all right I think we're all ready to get started Um so welcome everyone to our quarterly roadmap webinar Uh if you've been here before then you'll know me My name is Walker Shabbo I'm a senior product marketing manager here at GitHub and I run our quarterly roadmap webinar program A few housekeeping items at the very top of this session First off obviously this is a roadmap session We are sharing with you brand new things brand new exciting announcements um things that are coming up But that also means some of these things are subject to change So just know that everything you see here is ultimately subject to change We run these on a quarterly basis Um meaning that if you are here that is awesome If it's your first time second time third time great But just know we'll do these every quarter If you're here you're already on the list so you'll continue to get the invite for these in the future I am beyond thrilled today to have a very very special guest here Mario Rodriguez Mario is our chief product officer here at GitHub His core identity is being a learner and his passion is creating developer tools So much so that he spent the last 20 years living that mission in leadership roles across Microsoft and GitHub Mario most recently oversaw GitHub's AI strategy and the GitHub copilot product line launching and growing co-pilot across thousands of organizations and millions of users Mario spends his time outside of GitHub with his wife and two daughters He also co-chairs and founded a charter school in an effort to progress education in rural regions of the United States Mario will join the stage shortly Keep in mind folks we have a Q&A at the end of the session so if you have questions make sure to drop them in the Q&A tab next to chat And without further ado I give you Mario Perfect Um so hello everyone again My name is Mario Rodriguez and I am GitHub CPO Uh I've been in the company for six years and doing tools for software developers forward 20 years like Walker said Um as you know our mission at GitHub is to accelerate human progress through developer collaboration And that's what I get to do daily And so giving you all the best tools in the planet to change the world is something that really inspires me and gets me out of bed every single day With that um before I talk about our newest features and upcoming road map I wanted to remind you that GitHub makes our investments based on developer experience Every day I think about what a developer needs to do to go from idea to production And you hire a co-pilot to help you with that you know to help you with sense making to help you with writing code to help you with debugging an issue to help you with code modernization as well And GitHub and Kilo need to excel at that So experiences is at the core and developer experiences is at the core of GitHub So we think about these connected experiences as an infinity loop um over the whole SDLC and lately as you know agents are key to unlocking new productivity gains in these experiences and for me at least that's what AI native is all about It's about innovation in HCI or human interaction interfaces is about enabling new collaboration groups not only between humans but between humans and agents and the human is always at the center right um directing an agentic world kind of completing both synchronous and asynchronous task overall and that's how we're going to go and increase productivity that's how we're going to go and in my opinion increase innovation and by doing all of those things and if you probably have heard Sia said this before we also hope to increase the world's GDP and continue to provide opportunities to everyone So then that gets us to the next step right which is value Like we do this not only for technologies sake we do this for value and value to our customers That means look we all have this more or less infinite backlogs I was speaking to the product team today about strategy and about kind of our next set of priorities starting in April for the quarter and I told them all of our areas have infinite backlogs So when I think about that it's mainly about priorization but we want to move faster through them too right every time we have an idea we want to see if we could actually put that in the hands of customers And the same for you Every time you have an idea you want to get that into the h into the hand of your customers as quickly as possible Now if we do that uh and some people are you know live coding a lot nowadays you still have to have quality though So that's why we really care about you know having higher quality ink code um and maintainable code something that we could go in and continue to iterate on And of course we have to make it secure by default Like security has to be at the center of everything we do as well Um and then because it's GitHub we want to give you an enterprisegrade platform that prioritizes governance and compliance as a differentiator as well So if we continue then when you think about moving faster there's probably something you've noticed and I usually call it momentum is our oxygen but we ship weekly improvements to Copilot We ship weekly improvements to the platform as well And you could see some of these over the last few months You know back in GitHub Universe we did a big announcement and said you know we're gonna go and expand our model portfolio and we're going to support Sonnet We're going to support Gemini models Um overall we went and invested in edits and then we followed that up with in VS Code Insiders Right now we have a gent mode and we continue to invest in code review and many other experiences as well So now with that foundation I do wanted to tell you a little bit about how do I see things evolving towards in the future and one of the most exciting advancements in my opinion is of course our agentic experiences Now agents get defined in a lot of places uh and and there's probably not one definition to rule them all but I like one that um happened a while ago and and I'll put it more actually for us in so as software engineers or a software engineer agent