GitHub Engineering

Why it matters: AI is evolving from simple autocomplete to autonomous agents that handle complex SDLC tasks. GitHub's leadership highlights the shift toward orchestrating outcomes rather than just writing code, promising significant productivity gains and better governance for enterprise engineering teams.

GitHub has been recognized as a Leader in the 2026 Gartner Magic Quadrant for Enterprise AI Coding Agents for the third consecutive year.
The platform achieved the highest position for 'Ability to Execute,' reflecting its deep integration across the software development lifecycle (SDLC).
Gartner predicts that asynchronous AI coding agents will improve engineering productivity by 30% to 50% by 2028.
GitHub Copilot now serves 140,000 organizations, emphasizing a shift from simple code generation to autonomous agentic workflows like code review and security auditing.
Future investments focus on multi-model flexibility, intelligent routing, and expanding agentic capabilities across CLI, IDE, and mobile surfaces.

#mlp #security #culture

Read original

GitHub EngineeringMay 21, 2026

Beyond the engine: 10 open source projects shaping how games actually get made

Why it matters: Game development requires a complex ecosystem of tools beyond the engine. These open-source projects offer lightweight, specialized, and cost-effective alternatives for asset creation, lowering the barrier to entry for developers and streamlining the production pipeline.

Open source tools provide specialized workflows for game assets that live outside the primary game engine, such as modeling and animation.
Blockbench offers a focused environment for low-poly 3D modeling, UV mapping, and animation with exports to standard formats like glTF and OBJ.
Pencil2D facilitates traditional frame-by-frame 2D animation with support for both raster and vector layers and onion skinning.
Pixelorama is a dedicated pixel art editor designed specifically for game development workflows, built using the Godot engine.
These tools are engine-agnostic, allowing them to plug into pipelines for Godot, Unity, Unreal, and custom-built engines.

#culture #frontend

Read original

GitHub EngineeringMay 21, 2026

Building GitHub’s next chapter in accessibility

Why it matters: Accessibility is shifting from a compliance task to a core engineering discipline. By integrating it into CLIs, design systems, and AI, GitHub shows how to build inclusive tools that empower developers with disabilities and improve the user experience for everyone.

GitHub has evolved its accessibility program into a core engineering fundamental, integrating it into design systems, scorecards, and AI tools.
The pull request experience was redesigned to prioritize keyboard navigation, landmarks, and reduced page reloads for screen reader users.
GitHub CLI now features screen reader support for interactive prompts and customizable ANSI 4-bit color palettes for low-vision users.
AI-powered features like GitHub Copilot are being utilized to automate accessibility tasks, such as generating descriptive alt text for images.
The company launched an open-source accessibility strategy, including a dedicated summit and hackathon to foster assistive technology development.
Accessibility best practices have been codified into the Primer Design System to ensure inclusive UI components are available by default.

#frontend #culture #mlp

Read original

GitHub EngineeringMay 20, 2026

Investigating unauthorized access to GitHub-owned repositories

Why it matters: This incident highlights the supply chain risks associated with developer tools like IDE extensions. It demonstrates the importance of rapid incident response, secret rotation, and endpoint isolation in mitigating the impact of a compromised internal environment.

GitHub detected a compromise on an employee device caused by a poisoned third-party VS Code extension.
Approximately 3,800 internal repositories were exfiltrated during the security incident.
No evidence suggests that customer-owned enterprises, organizations, or repositories were compromised.
Immediate response included isolating the affected endpoint and removing the malicious extension version.
GitHub rotated critical secrets and high-impact credentials to mitigate further risk.
Ongoing efforts include log analysis, secret rotation validation, and infrastructure monitoring.

#security #sre

Read original

GitHub EngineeringMay 20, 2026

Investigating unauthorized access to GitHub’s internal repositories

Why it matters: This incident highlights the growing threat of supply chain attacks targeting developer tools. It underscores the need for robust endpoint security and rapid secret rotation protocols when internal source code is compromised to prevent lateral movement and further exploitation.

GitHub detected a compromise of an employee device triggered by a poisoned third-party VS Code extension.
The attacker exfiltrated approximately 3,800 internal GitHub repositories during the incident.
No evidence suggests that customer-owned enterprises, organizations, or repositories were directly impacted.
GitHub responded by isolating the affected endpoint and removing the malicious extension version.
Critical secrets were rotated immediately, prioritizing high-impact credentials to mitigate further risk.
The investigation continues with log analysis and infrastructure monitoring for any follow-on activity.

