TOTP codes for 2FA are now single-use

During two-factor authentication and when entering sudo mode for sensitive actions on GitHub.com, TOTP codes could be successfully used multiple times within their validity window. To improve security, this reuse is no longer allowed on GitHub.com, and will be updated in GHES with version 3.10.

Systems that have attempted to script the login flow, across multiple parallel jobs, may break as a result of this change.

Learn more about two-factor authentication with TOTP.

Today we are announcing the general availability of our organization and enterprise-level security risk and coverage pages.

Additionally, the alert-centric pages for Dependabot, code scanning, and secret scanning are also now generally available at both the organization and enterprise levels.

The enterprise-level security overview page has been replaced by the risk and coverage pages as previously announced. The risk page is designed to help you assess security exposure, and the coverage view is intended to help you manage security feature enablement.

To access the new enterprise-level risk and coverage pages, follow these steps:

  1. Navigate to your profile photo in the top-right corner of GitHub.com.
  2. Click Your enterprises.
  3. From the list of enterprises, select the enterprise you wish to view.
  4. In the enterprise account sidebar, click on Code Security.

These improvements have shipped to GitHub.com and will be available in GitHub Enterprise Server 3.10.

Learn more about the new risk and coverage pages and send us your feedback

See more

With GitHub Copilot being used by over 20K organizations 🎉 and the increased momentum of our Chat functionality, we wanted to take this opportunity to highlight recent updates and ships.

GitHub Copilot Chat (Visual Studio Code)

Note: To get access to the new chat-based GitHub Copilot features, you’ll need to sign up for the GitHub Copilot chat waitlist.

The GitHub Copilot Chat extension graduated from Insiders into Stable with the release of Visual Studio Code v1.79. Highlights include:
– Improvements to editor chat, most notably we have changed its default mode to be “livePreview”. In this mode, changes are applied directly to the document and shown with an embedded diff view.
– When using Copilot in a notebook document, Copilot can use the notebook context to provide more relevant suggestions.
– When running notebook cells, Copilot provides suggestions for cell execution failures.
– When viewing a review thread, it is now possible to directly apply a review comment using Copilot.
– An experiment using chat to ask quick programming questions without leaving context.
– You can now delete a chat request/response pair by clicking the X icon in the chat request.
– Added the ability to move chat sessions back and forth between the sidebar and editor.

VSCode-Copilot-Chat

For previous updates, reference the Insiders April 2023 (v1.78) release notes.

To learn more about GitHub Copilot as well as tips and tricks and best practices, have a look at the VS Code YouTube channel. There you’ll find an introduction to GitHub Copilot, language-specific usage, and guidance on effective prompting when using Copilot for development.

Copilot with your debugger (Visual Studio)

Copilot Chat in Visual Studio helps you figure out how to fix issues when you’ve hit an exception. Just hit the link in the exception dialog to see an explanation of the exception together with likely causes and suggested code solutions to fix the problem inline. Copilot gathers the data about your exception, code, and variable values to help form an exact question and get you a great answer. Combine that with the power of features like Hot Reload, and you can test out the suggested change and be on your way much faster.

VS-Copilot-Debugger

Visual Studio’s IntelliSense list can now steer GitHub Copilot code completions

GitHub Copilot and Visual Studio’s built-in AI assistance features are now better together. With the latest release (version 1.84+), Copilot predictions are not only visible when IntelliSense is open, but your IntelliSense selection also steers the prediction offered by Copilot. This helps you explore and get just the code completion you want. It’s particularly helpful with the starred completions that Visual Studio’s built-in IntelliCode AI provides with member ranking in the IntelliSense list.

Code completion improvements

  • GitHub Copilot is now even more powerful and responsive for developers, thanks to a new model powered by GPT-3.5 Turbo through the collaboration across OpenAI, Azure AI, and GitHub that offers 13% latency improvements.
  • Code completion uses an 8k context window that improves suggestions and acceptance rates.

Bug fixes and improvements

  • Added the ability to export a CSV of all users for an org. From the seat management page, you can export a flat list of all your users – helping address a significant pain point for our admins who want to avoid scrolling through page after page and want better insight into who within a Team is using Copilot.
  • We updated the Copilot signup flow to make signing up for a GitHub account AND Copilot in one fluid experience easier.
  • France is our newest region serving Copilot code completion requests, improving latency for European customers. This is in addition to our existing Switzerland presence.
  • In Visual Studio, we added the ability to preview code insertions back into your code using the same grey text approach we use for code completions.
  • In Visual Studio, you can now delete chat requests
See more