and for me a software engineer agent is kind of an AI system that augments software engineers by automating coding testing debugging and documentation tasks Now of course you want to do that You want that augmentation but you also at times want to kind of rubber duck and and brainstorm with this agent as well So it's also there to provide guidance on architecture It's also there to provide guidance on performance It's also there to actually walk you through a set of best practices And because it can be offered in both synchronous and asynchronous mode then you could think of it as serving as a pair programmer and then also as a pure programmer Um you know handling a lot of routine work while you focus on creative problem solving right like if you think about us as humans what we have go 500,000 years ago a million years ago none of the world as you see it today existed it there was no blueprint to create this and what we experience today but it all get got created by us humanity and we did that through creativity so I like that's the thing that inspires me sometimes we get bugged down in a lot of toil and other things and we cannot actually spend the majority of the day on that creative endeavor uh I me personally I wish I could even spend more and more of my time on that and I think in this new world of agents it gives us a possibility to do that as Well now of course we have to meet people where they are right so if you think about it there's a lot of entry points to this agentic experiences Um so you could do it from an issue you could do it from a pull request you could do it in a conversation you could do it kind of from a free text field as well and of course in your favorite IDE or editor uh like VS Code IntelliJ or um Visual Studio uh and recently actually we did Xcode as well So we're an Eclipse So we're more or less growing that surface overall So now once you go from that entry point then you could go in and kind of work with it synchronously like I was telling you before and that's what we call agent mode in VS Code Um so what I wanted to do right now is to actually play one of those videos and show it to you And this is currently in insiders at the moment So let me go and hit play Copilot agent mode is the next evolution in AI assisted coding In agent mode copilot gathers context across your entire codebase suggests and tests changes and validates its work for your approval so you can make comprehensive updates with speed and accuracy To use it open the copilot edits view and select agent from the mode dropdown From there choose your AI model and then enter your prompt Copilot iterates over the following steps when you make a request First it determines the relevant context it needs and the files it will autonomously edit Then it offers both code changes and terminal commands to complete the task and it monitors the correctness of edits and terminal outputs Then it iterates to remediate any issues Copilot agent mode can create apps from scratch perform refactorings across multiple files write and run tests and migrate legacy code to modern frameworks It can automatically generate docs integrate libraries or answer questions about a complex codebase Agent mode can orchestrate your inner development flow all while keeping you in control So you got to see there kind of the glimpse on the future right we started all of this back in 2021 before uh SH GBT and all that um craziness happening right in 2021 we introduced code completion Now as you can see in code completion you have to go and open a file You have to go and wait for the for the the actual ghost text that we end up providing to you And but now in the era of Agentic you could just start programming through natural language and then kind of our agent goes in finds all the relevant fires edits them for you can monitor to try to see if the actual build passed If it didn't go ahead and fix it You can see how that increase in productivity starts to happen overall So really excited about this If you haven't been able to play with it in insiders please go ahead and download it and play with it as well Copilot The next set of things in my opinion is okay how do we envision this in an async manner and we recently started talking about a project called project pad one for those of you that get that reference where now I could just go and say copilot get this issue and go and fix it And that's the beginning of what we're calling the asynchronous experiences in this new agentic world So what I wanted to do is also play um a video that kind of starts showing you some some of how this will play out uh in the future So let's play that one Agents are a type of AIdriven automated system designed to assist software engineers They can perform various development tasks like generating refactoring and reviewing code I want to share a first look at project padawan our autonomous suite agent It allows you to directly assign issues to GitHub copilot and have it produce fully tested pull requests to resolve that issue Once a task is finished it will assign humans to the pull request and work with them to resolve the feedback they add Here's an issue that might otherwise stay on our backlog for quite some time Let's assign it to copilot Using the information of the issue and its knowledge of our entire codebase Copilot gets to work spinning up a draft pull request and linking it to the issue If we open the pull request we can see its implementation plan so we know how it's planning to resolve the issue As Copilot continues working on the task it keeps updating the PR description and pushes incremental commits so we can follow along with its progress A few minutes later it's finished C-Pilot updates the PR description with the summary of the changes that it has made Copilot has also marked the PR as ready for review by a human If we look at the changes we can see it has resolved the issue even following conventions in our repository like coding style It has not only written new tests but it runs them and ensured that they passed Just like I would with any code review I can request