Browse DevOps News (323)

Allison announces new controls for GitHub Copilot code review, including organization-level runner configuration (GitHub-hosted, self-hosted, or large runners), support for Copilot content exclusions at repo/org/enterprise scope, and removal of the 4,000-character limit for repository custom instruction files.

Allison outlines when GitHub Actions will start enforcing minimum versions for self-hosted runners, including the registration baseline, the ongoing 30-day update requirement, and the brownout schedule leading up to full enforcement for GitHub Enterprise Cloud and Data Residency tenants.

Allison announces GitHub Enterprise Server (GHES) 3.21 general availability, highlighting updates for enterprise admins including organization custom properties for targeting rulesets, GitHub Projects hierarchy view, a new REST API version with breaking changes, GitHub Actions workflow page performance improvements, secret scanning governance updates, and multi-disk storage configuration.

Gloridel Morales announces the June 2026 patch releases for Azure DevOps Server, with direct download links, release notes references, and a quick command you can run on the server to verify whether the patch is installed.

Natalie Guevara summarizes GitHub’s May 2026 availability incidents and the reliability work underway, including moving parts of the monolith to Azure, isolating database domains, and hardening GitHub Actions and Copilot services against cascading failures.

Allison announces an update to GitHub Actions where pull requests opened by github-actions[bot] can run CI/CD workflows after a user with write access approves them, reducing the risk of merging untested bot changes while keeping a security gate for workflows that can access sensitive data.

Allison explains an update to GitHub AI usage reports so GitHub AI Credits usage is reflected in the standard report fields, including what to use going forward and what changed for data since June 1.

Waldek Mastykarz explains how AI coding agents can silently scaffold outdated Node.js projects when they run npx without pinning versions, due to npm’s engine-aware manifest selection. The post breaks down why this happens and gives practical steps to make agent-driven scaffolding more predictable.

Allison announces two new GitHub-hosted runner images in public preview for GitHub Actions, aimed at helping teams validate CI workloads on newer platforms and toolchains before they reach general availability.

Allison announces the public preview of GitHub Agentic Workflows, a GitHub Actions capability that lets teams define reasoning-based automations in natural-language Markdown and compile them into standard Actions YAML, with built-in controls aimed at keeping agent-driven changes safe to apply.

Natalie Guevara explains how GitHub improved secret scanning alert quality by adding LLM-based contextual verification, reducing false positives while keeping detection coverage. The post breaks down where verification fits in the pipeline, what “better context” means in practice, and the measured impact on customer-confirmed false positive alerts.

Allison announces that GitHub Agentic Workflows can now authenticate using GitHub Actions’ built-in GITHUB_TOKEN instead of a personal access token, reducing the risk of long-lived credentials and enabling organization-level billing for Copilot CLI usage in agentic workflows.

Laura Jiang announces Copilot Autofix in limited private preview for GitHub Advanced Security for Azure DevOps, which generates suggested fixes for supported CodeQL alerts and turns them into pull requests. The post explains what’s covered in preview, how the workflow fits into existing review gates, and how usage is billed via Azure.

Leah Tran introduces Visual Studio 18.7’s pull request review experience, which lets developers open PRs, browse diffs, discuss comments, and approve or merge changes from inside the IDE for both GitHub and Azure DevOps repos.

Allison announces new GitHub CLI support for GitHub Discussions via the gh discussion command group, letting developers list, view, create, edit, and comment on discussions directly from the terminal without relying on raw gh api calls.

Allison announces GitHub CLI v2.94.0 support for managing issue types, sub-issue hierarchies, and dependency relationships directly from the terminal, including new flags and JSON fields for automation.

Waldek Mastykarz explains why piling up dozens of agent “skills” can quietly burn your token budget and reduce response quality, and how to decide what should stay a skill versus what should become a manually-invoked prompt in tools like GitHub Copilot and VS Code.

Jeffrey Fritz announces the .NET Day on Agentic Modernization livestream (June 16, 2026), focused on practical ways to modernize existing .NET applications without a full rewrite. The agenda highlights GitHub Copilot-assisted modernization, Aspire-based approaches, migration of WinForms and line-of-business apps, and adding agentic/AI capabilities.

Apoorv Gupta explains Spec-Driven Development (SDD) as a spec-first workflow for AI-native engineering, where structured specs act as the shared source of truth across requirements, design, implementation, and validation. The post introduces GitHub Spec Kit and outlines a practical lifecycle teams can adopt to reduce ambiguity and rework.

Natalie Guevara explains how to give GitHub Copilot CLI real code intelligence by installing and configuring language servers via the LSP Setup skill, replacing brittle grep/decompile workflows with semantic features like go-to-definition, find references, and type resolution in the terminal.

