May ‘25 enterprise roundup

See More

May 8, 2025 // 20 min read

image

In case you missed it…

Published via GitHub Executive Insights | Authored by Dave Burnison

GitHub is shipping new features, product updates, and best practices faster than ever. To help you stay ahead, our Enterprise Advocacy team has curated this monthly roundup—bringing you a concise, enterprise-focused summary of the most important updates you might have missed.

Below, you’ll find a carefully selected list of key innovations, expert insights, and must-know resources—guided by feedback from GitHub’s largest customers—to help your team innovate faster, boost productivity, and enhance security. Share with your teams and stakeholders so they can also get the most out of their GitHub experience.

How to use this Enterprise Roundup: We don't expect every person to read every word of this post. Skim through the topics that apply to how you and your teams use GitHub and dig into links that are the most relevant to you. Since some readers may skip over entire sections, you may see the same link appear in multiple sections such as a link that applies to both Code Security and CI/CD. Pass this Enterprise Roundup along to your colleagues or pass along specific links that will be beneficial to others.

Let’s dive in!

Contents at a Glance

  1. Events
  2. Developer skills
  3. Engineering
  4. AI & ML – GitHub Copilot
  5. AI & ML – GitHub models
  6. Security
  7. CI/CD
  8. GitHub platform
  9. Projects and Issues
  10. Community
  11. Legend

Events

While GitHub hosts our own marquee events like Universe and Galaxy each year, you will also find GitHub participating in other industry events. Here is the latest news about upcoming events.

  • 📅 Microsoft Build - Join the global community of developers and tech innovators at Microsoft Build 2025 In Seattle and online, May 19-22, 2025—the premier event where cutting-edge tools, AI breakthroughs, and cloud innovations come to life. GitHub will have it's largest presence ever at Microsoft Build this year! Connect with experts, explore AI-powered demos, and find out firsthand how GitHub is building the technologies that redefine what's possible. Discover more about GitHub @Build here:https://build.microsoft.com/github-at-build. Each section below includes a link to relevant sessions and highlights one session per topic.
  • 📅 GitHub Galaxy 2025 - Unlock the power of AI-native development for your organization. Explore GitHub’s roadmap, see secure workflows in action, and get practical tips to boost team collaboration and address vulnerabilities at scale. Whether you're scaling enterprise operations or boosting developer productivity, Galaxy ’25 gives you the tools to build what’s next. Join us virtually on June 4th or 5th depending on your region (APAC, EMEA & AMER).
  • 📅 Check out the complete upcoming conference schedule and upcoming webinar schedule.

Developer Skills

General developer expertise based on our own experience and the collective experience of our customers and partners.

I've moved the Developer Skills and Engineering topics toward the top of the list as there were some fantastic articles and videos shipped this month.

  • Developer Skills sessions at Microsoft Build:
    • 📅 GitHub Copilot for Skeptics Who Still Think AI is Overrated
      Speakers: Damian Brady, GitHub & Burke Holland, Microsoft
      You've had just about enough of all this talk about AI for developers. It feels like a lot of hype and meanwhile, there is actual work to get done. We get it. It is hard to discern hype from truth at this current moment in the industry. The magic of AI for developers is very real though. In this session, we're going to give you the tips and tricks for GitHub Copilot that will take you beyond the hype and into a true believer.
  • 📚 GitHub’s Engineering System Success Playbook - GitHub’s Engineering System Success Playbook (ESSP) is a three-step process that can help you adopt a systems approach to unlock engineering success and drive business outcomes, whether you’re looking to adopt a new AI tool like GitHub Copilot or identify and unlock bottlenecks that have been hindering performance. Inspired by multiple frameworks, including SPACE and DevEx, DX Core 4, and DORA, our playbook offers a balanced and comprehensive approach.
  • 📚 3 keys for engineering improvement: listen, act, and learn - There's no shortage of commentary on engineering metrics. But too often, we see teams obsessing over metrics without clarity about why they're measuring, or whether they're genuinely improving. At GitHub, we believe there's a better way: shifting from measurement obsession to meaningful improvements through intentional listening, actionable investments, and a learning mindset. Read about the three critical shifts your engineering team can make to drive improvements across your engineering system.
  • 📚&📺 GitHub for Leaders: Applying AI agents to software development - In this episode of GitHub for Leaders, host Anjuan Simmons speaks with Mark Sparks, Senior Vice President and Head of Technology and Engineering at Bayer, to discuss practical strategies for integrating AI agents into the enterprise software development process—and how leaders can start doing the same right now.
  • 📄 Setting up Copilot for learning to code - Can Copilot help me learn to code? Yes! Copilot can adapt to meet your changing needs throughout your coding journey. When you're an experienced developer, you'll use Copilot as a coding assistant. While you're learning to code, it's more beneficial as a supportive companion. In this guide, you’ll learn how to set up Copilot to act as a tutor that will help you build a deep understanding of programming concepts, rather than relying on it to write your code for you.