additional changes or provide more information Copilot will respond to my comments and continue working on the issue until I'm happy If I wanted to I could make my own changes to the pull request so I'm always in control But this looks good to me So let's merge the PR and close out the issue That's project Pawan going from an issue to fully implemented and tested code all with GitHub Copilot That was great So now you're able to see it both synchronously in my ID and editor and at asynchronous deeply integrated into github.com Now su agents are a type of AI there's more than that because um just recently in fact as early as yesterday we ended up releasing our compiler code review on it So you could get feedback right in the pull request as well So you've been coding all day and now you just want an extra pair of eyes and you want that quickly you could assign just co-pilot in to the pull request and you'll get an expert reviewer with you by there So with that here's kind of what a road map looks like So we're working on more than just agents Uh we're making substantial investments in AI as you saw But a few things that I wanted to highlight here The first one is metrics uh we shipped the copilot metrics API last year and continue to focus on bringing productivity gains going forward Now what that ends up meaning is that you want to understand more how is someone using copilot how are they advancing their usage and now we're going to provide you that on a native dashboard and a brand new set of APIs that can get individual metrics as well Also as I um talked about previously too in ids and editors we want to make coval ubiquitous throughout the entirety of that SDLC and that means it has to be everywhere you expect it to be So if you want it to be in Jet Brains we got your back with that We got Eclipse we got Xcode we got Visual Studio we got uh Visual Studio Code we have it also in our mobile um in so you could end up using it on the go as well So that that's I mean at the end even if you need it on a TV like we're going to put it in there So as a developer we just want it to be ubiquitous and you could see some of the road map items over here where we're caching up on the functionality across all of these surfaces The other item that I wanted to highlight is models uh since universe we shipped more and more models um into GitHub models across the industry to both shad and complete like we said 3.5 3.7 um open AAI 01 and 03 and Gemini too we'll continue to get these two GA in the com in in the coming quarter and then we're going to continue to add and not only that and also in the GitHub models product we're going to continue to actually broaden that portfolio too and kind of merge these experiences a a little bit more Now we also think of our platform as end to end AI and AI powered experiences So we ship custom instructions vision support and enhancements across several of the landing pages as well So please give it a try We're also working right now on an MCP ser uh on an MCP server a local MCP server in VS Code and we hope to actually give you a glimpse of that very very very soon So let's continue So the other items that when we think about that code completion experience that we wanted to really make sure that we're investing in and continue to get better it's how fast you're getting a completion and how fast you could actually move through them too So next edit suggestions is that uh where we're anticipating what are the next set of changes So it's not right below the cursor line but some other place in the file too Um and we did that we gave you a preview of it this last quarter So next quarter we'll get that into GA as well We're also working on faster and a better completion model So did an announcement of uh what we're calling GPT 40 co-pilot So it's a brand new model that we have fine-tuned both in mid-training and RL as well where we're kind of increasing the quality of those completions overall and we're also investing a lot on performance so that you could get that within 100 milliseconds and like I said before we have shot for jet brains for Xcode um and for Eclipse all coming in G soon on the data and metrics one of The key things that I wanted to highlight is this user engagement Um we are right now thinking and these are for us fiscal years So when we say Q1 2025 um um when I'm sorry when when we say Q1 2025 is this this quarter and Q2 for us uh is next quarter But consume like we want to give you the ability to actually previsualize a lot of these things Um and my hope is that next quarter we'll show you like a live demo of what we mean by that But we're going to get data snapshots together with a native dashboard together with user engagements that allow you to really understand the usage across your organization and enterprise And not only that for me specifically what I'm really looking forward to is even personal metrics So if I'm a developer I could go in and try to understand how I'm using Copilo and how could I how it could get better overall So switching things now this is our quality and security Um and like I told you before it's not good enough if we're just increasing the the um increasing the actual productivity gains but it is really important that we're doing this with code quality and security at default right and one of the key things in my opinion for that is that we need to evolve the industry We need to evolve it from just detection to detection and remediation So what what do I mean by that well traditional security detection methods are mainly about okay let me go in scan items and then let let me figure out how to actually give you that information But what we have found out is that that is not enough A lot of those things that end up getting found do not get them end up getting fixed And what we want to do is we want found to mean fix So we have invested a lot in what is called copilot auto fix So like that with GitHub advanced security you're able to kind of move from found to found means fix The second thing in our security and quality is faster path to value overall So