GitHub Engineering

GitHub EngineeringApr 17, 2026

Bringing more transparency to GitHub’s status page

Why it matters: These updates provide engineers with more accurate, granular data on GitHub's reliability. By distinguishing between latency and outages and isolating AI model provider issues, teams can make better-informed decisions during incidents and more effectively evaluate platform performance.

GitHub introduced a 'Degraded Performance' status to distinguish between minor latency/errors and actual service outages.
A new three-tier incident classification system (Degraded, Partial, Major) provides more granular visibility into platform health.
The status page now displays per-service uptime percentages over a rolling 90-day period directly to users.
Uptime calculations use weighted downtime: Major outages count 100%, Partial outages count 30%, and Degraded Performance counts 0%.
A dedicated 'Copilot AI Model Providers' component isolates model-specific issues from general Copilot service availability.
These changes aim to reduce false alarms where users might assume a service is down when it is merely experiencing high latency.

#sre #culture

Read original

GitHub EngineeringApr 16, 2026

How GitHub uses eBPF to improve deployment safety

Why it matters: Circular dependencies can paralyze recovery during outages. By using eBPF and cGroups, engineers can enforce network isolation for deployment scripts without impacting production traffic, ensuring that critical infrastructure remains deployable even when primary services are offline.

GitHub uses eBPF to mitigate circular dependencies where deploying a fix requires access to the service currently experiencing an outage.
They identified three dependency types: direct (explicit script calls), hidden (automatic tool updates), and transient (downstream API dependencies).
The solution utilizes BPF_PROG_TYPE_CGROUP_SKB to hook into network egress specifically for processes within a targeted Linux cGroup.
This approach allows granular network filtering, blocking deployment scripts from accessing github.com while allowing production traffic to continue normally.
The system was implemented using the cilium/ebpf Go library to load and manage custom programs within the Linux kernel.

#sre #dist #security

Read original

GitHub EngineeringApr 15, 2026

Build a personal organization command center with GitHub Copilot CLI

Why it matters: This highlights how AI-driven workflows and the Model Context Protocol (MCP) enable engineers to rapidly build custom productivity tools. It showcases a shift toward 'plan-then-implement' development, allowing developers to focus on architecture while AI handles the implementation details.

Staff Engineer Brittany Ellich built a centralized personal command center to solve digital fragmentation using GitHub Copilot CLI and Agent Mode.
The project utilizes a 'plan-then-implement' workflow where Copilot interviews the developer to refine requirements before generating the implementation.
The technical stack features Electron for the desktop framework, React for UI management, and Vite for fast build tooling.
Integration with Microsoft 365 data is achieved through the Model Context Protocol (MCP) using the WorkIQ server.
The development process combined synchronous work in VS Code Agent Mode with asynchronous tasks handled by Copilot Cloud Agent.
The project demonstrates how AI tools allow engineers to successfully build in unfamiliar frameworks like Electron with minimal manual boilerplate.

#mlp #frontend #culture

Read original

GitHub EngineeringApr 15, 2026

Developer policy update: Intermediary liability, copyright, and transparency

Why it matters: Legal and policy shifts regarding copyright liability and age assurance directly impact how engineers build, share, and secure software. These updates ensure that neutral infrastructure and security research remain protected from broad regulations that could stifle open-source innovation.

The U.S. Supreme Court's Cox v. Sony decision reinforces that service providers are not automatically liable for user copyright infringement without evidence of intent.
DMCA Section 1201 exemptions remain critical for developers performing security research, interoperability work, and AI safety analysis.
GitHub's 2025 Transparency Report recorded the highest number of DMCA circumvention claims to date, reflecting increased copyright enforcement pressure.
Proposed age assurance laws in the US, Brazil, and Europe may unintentionally impact open-source infrastructure like package managers and operating systems.
GitHub is actively seeking developer input for the 2027 DMCA triennial review to address emerging challenges in AI model inspection and safety research.

#culture #security

Read original

GitHub EngineeringApr 14, 2026

Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game

Why it matters: As AI agents move from prototypes to production, they introduce new attack vectors like goal hijacking and tool misuse. This game provides hands-on experience in identifying and mitigating these risks, helping engineers bridge the gap between AI adoption and security readiness.

GitHub launched Season 4 of the Secure Code Game, focusing on the security of autonomous agentic AI systems.
The game features ProdBot, a deliberately vulnerable AI assistant that uses natural language to execute bash commands and browse the web.
Challenges cover critical risks identified in the OWASP Top 10 for Agentic Applications, including goal hijacking and tool misuse.
Players explore vulnerabilities in the Model Context Protocol (MCP), persistent memory poisoning, and multi-agent orchestration.
The curriculum progresses through five levels, teaching engineers how to exploit and then harden AI agents against malicious prompts.