Engineering

An inside look at how we’re building the home for all developers. Resources based on our internal experiences.

  • 📚&📺 How new GitHub features are born | Beyond the Commit Beyond the Commit: Building GitHub on GitHub: (10:01) - In this episode of Beyond the Commit, Neha Batra, VP of Engineering at GitHub, joins host Christopher Harrison to talk more about GitHub's developer-first approach and embracing the idea that if features don’t feel right for us, they won’t feel right for you or your developers either. Explore our practice of building and refining tools internally first, a.k.a. "eating your own dogfood". Learn about our innovation process, the role of developer feedback, hackathons, and how empathetic design stems from our own teams' experiences using GitHub.
  • 📢 Introducing sub-issues: Enhancing issue management on GitHub - This blog post delves into the journey of building sub-issues, what we learned along the way, how we implemented sub-issues, and the benefits of being able to use sub-issues to build itself.
  • 🗣️Cleaning Up Git: One of our technical architects shared their field notes on Git maintenance, a preparation step for migration to Git. Included are practical methods, ranging from simple cleanup to advanced repository surgery.

AI & ML - GitHub Copilot

All things GitHub Copilot, from new and upcoming features to research and data collected from customers showing how GitHub Copilot is accelerating developer productivity. GitHub Copilot is truly getting better all the time! This month we've seen exciting updates related to the Model options for GitHub Copilot Chat as well as new posts 📢, videos 📺 and ships 🚢 related to new capabilities such as Agent mode, next edit suggestions, code reviews and more ways to provide the right context with vision input and personal instructions. It's time to start diving into how AI is going to work along side of you to make you a better, more productive developer not, replace you. Check out the new discussion posts 🗣️ and articles 📚 to see how AI can make you an awesome developer and how large enterprises have successfully adopted AI.

AI & ML - GitHub Models

AI is getting built into solutions everywhere, it's time to experiment with Large Language Models (LLMs) and learn how to build AI into YOUR solutions to keep your customers and stakeholders coming back for more. Leverage GitHub Models to learn what dozens of models are capable of, compare the results of models side by side and then see the code that you need to build AI capabilities into your new and existing solutions. There were several updates related to the GitHub Models playground.

  • GitHub Models sessions at Microsoft Build:
    • 📅Prototype, build, and deploy AI apps quickly with GitHub Models
      Speakers: Damian Brady, GitHub & Kate Catlin, GitHub
      Join us for a demo showcasing how GitHub Models simplifies AI experimentation and deployment. We’ll explore the playground UI, highlight how to store and version prompts in repos, and compare outputs across multiple cutting-edge models. Experience firsthand how to use GitHub Models’ single API key approach, robust admin controls, and built-in evaluation features to supercharge your AI projects all within GitHub, seemlessly deploying with Azure AI Foundry as you scale up ready for production.
  • 🚢 User prompt improvement is now in public preview within the GitHub Models playground - Transform vague or broad prompts into clearer, more specific, and optimized ones for better model outputs. By providing specific suggestions—like requesting a particular format or style—you can save time and achieve high-quality, actionable results.
  • 🚢 OpenAI GPT-4.1-mini and GPT-4.1-nano are now generally available in GitHub Models - We’re introducing GPT-4.1-mini and GPT-4.1-nano—lightweight variants of OpenAI’s latest model. Designed for high performance with lower cost and latency, these models are ideal for real-time applications and workloads that involve parallel or chained model calls.
  • 🚢 OpenAI o3 and o4-mini are now available in public preview for GitHub Copilot and GitHub Models - OpenAI’s latest reasoning models, o3 and o4-mini, are now available in GitHub Copilot and GitHub Models bringing next-generation problem-solving, structured reasoning, and coding intelligence directly into your development workflow.
  • 🚢 Phi-4-reasoning and Phi-4-mini-reasoning are now generally available in GitHub Models - Phi-4-reasoning is a model optimized for advanced reasoning in math, science, and coding. It is ideal for applications such as coding assistance, generative AI research, and knowledge-intensive problem-solving. Phi-4-mini-reasoning is a lightweight model designed for multi-step mathematical reasoning and logic-intensive tasks, such as formal proof generation, symbolic computation, and advanced word problems. Its efficient design supports educational applications, embedded tutoring, and lightweight mobile systems.
  • 🚢 MAI-DS-R1 is now generally available in GitHub Models - MAI-DS-R1 is an updated version of DeepSeek-R1, refined by Microsoft AI. It handles complex queries more effectively, works across multiple languages, and provides access to previously restricted information. The model maintains the reasoning strengths of the original while improving reliability.
  • 🚢 DeepSeek-V3-0324 is now generally available in GitHub Models - DeepSeek-V3-0324 is a 671B parameter Mixture-of-Experts (MoE) model that builds notable updates on top of its predecessor, DeepSeek-V3. These include enhanced reasoning capabilities and improved function calling accuracy. This model also excels in Chinese writing proficiency and includes advanced search capabilities for Chinese.
  • 🚢 Cohere Command A and Embed 4 now generally available in GitHub Models - Command A is a multilingual model designed for business-critical applications like retrieval-augmented generation (RAG) and agentic tasks. It excels at supporting knowledge assistants, improving demand forecasting, and optimizing eCommerce search. Embed 4 is a multilingual model that transforms text, images, and mixed formats into unified vector representations. It is well-suited for processing high-resolution images and extracting key details from files like PDFs, slides, and tables.
  • 🚢 The Llama 4 herd is now generally available in GitHub Models - Llama-4-Scout-17B is a 17B parameter Mixture-of-Experts (MOE) model optimized for tasks like summarization, personalization, and reasoning. Its ability to handle extensive context makes it well-suited for tasks that require complex and detailed reasoning. Llama-4-Maverick-17B is a 17B parameter Mixture-of-Experts (MOE) model designed for high-quality chat, creative writing, and precise image analysis. With its conversational fine-tuning and support for text and image understanding, Maverick is ideal for creating AI assistants and applications.