our you know traditionally security products take you a long time to go in and deploy throughout your enterprise or through your organization And we want to make it really really quick to get that value So with buildless scanning as an example we're able to go in and find security vulnerabilities with without you having to add it with actions and other products And then not only that with secret protection and what we're doing in that space we're able to very quickly give you a glimpse into what we have found prior to you committing completely to the product and then start helping you remediate it as well So that's kind of a little bit of what we're doing right now Now one of the key things that I do want to spend time is that we are separating our GitHub advanced security skew and we're separated into two products We're going to do a secret uh protection product and then a code one Um and as you could see now this gives you a little bit more mobility into what you could deploy at what time depending on your budget or depending on a specific um I would say contracts that you have had with other providers as well So I'm really excited about this because this now makes it very much possible to go in and try many of these tools and then kind of deploy them at scale in your enterprise and in your organization So with that I want to go and do two videos so you could get a taste of what these products are about Developers use secrets every single day Whether using a key to access a third party API or a token to verify an identity Secrets are supposed to prevent unauthorized access But what happens when we mistakenly expose them you might think that if it's in a private repository it can't be that bad But what happens if an attacker can get access to a user's account or their laptop which has the secrets in code what happens if you make the repository public forgetting to clean up secrets from the repository attackers rely on these cascading events which shows why it's critical to protect secrets A single exposed credential can be exploited in seconds in a public leak and can lead to a comprehensive breach potentially costing millions and causing significant reputational damage Unfortunately it's not as simple as removing the secrets from the repository A secret must be rotated as it remains in history In other words once code containing a secret is pushed it should be considered leaked The most successful enterprises take a proactive and reactive approach to managing their exposures GitHub can help you with both First our proactive approach is as easy as a few clicks Push protection prevents you from accidentally committing secrets to a repository by blocking pushes containing supported secrets If you believe it's safe to allow the secrets you have the option to bypass the block Otherwise you must remove the secret from the commit before pushing again And with push protection delegated bypass you can control who has the authority to review and approve the pushes that contain detected secrets But what about secrets that already exist in the codebase or have been allowed through push protection these can be managed with secret scanning alerts Through our security overview dashboards we can triage our open alerts And from here we can review alert metadata like validity checks letting us know if a secret is still active And the alert will let you know if a secret has been leaked publicly on GitHub even if you don't own the repository with the public leak tag Now with secret protection you can build upon GitHub's direct partnership with over 150 secret providers GitHub works directly with these providers behind the scenes to secure their token format making it simple for secret protection to detect and ensure low false positive rates This helps you mitigate risks with high levels of accuracy Secret protection also builds upon GitHub's industryleading AI expertise with co-pilot secret scanning and detecting elusive secrets that don't follow a standard pattern like passwords And finally you can create your own custom patterns in secret protection to identify secrets that are important to you So why wait reduce the risk of secret exposure and put your reactive and proactive strategy in place in seconds with GitHub secret protection That was the first one Hopefully you get a glimpse about secret protection and the functionality in there And again it's always to keep you safe and your core developers use secrets every single day Whether you now let's go into secret scanning Um overall code security scanning tools help us identify vulnerabilities in our code But to remediate issues we must triage alerts review the relevant documentation and propose a fix taking up precious development time That was until Code Scanning Autofix Autofix improves the experience by using AI to provide a code suggestion and explanation directly in the pull request The developer remains in control being able to make edits using GitHub code spaces or their local machine accept the original suggestion or dismiss it entirely With AutoFix code security alerts transition from being found to being fixed [Music] code and that was out of effects Like that's one of my favorite features um overall in the code scanning product again because I think what we're really doing there is evolving the industry from just finding security vulnerabilities into actually fixing them And you know it all starts with you know you have a draft PR or a PR We go ahead run the build From there we kind of assess if it actually has a secure vulnerability We find the secure vulnerability We go ahead and generate a fix for you We run some tests and then you'll get a PR that is ready to actually change and commit as well Now this really goes into like it gets taken to the next level in my opinion when you combine it with security campaigns and our security campaigns is a way to manage vulnerabilities at scale and that will be available soon in GA as well as we cover in the road map slide So what this allows me to do now I could go and say okay I have all of these debt let me go in and create a