AI: How we built Copilot secret scanning - Passwords are notoriously difficult to detect with conventional programming approaches. AI can help us find passwords better because it understands context. This blog post will explore the technical challenges we faced with building the feature and the novel and creative ways we solved them.
📢 Full exposure: A practical approach to handling sensitive data leaks - Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders.
🚢 Delegated alert dismissal for code scanning and secret scanning now available in public preview - With this feature, you can require a review process before alerts are dismissed in code scanning and secret scanning. This helps you manage security risk better, as well as meet audit and compliance requirements.
🚢 Manage push protection bypass requests for secret scanning with the REST API - Delegated bypass controls let you choose who is allowed to bypass push protection, and contributors without permissions to bypass must submit a request for approval by the listed reviewers. These updates to the REST API allow reviewers to retrieve bypass requests for an organization or repository and review a request & dismiss a response to a request.
🚢 Renaming secret scanning experimental alerts to generic alerts - Alerts for non-provider patterns and Copilot-detected passwords are now categorized as generic instead of experimental. This change applies to alert filters and the secondary inbox in your alert list views. These alerts are not considered experimental and should be remediated in accordance with your organization’s standard policies.

Code Security

📢 🚨 CVE-2025-25291 + CVE-2025-25292: Bypassing SAML SSO authentication with parser differentials 🚨 - Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. This blog post sheds light on how these vulnerabilities that rely on a parser differential were uncovered. If you’re a user of ruby-saml library, make sure to update to the latest version, 1.18.0, containing fixes for these vulnerabilities.
🚢 It is easier to track your progress with fixed code scanning CodeQL security alerts on the Security Overview page - Now it is easier to see how many of your historical CodeQL alerts received autofix suggestions and how many of those alerts were resolved across all the repositories in your organization.
🚢 CodeQL adds support for Java 24 and other improvements in version 2.20.6 - We have added support for a new version of Java and a variety of other improvements that improve the accuracy of your code scanning results.
🚢 Java CSRF, Go 1.24 and C# 13 language features support available in CodeQL 2.20.5 - Updates include extended support for C# 13 / .NET 9, as well improved coverage for .NET 9 and new detection capabilities for Java and GitHub Actions workflow files.
🚢 Improved code scanning coverage for GitHub Actions (Public Preview) - We have added five new queries that identify additional types of security risks associated with Actions workflow files.

Supply Chain Security

🚢 Transitive dependencies are now available for Maven & Easily distinguish between direct and transitive dependencies for npm packages - GitHub’s dependency graph now tracks direct and transitive dependencies for npm & Maven packages. This helps you triage, prioritize, and remediate your Dependabot alerts.
🚢 Dependabot version updates now support uv in general availability - For projects that use uv as a package manager, Dependabot version updates can now ensure dependencies stay current with the latest releases.

CI/CD

Continuous Integration & Continuous Deployment with GitHub Actions.

📢 Blog | 🚢 Changelog

📢 IssueOps: Automate CI/CD (and more!) with GitHub Issues and Actions - IssueOps is the practice of using GitHub Issues, GitHub Actions, and pull requests (PR) as an interface for automating workflows. In this article, I’ll explore the concept of IssueOps using state-machine terminology and strategies to help you work more efficiently on GitHub.
🚢 Improved code scanning coverage for GitHub Actions (Public Preview) - We have added five new queries that identify additional types of security risks associated with Actions workflow files.
🚢 Actions Performance Metrics are generally available and Enterprise-level metrics are in public preview - Repository members can view workflow and job performance data. Organization members can also view this data aggregated across all repositories in their organization. In addition, usage and performance metrics aggregated at the Enterprise level are now available in public preview.
🚢 GitHub Actions now supports a digest for validating your artifacts at runtime - Developers using upload-artifact and download-artifact in their Actions workflows can now ensure the integrity of their artifacts with the new SHA256 digest. This feature automatically verifies that the artifact uploaded is identical to the one downloaded, providing security for Actions runs and ensuring the artifact remains unchanged.

GitHub Platform

Resources to assist those who manage the rollout and maintenance of GitHub for hundreds if not thousands of stakeholders.