Allison announces an update to GitHub Enterprise Cloud billing: enterprises can now create up to 500 cost centers, up from 250, enabling more granular tracking and reporting of usage and spend across large organizations.

Allison announces incremental CodeQL analysis for Go and C/C++ pull request scans, plus incremental support in the CodeQL CLI, with measured speedups across thousands of repositories and details on when the feature is enabled by default.

Natalie Guevara explains how to define and run custom agents in GitHub Copilot CLI so repeated terminal tasks become consistent, reviewable workflows. The article shows how agent profiles live in your repo, and includes practical examples for security audits, IaC compliance checks, release notes drafting, and incident response.

Dan Hellem and Andrew Brenner announce a limited public preview that brings GitHub Copilot code reviews into Azure Repos pull requests, and walk through how to enable it at the organization, repository, and user levels. The post also documents preview guardrails and how token usage is billed via GitHub AI credits to Azure Cost Management.

Allison announces an update to GitHub code scanning that lets organizations keep security coverage on inactive repositories by running scheduled scans when there have been no pushes or pull requests for six months or more.

Allison announces that GitHub’s security validation for third-party coding agents is now generally available, bringing the same automated checks used for the GitHub Copilot cloud agent to agent-generated pull requests.

Jon Galloway recaps Microsoft Build 2026 with the main developer announcements across GitHub Copilot, Microsoft Foundry, Azure, Windows, Visual Studio, and .NET—highlighting agentic workflows, new tooling, governance specs, and a curated set of sessions and hubs to follow up on what shipped.

Allison announces general availability of IP allow list enforcement for GitHub Enterprise Cloud Enterprise Managed Users (EMUs), extending enterprise network access policies to repositories owned under EMU user namespaces and covering web, Git, and API access.

Soo Stahl and Bhuvan Shah announce Enterprise Live Migrations (ELM), a limited public preview feature for moving repositories from Azure Repos to GitHub with continuous sync and a short, scheduled cutover window to minimize downtime for enterprise teams.

Natalie Guevara answers common beginner GitHub questions, including how to set up SSH keys, create personal access tokens (fine-grained and classic), resolve merge conflicts, undo commits, sync forks, and review pull requests—plus a quick look at using GitHub Copilot for code review in PRs.

Allison summarizes what’s new in CodeQL 2.25.6 for GitHub code scanning, including Swift 6.3.2 support, full extractor and data flow coverage for C# 14 and .NET 10, and query improvements that expand sensitive-data detection and reduce false positives across multiple languages.

Allison announces a public preview feature that lets enterprises centrally configure and distribute GitHub Copilot CLI plugins through VS Code 1.122, using a shared settings.json so standardized plugin marketplaces, hooks, and MCP configurations are applied automatically for licensed users.

Microsoft Defender Security Research Team, Dor Edry and Amit Eliahu break down a prompt-injection pathway in Anthropic’s Claude Code GitHub Action that could leak CI/CD secrets by reading /proc/self/environ, and provide practical hardening guidance for AI-powered GitHub Actions workflows.

davidwright, Arnaud Lheureux, and Suzanne Daniels explain why architecture and governance frameworks only help when they actively change delivery decisions. Using Git-Ape as the example, they show how to turn Azure Well-Architected, Azure Policy (including NIST mappings), and CAF guidance into repeatable repo-driven assessments with prioritized findings tied to code and policy.

Allison announces that Copilot Pro, Pro+, and Max subscribers can use “Fix with Copilot” to automatically investigate and propose fixes for failing GitHub Actions jobs, pushing changes to a branch and tagging the developer for review.

Allison announces a public preview REST API that lets Copilot Pro, Pro+, and Max users start and track Copilot cloud agent tasks programmatically, enabling teams to integrate agent-driven code changes into scripts and internal tooling.

The Visual Studio Code Team shares what’s new in VS Code 1.124 (Insiders), including several usability updates to the Agents window (session-scoped prompt history, multi-chat local sessions, background send, and session grid keyboard navigation) plus regex flag support for folding markers in language configuration.

Allison announces general availability of GitHub’s expanded billing REST APIs, covering programmatic budget lifecycle management, account/org/repo usage reporting, and cost center querying for enterprise billing workflows.

Allison announces general availability of new GitHub REST API endpoints that let enterprise administrators programmatically request and download billing usage reports as CSV files, matching the same report types available in the GitHub UI.

tinotereshko rounds up the Build 2026 announcements for Microsoft Fabric Data Warehouse, covering GPU-based query acceleration, configurable data retention and time travel, SQL editor upgrades (including inline Copilot chat), and new T-SQL capabilities. The post also highlights DevOps-focused features like REST APIs and Git/DacFx-based schema deployments for the SQL analytics endpoint.