campaign to go from let's say a hundred of them to zero and then let me go and try to see how many of them can compiler out of fix go ahead and remediate and give me a PR4 So this lets you kind of go over those thousands of vulnerabilities one step at a time and get them kind of to zero as quickly as possible Now last but not least you know we also made continued investments across our platform you know heavy heavy improvements in governance and compliance uh along with advancements in actions and migrations So when it comes to governing your data um we introduced our data residence story So before GitHub was mainly available especially our GitHub enterprise product was mainly available in the US and we know we have a lot of reg a lot of our customers have regulations that they have to meet in their own regions So we introduced GitHub enterprise cloud in EU uh and then we follow that up with Australia and at the moment we're working one in the US as well So within the US one we also have published our commitment to be feder moderate u with GitHub enterprise cloud and we're working very hard with our partners to enable that Now on imbutable actions that gives us a way to boost supply chain security um overall by being able to make sure that you could attest hey this got done this way and here's an immutable package that it's represents it So like that people cannot just be changing an action from underneath you and be able to uh compromise your build machine Now we're also working a lot on governing your repos as well We're investing in scaling in having the most scalable and flexible policy system out there So if you have play with it now you have the ability to create repo metadata and within those repo metadata then be able to have rule sets that look into it and then enforcement And we've been working on getting that not only at the organization level but also in the enterprise level too So you could kind of have one pane of class across all of your organizations We'll follow that up with what we call governing your applications right um and for that authentication authorization it's key So what we started to do is the ability to have an app that at the enterprise level that allows you to extend roles and permissions and teams and be able to make sure that you could install safely all of the functionality that you need in each one of your organizations And then of course we're giving you API insights insights and new actions usage reports as well for you to understand and optimize the workflows Now a cute slide that actually has this um is this one Um so you can see there all of our governing our data and the investments that we have made governing your users and the investments on enterprise roles and teams and fine grain permissions and then of course governing your usage So governance at scale is key to us So what I want to do next is to play a video that kind of walks through that as well Governance is an important topic for many companies so they can ensure their code meets certain standards This is why we've been investing in rule sets such as repository branch rule sets repository tag rule sets and repository push rule sets But we know that it's not just about the code and you'll want to govern the repositories themselves as well like how they're named or preventing accidental operations like visibility changes and deletions That's why we're introducing enterprise repository policies a way for you to manage the configuration of your repositories at the enterprise level If you've used branch or put rule sets then the experience will feel familiar You can set the enforcement status to active or disabled Set certain roles or teams as exempt from the policy Then you can target the policy across your organizations and across your repositories But more on that in a moment Then you can configure your rule set to restrict visibility creations deletions transfers and even naming allowing you to more effectively govern your repositories at scale across your enterprise For example here you can see we have an existing rule applied to the Octac Academy organization When we navigate over to one of the repositories in the Oct Academy organization you'll see that we're now unable to delete that repository due to the policy You also have flexibility in how you target those policies If you're familiar with branch rule sets and repository rule sets you'll know that you can target repositories based on their properties So I'm pleased to share that we've also brought repository properties at the enterprise account level So now you can define repository properties which will be available across all organizations in your enterprise account And when you navigate to repository properties at your organization level view your organization admins will see that certain properties have been configured at the enterprise level And as you would expect required properties can be set when a new repository is created providing you with the opportunity to keep repository properties well-maintained from the point of creation Want to learn more check out more details at gh.io/enterprise-governance So that gives you a view into enterprise roles permissions apps and teams as well Um so what we want to do is streamlab administrative control at the end Now one of the key things too that we want to continue to do is make sure that we're advancing what I call our core collaboration features So we've been hard at work on issues and projects to make sure that we involve them for you to use them So one of the key things in there is the ability to have sub issues We haven't had that ever in the platform and we recently released it So now you have hierarchical structure You also have now the ability to have custom issue types So if you want to have an initiative with an epic as a sub issue now you're able to do that If you want have classification like bugs feature or a customer request now you're able to do that too And then of course advanced search capabilities as well And we have increased our projects GitHub projects now allows you to have up to 50,000 