Security

Application security with GitHub, ensuring the code that lives in GitHub and the dependencies that go into the solutions you build are secure and do not contain any secrets.

  • 📅 GitHub Advanced Security sessions at Microsoft Build: https://gh.io/buildgh25-GitHub-Advanced-Security
    • 📅 Shift Left: Secure Your Code and AI from the Start
      Speakers: Mark Russinovich, Microsoft & Neil Coles, Microsoft & Marcelo Oliveira, GitHub
      Discover how to swiftly deliver intelligent apps without sacrificing security. This session covers how to protect against threats across code, secrets, dependencies, and even LLMs. Learn how to use Threat Modeling early on in the product lifecycle to identify, assess and address security risks. You’ll learn about developer-focused security tools to deploy with confidence without context switching.
  • 📚 & 📺 GitHub for Leaders: How CXOs limit risk without losing speed - GitHub Resources - In this episode of GitHub for Leaders, host Anjuan Simmons sits down with cybersecurity researcher Daniel Cuthbert to discuss the evolving challenges of enterprise security facing leaders right now – and why credential leaks remain one of the most costly, yet preventable, threats.
  • 📚 Why application security tools fail and how DevSecOps fixes security debt - Traditional application security tools often fail to meet developer needs. These tools aren’t designed with developers in mind, despite developers being the ones tasked with remediation. By integrating security into the development workflow, GitHub helps teams catch vulnerabilities early, reduce friction, and make security native to the development process. The result? Developers spend less time chasing false positives and more time building secure, high-quality software. Download the eBook: Secure your code - The Essential Guide to Managing Security Debt.
  • 📢 How we’re making security easier for the average developer - Let’s be honest—most security tools can be pretty painful to use. We’re trying to make this better at GitHub by building security into your workflows so you can commit better code. From Secret Protection to Code Security to Dependabot and Copilot Autofix, we’re working to go beyond detection to help you prioritize and remediate problems—with a little help from AI.
  • 📢 & 📺 GitHub for Beginners: Security best practices with GitHub Copilot - This beginner's guide walks through fundamental security practices on GitHub. Discover how GitHub Copilot helps write safer code (and why you should learn from its suggestions!), plus how to activate vital tools like Dependabot and CodeQL to automatically check your code and dependencies for known vulnerabilities and secrets.
  • 📺New security tools explained: Secret Protection and Code Security | GitHub Checkout: (5:18) - Learn about the newest updates to GitHub Advanced Security including new offerings: Secret Protection and Code Security. Understand the impact of leaked secrets, how standalone features provide flexibility, and how push protection and Copilot Autofix secure your code. Secret scanning is free for public repositories, plus a new free organization-wide risk assessment helps identify vulnerabilities.
  • 📢 Found means fixed: Reduce security debt at scale with GitHub security campaigns - Security campaigns bridge the gap between security experts and developers streamlining the vulnerability remediation process right within your workflow, and at scale. Using Copilot Autofix to generate code suggestions, security campaigns help security teams take care of triage and prioritization, while you can quickly resolve issues using Autofix—without breaking your development momentum.
  • 🗣️ Enterprise SAML Lockouts: How to Regain Access Quickly 🔐: Problems with your Identity Provider (IdP) may cause yourself and users to be completely locked out of your enterprises and the organizations within it. If you are locked out of your Enterprise, we’re sharing three methods that may make it possible to regain access.
  • 🗣️Enterprise SAML Identity Already Linked? Here’s What It Means 🔍: Do you have a user unable to accept an invitation to join a SAML-protected enterprise account as it reports that their SAML external identity is already linked to another account? Read our discussion to learn a solution!
  • 🚢 Credential revocation API to revoke exposed PATs is now generally available - You can now revoke an exposed GitHub personal access token (PAT) you found outside of repositories, even if it’s not yours, to help quickly limit the impact of the exposure and improve the security of the software ecosystem.