📢 Blog | 🚢 Changelog | 📚 Resources | 🗣️ Discussions

🗣️ Welcome to the Enterprise - While this is not new, it's important to make sure readers of this post are aware of the Enterprise Community discussions. GitHub has done extensive research on Enterprise customer pain points and we hope to alleviate some of them by giving Enterprise customers a space to collectively problem solve, and share best practices enabling you to self-serve and create an Enterprise community knowledge base.
🗣️ What's this GHEC with Data Residency and how can I get started? - There are compliance and regulatory reasons why customers may have not been able to previously choose GitHub Enterprise Cloud (on github.com). Often these customers choose to use our GitHub Enterprise Server based product to fill that need. However, we know that innovation on a cloud cadence has great appeal. GHEC with Data Residency is the solution for this need.
📚 Lessons from Wayfair's enterprise scale migration - Wayfair’s migration was a masterclass in change management. They not only migrated 15,000 repositories but also paved the way for innovation and cost efficiency. The cost savings were significant: the migration saved $150,000 annually in hosting costs. Additionally, the migration reallocated resources where teams were freed from managing the self-hosted system, and instead could focus on strategic initiatives like improving CI/CD systems and enhancing security.
🚢 Enterprise custom properties, enterprise rulesets, and pull request merge method rule are all now generally available - You can now enrich your repositories with metadata across your entire enterprise. This ensures consistent properties across organizations without the need for manual synchronization. Enterprise-level rulesets enforce consistent code governance rules, helping ensure thorough reviews of critical repositories with pull requests, requiring actions workflows, protecting important locations from unauthorized pushes, and more. The new pull request merge method rule enables you to specify which merge method is suitable for your branches, such as ensuring that all changes are squashed when merging to the default branch while rebasing into feature branches.
🚢 GitHub is now PCI DSS v4.0 compliant with our 4.0 service provider attestation available to customers - This report is the first time GitHub has provided a PCI DSS service provider report for our customers. This enables customers to meet their own PCI DSS compliance needs using GitHub as part of their development environment.
🚢 Updates to Enterprise account navigation now generally available - GitHub Enterprise users will now see a horizontal navigation bar at the top of their enterprise account. This is designed to improve the user experience by providing a consistent, intuitive navigation structure that mirrors the rest of the GitHub experience.
🚢 Introducing metered billing for GitHub Enterprise and GitHub Advanced Security server usage - We are expanding our pay-as-you-go usage-based billing and licensing reporting interface to include GitHub Enterprise (GHE) and GitHub Advanced Security (GHAS) Server-only usage.
🚢 Enterprise-owned GitHub Apps are now generally available - The general availability of enterprise-owned GitHub Apps brings several updates.Most significantly, organizations and users can now transfer private visibility Apps to their enterprise, where they will become usable by the entire enterprise. In addition, permission updates made to an enterprise-owned App are now automatically accepted by all of the organizations in the enterprise. For more information and to provide feedback see 🗣️Enterprise-owned GitHub Apps are now generally available · community · Discussion
🗣️Resolving accidental user account takeover by a new LDAP user on GitHub Enterprise Server A step-by-step guide to resolving issues where a new user on GitHub Enterprise Server (GHES) is mistakenly associated with an old user account due to matching LDAP Distinguished Name (DN) mappings.

Projects and Issues

GitHub's Planning and tracking tools

📢 Blog | 📺 YouTube | 🚢 Changelog

📢 IssueOps: Automate CI/CD (and more!) with GitHub Issues and Actions - IssueOps is the practice of using GitHub Issues, GitHub Actions, and pull requests (PR) as an interface for automating workflows. In this article, I’ll explore the concept of IssueOps using state-machine terminology and strategies to help you work more efficiently on GitHub.
📺 How to create checklists in Markdown on GitHub (2:32) & 📢 How to create checklists in Markdown for easier task tracking - Markdown checklists are handy for visualizing tasks that need to be done. Beyond that, GitHub can turn these checklists into task lists in your issues and pull requests to make your project tracking easier and better.
🚢 Instant previews, flexible editing, and working with issues in Copilot available in public preview - Working with Copilot Chat on GitHub has become even more seamless. You can instantly preview HTML files, edit files you’ve created, and work on issues right away.
🚢 GitHub Issues & Projects: REST API support for issue types - Issue types can now be managed using the REST API, expanding the ability to automate and incorporate them in your workflows.
🚢 GitHub Issues & Projects: API support for issues advanced search and more! - You can now use GraphQL and the REST API to perform advanced queries for issues using the AND and OR keywords and nested searches.

Developer Skills

General developer expertise based on our own experience and the collective experience of our customers and partners.

📢 Blog | 📚 Resources | 🗣️ Discussions

🗣️ How AI can make you an awesome developer - Staying relevant in this era of AI requires not only adapting to new technologies, but also honing in on your skills. It is extremely relevant to address the elephant in the room, how AI is not going to replace us, but make us much better developers. Let’s explore five key strategies to help you stay relevant and thrive in this new era of AI-driven development.
📢 Why Java endures: The foundation of modern enterprise development - For 30 years, Java has been a cornerstone of enterprise software development. Here’s why—and how to learn Java.
🗣️ Take the GitHub Foundations Certification Prep Course: Join us for a five week prep course in the GitHub Community with practice questions, resources, and more to help you pass the GitHub Foundations certification. Designed by those who have taken and passed the exam for this course, leverage our expertise to achieve your goals.
📢 How engineers can use one-on-ones with their manager to accelerate career growth - If you’re only using them to provide status updates, you’re leaving a lot on the table. When used intentionally, one-on-ones can open doors for your professional development you didn’t even know were there.The earlier you see one-on-ones as a tool for impact and growth, the more value you’ll get from them.

Engineering

An inside look at how we’re building the home for all developers. Resources based on our internal experiences.

📢 Blog | 📚 Resources

📚 Creating space for developer creativity in high-scale organizations - How do we make room for creativity while managing the increasing complexity that comes with scale? Organizations face a constant tension between process and creativity, between stability and innovation. But, it's not about choosing between these extremes. It's about thoughtfully designing systems that protect both. The most successful engineering organizations don't leave developer creativity to chance. They build it into their DNA through deliberate choices about how they structure teams, manage time, and measure success.
📢 Finding leaked passwords with AI: How we built Copilot secret scanning - Passwords are notoriously difficult to detect with conventional programming approaches. AI can help us find passwords better because it understands context. This blog post will explore the technical challenges we faced with building the feature and the novel and creative ways we solved them.
📢 How GitHub engineers learn new codebases - I have collected insights from colleagues about how they approach learning new technical spaces. A fascinating collection of strategies emerged, and I’m excited to share them! Whether you’re a seasoned engineer switching teams or a newcomer to the field, these strategies can help make your next codebase onboarding a little bit easier.

Legend

That’s it for the April '25 edition of the enterprise roundup. Check back in to the GitHub Executive Insights at the beginning of next month to see the next round of key updates.

We want to hear from you! Did you find this curated list of updates from GitHub helpful? Do you have suggestions on how we can provide the information that is going to be the most useful and timely for your role? Visit the GitHub Community April ‘25 enterprise roundup - community · Discussion.