items in it And this is kind of to support our largest of enterprises too Now these enhancements make it easier to organize your work and visualize progress clearly um but also manage these large complex projects that were not possible before and provide you a powerful transition for teams moving from other platforms like Azure boards as an example into us Now we also did I I didn't include it in here improvements into um our repository pages our insights pages and also into pull requests by offering a new merch box on it So if you haven't seen those please play with it and we will continue this set of advancements going forward in our road map as well Now with that what I want to go and transition to it's Q&A Uh it's kind of my favorite part of it Um I want to do this mainly to hear from you and then to also be able to answer uh questions and give you a glimpse into what is coming So thank you And Walker we could transition Yeah Awesome Uh I think Mario if you stop sharing your screen we'll be able to see both of us but that's also fine if we want to go back and forth too Um so starting off our first question comes in from Sam who asked "Is it possible to trigger project Padawan outside of the issue flow?" Yeah that's a great question and the answer to that is yes it will be possible to do that Uh you could envision to have many of these things happening in parallel while you are coding a feature And so yes that is on our road map and I am hopefully I'll come back maybe next quarter and give you a demo of it Would love that Very very exciting to see Um our next question comes from Nathan who asks "Will a SU agent be able to work within the bounds of GitHub action checks slashmerge requirements while creating PRs?" Yes Um although in this case it automatically does it because it opens a PR and by opening a PR that's just the artifact that we have in GitHub So you get all the other things for free So really there's nothing really happening there that is magical Now the interesting thing in my opinion is okay you could imagine a world where we have these graphs and and this world I'm saying you could imagine kind of is the thing that we're working right now and creating Um so that you have this code graph this work graph this people graph and this app graph together with those compliance items and those governance items and that paradan or that sweet agent is constantly then communicating with them and getting that as its set of best practices as it says of things that it needs to do So um one of the cool things I think coming into the future is well as is going um creating that code can it just do a light CI check as an example and get you know feedback right away on doing that So I think there's a lot of innovation that we could be doing in this space to get you know shorten time to value of uh working with a su agent and I'm really excited about what the team is cooking there Awesome Our next question is from Luke who asks "Is support for custom MCP servers in Copilot being worked on?" Yes And this is the the place where we actually going to so if you go to VS Code Insiders um and you're going to be able to actually start playing a little bit with MCP and uh what I will tell you is um very very soon we'll have more and more announcements on that Awesome Awesome Our next question is from Michael who asks "When can we expect to use other models for code completion?" Oo that's an interesting question Um maybe you could put a clarifying one Right now we're rolling out the new one GPT40 copilot and we don't have any other plans to offer another model for the code completion model By the way it needs to be a very very fast model there's not you know you cannot just go and say go and use 03 mini or those type of things it will not create it will not create a great experience for that now in agent mode that's completely different right like that's when you could use sonet 3.7 3.5 for the 03 mini high like all of those type of models but for code completion it really requires a significant amount of investment to make it really fast because as you are programming and developing you don't want to be waiting seconds to do that we want you know very like I would say less than 150 milliseconds of latency for it So we don't have any plans to support more than what we have at the moment Um now we'll go and make the one that we have better and better As an example the previous one was 3.5 turbo GBT 3.5 Turbo and this one is based on 40 mini All right our next question is from Richard who asks "According to GitHub Copilot it was last trained October 2023 When will you update it so it knows about the latest greatest frameworks and tool versions?" Yes Um so don't get what I would say is this one is always tricky because I get asked customer as well um we published what model it is and if if you know already that I said that it's based on faro that's not 2023 that was very recent uh as well and if you go to sonnet and some of the other models that we have that's very recent as well unfortunately sometimes when you ask the model the model will reply to you with a set of dates uh and you know we don't have any what we call a special instruction that tells it specifically what it So in this case it's not really giving you the latest date Um you could try this actually in other places opening if you go to shadupt and ask it sometimes it's going to give you also a 2023 date as well U but just rest assure we are upgrading these models constantly and they are on the latest um overall All right next question comes from Kumar Do you have any plans to extend the autofix feature to address the vulnerabilities in the open-source code and libraries in parentheses code that is not generated by copilot or developers yes that's a great question So thank you for that And one of the things when you think about GitHub as the home of developers and the home of open source one of the key things that we try to do constantly is being able to give maintainers the best tools available in the market right and we don't we give it to them for free and in this case