#security #mlp

Read original

GitHub EngineeringApr 14, 2026

How exposed is your code? Find out in minutes—for free

Why it matters: This tool provides immediate visibility into hidden security risks without financial or setup barriers. By identifying vulnerabilities and AI-driven remediation opportunities, engineers can proactively reduce technical debt and secure their codebase before exploits occur.

GitHub has launched a free Code Security Risk Assessment tool that performs a one-click scan on up to 20 active repositories.
The assessment utilizes the CodeQL static analysis engine to identify vulnerabilities without requiring manual configuration or licenses.
A centralized dashboard summarizes findings by severity, language, and specific security rules to help teams prioritize remediation.
The tool integrates with Secret Risk Assessment to provide a unified view of both code vulnerabilities and credential exposure.
Results highlight vulnerabilities eligible for Copilot Autofix, which GitHub claims can resolve security issues nearly twice as fast as manual efforts.

#security #culture

Read original

GitHub EngineeringApr 13, 2026

GitHub for Beginners: Getting started with GitHub Pages

Why it matters: GitHub Pages offers engineers a zero-cost, integrated solution for hosting documentation, portfolios, and static web apps. It simplifies the deployment pipeline by leveraging existing Git workflows and GitHub Actions, removing the overhead of managing external hosting infrastructure.

GitHub Pages provides free, secure hosting for static websites directly from any GitHub repository.
Users can deploy sites using two primary methods: the simple 'Deploy from a branch' option or automated GitHub Actions workflows.
The platform supports modern frameworks like Next.js through pre-configured GitHub Actions templates.
Custom domains can be integrated by configuring DNS records and verifying domain ownership at the profile or organization level.
Security is managed through an 'Enforce HTTPS' setting that provides free SSL certificates for all hosted sites.
Even if a repository is private, the published GitHub Pages site remains public, allowing for easy project sharing.

#frontend #security

Read original

GitHub EngineeringApr 10, 2026

GitHub Copilot CLI for Beginners: Getting started with GitHub Copilot CLI

Why it matters: GitHub Copilot CLI streamlines development by bringing AI-powered code generation and autonomous agents directly into the terminal. This reduces context switching, enabling faster iterative building and automated error correction within the local environment.

GitHub Copilot CLI integrates agentic AI directly into the terminal, allowing for autonomous task execution like building code and running tests.
Installation is performed via npm using 'npm install -g @github/copilot', with support for Homebrew and WinGet package managers.
Users must authenticate using the '/login' command, which connects the client to their Copilot account and the GitHub MCP server.
The CLI requires explicit folder permissions to explore repositories and modify files, which can be granted per session or permanently.
It supports high-level prompts such as requesting project overviews or generating new API endpoints based on existing codebase patterns.
The tool features self-correction capabilities, enabling it to fix errors without manual intervention during iterative development.

#mlp #culture

Read original

GitHub EngineeringApr 9, 2026

GitHub availability report: March 2026

Why it matters: This report highlights how minor configuration errors, cache stampedes, and credential management issues can cause massive service disruptions. It provides a blueprint for improving resilience through killswitches, infrastructure isolation, and automated monitoring of dependencies.

A bug in a cache-reduction deployment triggered a global cache recalculation, causing replication delays and high failure rates for API and Git operations.
Misconfigured Redis load balancers during infrastructure updates led to significant delays and failures in GitHub Actions workflow runs.
Authentication failures between the Copilot Coding Agent and its datastore caused near-total service outages, requiring manual credential rotation.
An upstream dependency failure disrupted GitHub event notifications for Microsoft Teams integrations.
GitHub is implementing architectural changes, including moving caching to dedicated hosts and adding killswitches to prevent cascading failures.
Improved automation and alerting are being developed to catch load balancer misconfigurations and credential lifecycle events before user impact.

#sre #dist

Read original

GitHub EngineeringApr 8, 2026

GitHub Universe is back: We want you to take the stage

Why it matters: GitHub Universe is a premier event for engineers to showcase technical achievements and learn about the latest in AI-driven development and security. It offers a unique opportunity to influence the community and discover tools that accelerate the software development lifecycle.

GitHub Universe returns to San Francisco on October 28–29, focusing on developer learning and technical innovation.
The Call for Sessions is open until May 1, inviting engineers to submit proposals on their builds and lessons learned.
Past highlights include deep dives into advanced Git features like sparse checkouts, partial clones, and reflog rescues.
Technical themes emphasize CI/CD automation using GitHub Actions and AI-assisted security with Copilot.
The event showcases creative ways to teach complex topics, such as using roleplay to explain Kubernetes security and clusters.
A major focus remains on improving Developer Experience (DevEx) and accelerating the path from idea to shipped product.

#culture #security #frontend

Read original

Page 5 of 15

Prev 1...3 4 5 6 7...15 Next