Secret Protection

Code Security

Supply Chain Security

CI/CD

Continuous Integration & Continuous Deployment with GitHub Actions.

  • GitHub Actions sessions at Microsoft Build: https://gh.io/buildgh25-GitHub-Actions
    • 📅 Build Better, Deploy Smarter: GitHub Actions in Action!
      Speakers: Jessica Deen, GitHub & Andrea Griffiths, GitHub
      Think you’ve seen everything GitHub Actions has to offer? Think again. In this fast-paced 15-minute session, we’ll explore powerful features, time-saving tricks, and lesser-known capabilities that can take your workflows to the next level. You’ll even see how GitHub Copilot can accelerate your workflow development—helping you troubleshoot, refactor, and streamline automation like never before. Whether you’re just getting started or already automating everything, you’re bound to walk away with something new. Get ready to level up your CI/CD game—fast.
  • 📢 When to choose GitHub-Hosted runners or self-hosted runners with GitHub Actions - Comparing GitHub-hosted vs self-hosted runners for your CI/CD workflows? This deep dive explores important factors to consider when making this critical infrastructure decision for your development team.
  • 🚢 Users can now choose whether merging linked pull requests automatically closes the issue - For many teams, merging a PR doesn’t mean the work is done. There might be QA, validation, or follow-up steps before an issue is truly resolved. With this new repository setting, you can choose whether merging a pull request should automatically close its linked issues.
  • 🚢 GitHub Actions workflow security analysis with CodeQL is now generally available - Identify and remediate security vulnerabilities in your Actions workflows through automated code scanning, helping prevent potential security issues before they impact your CI/CD pipeline. During the public preview period, we’ve helped secure over 158,000 repositories, detecting more than 800,000 potential vulnerabilities in Actions workflows, with approximately 15% of these issues being fixed by repository maintainers.
  • 🚢 Windows arm64 hosted runners now available in public preview - Now in public preview, Windows arm64 hosted runners are available for free in public repositories.
  • 🚢 GitHub Actions: macOS 15 and Windows 2025 images are now generally available - macOS 15 and Windows 2025 images are now generally available for all GitHub-hosted runners.
  • 🚢 GitHub Actions hosted runner fleet now includes 96 vCPU larger runner - Customers in need of bigger, more powerful machines to run their workloads can use this runner to reduce runtime on their longer GitHub Actions builds. This runner is an x64 machine and you can use any of our existing GitHub-owned Linux and Windows images on these runners. Our entire advanced feature set works with the new runner: static IPs, network configurations, autoscaling, and runner groups.

GitHub Platform

Resources to assist those who manage the rollout and maintenance of GitHub for hundreds if not thousands of stakeholders.

Projects and Issues

GitHub's Planning and tracking tools

  • GitHub Project and Issues sessions at Microsoft Build:
    • 📅 Project planning for developers using GitHub
      Speakers: Riley Broughten, GitHub & Jon Peck, GitHub
      GitHub Issues are deceptively simple to get started, but combined with sub-tasks and projects you can rapidly build up the complexity of teams that you can support. See how in this demo packed, interactive session.
  • 📢 Introducing sub-issues: Enhancing issue management on GitHub - This blog post delves into the journey of building sub-issues, what we learned along the way, how we implemented sub-issues, and the benefits of being able to use sub-issues to build itself.
  • 🚢 Users can now choose whether merging linked pull requests automatically closes the issue - For many teams, merging a PR doesn’t mean the work is done. There might be QA, validation, or follow-up steps before an issue is truly resolved. With this new repository setting, you can choose whether merging a pull request should automatically close its linked issues.
  • 🚢 Evolving GitHub Issues and Projects - We’re thrilled to announce the general availability of sub-issues, issue types, advanced search, and increased item limits in GitHub Projects. Check out this post to see all of the recent updates to GitHub Issues and Projects.
  • 🚢 GitHub Issues: Dashboard updates - You’ll now see an updated Issues dashboard page at github.com/issues, allowing you to easily find and create issues across repositories and organizations. This page can be accessed through the global navigation menu under Issues.

Legend

That’s it for the May '25 edition of the enterprise roundup. Check back in to the GitHub Executive Insights at the beginning of next month to see the next round of key updates.

We want to hear from you! Did you find this curated list of updates from GitHub helpful? Do you have suggestions on how we can provide the information that is going to be the most useful and timely for your role? Visit the GitHub Community May ‘25 enterprise roundup - community · Discussion.

Tags