Welcome again to our monthly update of what’s come through in the GitHub changelog this July and what actions might be useful in your organisation.

Repository Rules are now generally available: This one is a game changer, and if you’ve already been using it in beta, you’ll be pleased to know it’s now in general release. Rulesets make branch protection scalable. You can layer them so that you have a base rule for all branches in all repos, and then have more granular rules based on specific needs. These rulesets can be scoped at the organisation level for Enterprise Cloud customers, or you can stick to applying them per repository. For those organisations that have compliance requirements, this removes the need to continuously audit your branch protections and makes it possible to allow bots/apps to bypass checks without additional permissions.

For Enterprise users, rulesets can be applied at the organisational level either as Branch rulesets or Tag rulesets They can be targeted to all repos, a static list or they can be dynamically targeted. Dynamic targeting will use fnmatch patterns to include or exclude targets. You can also allow bypass for specific role types, teams or apps and you can add Metadata restrictions. Rulesets can be applied in Evaluation mode allowing you to tweak them before impacting your contributors. This is a feature that will lead to better practices in branch management and ensure everyone can easily adhere to the standards your organisation sets. Read more about repo rules in GitHub’s blogpost here:

Passkeys Public Beta: Passkeys replace passwords for sign-in and because they prove both your identity and the possession of a device, they serve as 2FA as well. This feature is available in feature preview, and if you use security keys on your device like TouchID, Windows Hello, Android thumbprints or PIN-Locked or biometric hardware keys they can now be upgraded to work as Passkeys. In conjunction with this you can also now see which people have registered for 2FA directly in the People pages of your organisation.

Get global security advisories via REST API: This will allow for easier access and more ways to make sure you can follow up on any emerging data in this free and open source database

GitHub Copilot Chat beta now available for every organisation: This is one is a standout, the CoPilot X beta program has now been extended to all organisations. GitHub has now provided a limited public release of GitHub Copilot chat for Visual Studio and VS Code.  This provides developers a chatbot that operates in context of code they are currently writing. Right in the IDE, you can now ask in natural language for guidance around coding concepts, specific code snippets or even tips on best practice or remediation. It’s an AI pair programming tool that combines the best of the GPT-4 language model with the context of your active code base meaning you’ll get useful results fast. Use it to explain code blocks when you aren’t sure of their purpose, troubleshoot complex systems faster and allow less experienced developers to be more productive as they build the muscle memory of good code quality that would otherwise take significant time. This will allow us to get out of the weeds of dealing with the complexities of languages as they expand, trawling the docs and wiki’s etc, moving us into the productive work of turning the concepts into functioning code and spending more time in the IDE. Read more about in the GitHub blog here and look out for a future blog from us on this as we take it for a spin.