The latest blogs from GitHub

Everyone’s talking about MCP these days when it comes to large language models (LLMs)—here’s what you need to know.

Security should be native to your workflow, not a painful separate process.

Learn how to identify which CVE Numbering Authority is responsible for the record, how to contact them, and what to include with your suggestion.

Starting today, security campaigns are generally available for all GitHub Advanced Security and GitHub Code Security customers—helping organizations take control of their security debt and manage risk by unlocking collaboration between developers and security teams.

In celebration of MSFT’s 50th anniversary, we’re rolling out Agent Mode with MCP support to all VS Code users. We are also announcing the new GitHub Copilot Pro+ plan w/ premium requests, the general availability of models from Anthropic, Google, and OpenAI, next edit suggestions for code completions & the Copilot code review agent.

What is CORS and how can a CORS misconfiguration lead to security issues? In this blog post, we’ll describe some common CORS issues as well as how you can find and fix them.

Every minute, GitHub blocks several secrets with push protection—but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect yourself from exposed secrets, including today’s launches of standalone Secret Protection, org-wide scanning, and better access for teams of all sizes.

Learn how to write effective prompts and troubleshoot results in this installment of our GitHub for Beginners series.

With these actions, you can keep your open source projects organized, minimize repetitive and manual tasks, and focus more on writing code.

Go beyond status updates and use these meetings to surface challenges, solve problems, and drive impact.

Discover the differences between agent mode and Copilot Edits with GitHub Copilot—and when to use them in your workflows.

A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.

A look into building IssueOps workflows on GitHub to do everything from CI/CD to handling approvals and more.

Get the most out of Copilot with code completion, inline chat, slash commands, Copilot code review, and more.

The open source Git project just released Git 2.49. Here is GitHub’s look at some of the most interesting features and changes introduced since last time.

Strategies to quickly get up to speed, whether you’re a seasoned engineer or a newcomer to the field.

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabilities that rely on a parser differential were uncovered.

In February, we experienced two incidents that resulted in degraded performance across GitHub services.