#security

Read original

GitHub EngineeringMay 20, 2026

Investigation update: GitHub Enterprise Server signing key rotation

Why it matters: GitHub is rotating its GHES signing key following a cyber-attack to ensure the integrity of future updates. Engineers managing GHES instances must rotate GPG keys immediately to avoid update failures and maintain a secure, verified supply chain for their enterprise infrastructure.

GitHub is rotating the GitHub Enterprise Server (GHES) signing key following a detected cyber-attack.
The signing key is critical for validating the authenticity of GHES binaries during manual update processes.
Administrators must execute a provided GPG rotation script on all GHES nodes to maintain update compatibility.
The rotation process requires running the script as both the admin user and root to ensure all accounts are updated.
Failure to rotate keys will result in future upgrade failures with 'invalid package' verification errors.
GitHub Enterprise Cloud customers are unaffected and do not need to take any action.

#security #sre

Read original

GitHub EngineeringMay 18, 2026

Take your local GitHub sessions anywhere

Why it matters: This feature decouples long-running AI agent tasks from the local workstation. It allows engineers to maintain oversight and control over complex refactoring or scaffolding jobs while away from their desks, increasing the flexibility and continuity of agentic development workflows.

GitHub Copilot now features remote control for CLI, VS Code, and JetBrains IDE sessions, allowing developers to manage agents from any device.
The '/remote on' command enables real-time session tracking and steering via github.com and the GitHub Mobile app.
Engineers can monitor agent progress, including file reads, code changes, and command execution, in real time from mobile or web interfaces.
Natural language instructions can be sent to running agents remotely to redirect their course or expand the scope of a task mid-flight.
The feature supports a full end-to-end workflow on mobile, from monitoring scaffolding to creating and merging pull requests.
Remote sessions are private by default, ensuring that only the session owner can view or interact with the running Copilot agents.

#mlp #mobile

Read original

GitHub EngineeringMay 15, 2026

Building a general-purpose accessibility agent—and what we learned in the process

Why it matters: This agent demonstrates how AI can scale accessibility compliance by automating the detection and fix of common WCAG violations. For engineers, it reduces manual review overhead and provides immediate feedback, ensuring more inclusive software reaches production faster.

GitHub is piloting an experimental AI agent to provide real-time accessibility guidance and automated remediation for front-end code.
The agent has reviewed over 3,500 pull requests to date, achieving a 68% resolution rate for identified accessibility issues.
Primary focus areas include WCAG compliance, specifically structural clarity, control naming, status messages, and keyboard focus order.
The tool integrates directly into developer workflows via GitHub Copilot CLI, VS Code, and automated pull request comments.
Success is built on a mature foundation of existing accessibility data, including structured issue templates and verified remediation steps.

#frontend #mlp #culture

Read original

GitHub EngineeringMay 15, 2026

Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program

Why it matters: GitHub is raising the bar for bug bounty submissions to combat low-quality AI noise. This matters to engineers as it clarifies the shared responsibility model for platform security and sets a standard for validating AI-assisted security research and vulnerability reporting.

GitHub is raising the quality bar for bug bounty submissions to combat a surge in low-impact reports and AI-generated noise.
Valid submissions must now include a working Proof of Concept (PoC) demonstrating concrete security impact rather than theoretical scenarios.
Researchers are required to manually validate all findings, including those generated by AI or automated scanners, before submission.
The program emphasizes a shared responsibility model where users are accountable for trusting repositories, code, and AI-processed content.
Reports must be concise, featuring a short summary, clear reproduction steps, and a specific impact statement to speed up triage.

#security #culture

Read original

GitHub EngineeringMay 14, 2026

GitHub availability report: April 2026

Why it matters: This report highlights the complexity of maintaining high availability in distributed systems. It provides lessons on the risks of automated infrastructure changes, the importance of correctly scoped rate limiting, and the need for robust DNS management and failover strategies.

GitHub experienced 10 incidents in April 2026, including a major code search outage caused by an aggressive infrastructure upgrade and coordination failure.
A bug in rate-limiting logic caused significant delays for GitHub Copilot, incorrectly applying global limits instead of per-installation scopes.
GitHub Pages suffered an 11% error rate after an automated DNS management tool erroneously deleted a backend storage host record.
Audit log services were briefly unavailable due to a failed credential rotation, highlighting the need for more resilient rotation processes.
Codespaces connectivity issues were traced to failures in VS Code editor integration, while SSH connections remained unaffected.
Remediation efforts focus on implementing availability-zone-tolerant routing, better traffic isolation, and enhanced deployment safeguards.

#sre #dist

Read original

Page 2 of 15

Prev 1 2 3 4...15 Next