they could utilize many of our security features for free as well and we have done that Um you know we do this for actions as an example We give Mac runners and armed runners to our open source community We give security and our security capabilities to our open source community as well Um and we have also security lab that goes in and tries to find and partner with these maintainers to remediate many of these items So it's a long way of saying we already are doing that If there is maybe what we could do later is post a little bit more um a set of URLs So you can actually learn more about it But our opensource community already has access to these tools free of charge and can start using them overall Now clearly we don't go and say you have to use them but we make them available to them Same thing for cop for copilot is we make it available to open source maintainers um if you meet a set of requirements for free too All right Our next question comes from Aaron Is push protection an exclusive feature of GitHub advanced security or is it available within GitHub enterprise yes Uh push protection is available in GitHub enterprise if I understand that question right Uh is that our secret push protection it combined with it you know becomes really magical Uh now clearly uh the way that you do push protection overall is based on a set of rules and you want to do that very very fast So like if you're going to be calling on push protection like an external API and doing all of these things is it's usually doesn't work very well So um because we're giving you an integrated product we're able then to do it this way So we're we're really happy about what what we're offering to our customers there All right Our next question is from Jay who asks are there any improvements to actions to secure and validate thirdparty actions are they so uh say it again are there any improvements to actions to secure and validate third-party actions so we have this concept of immutable actions that I talked about I would say that's probably the closest We do not have right now you know a thing where we go in and say verify checks on actions and all of those type of things And um and and have a team that goes and continuously scans that you know we're letting the open source community just like any you could go to any repo in GitHub and then now clearly if we detect malware and things like that we do take care of that very quickly But we don't have a thing that says hey this one is good this one is bad we don't police actions that way But I would say mutable actions is probably the best that we have for protection on that Our next question is from Toby who asks "With co-pilot making changes to the PR is there a way to trigger existing API tests to ensure that the changes suggested actually work and do not cause other bugs?" Yeah that's a good question as well Thank you for that Yeah we want to make that better Today when you do get some of these suggestions you're going to have to then go in and either do it locally and try to see if it builds or or not We want to start making that extremely seamless So we could run already another CI build and say "Yes this actually does have the confidence." So a sneak peek of what we're doing in there is kind of giving you a confidence score You sometimes see that from the Pendabot as an example So we're going to work more and more on those items but we want to give you the utmost confidence on it and um and be able to get you to accept that request or or that suggestion very very quickly But great question All right our next question is from Jason who asks "Are there plans to have finer grained repo level controls we would like to have a repo role for a user to manage secrets without giving all admin rights Got it Um thanks for that I'm not So we do already have fine grain controls at the repo level I think the question here is maybe we're missing one of those fine grain permissions which is the management of it So I think this is great feedback I'll take I have a pen I always come with a pen and a notebook So I'll take it for the team uh and try to see where where that is in the road map If if someone else knows that and it's already there then um they could reply but it seems like we're missing one of them So thank you for that feedback Awesome All right our next question is from Eduardo who asks "Will it ever be possible to integrate Copilot into actions?" Um so today we already have the ability to have some of that integration So for example if a build fails you're able to go in with co-pilot and say "Hey can you address this?" And we're giving you ways to understand why that build failure happens and how to remediate it I I I think we going to go and do more and more of these type of things We're as we invest in this agentic layer that is with you and creation tools and collaboration tools in that app layer We want to just make that be completely seamless and super proactive So again that's more into this kind of what is coming So we're starting with it right now but more is coming as we prepare this agentic future All right Our next question comes from Adam and he asks "Can we clarify the Padawan plans which I believe he's talking about the launch plans." Yeah So I'm not going to leak anything It's coming and we got a little bit of a sneak peek and we're very much hard at work on it Awesome Uh our next question comes from Jason who asks "Enterprise administration question Why is the default behavior for preview or new GA features to be enabled by default if no policy has been set recently I found out long after the fact that users were leveraging preview features that did not align with our current policy I had to apply a policy for said features to disable them until policy is reviewed and a decision is made default closed on preview or new GA features would be a more enterpriseminded direction especially with AI and intellectual property etc That was a long one So let me know if you need to repeat Again thanks for the feedback You know we as as a rule from us we try to default all of those to off Um so it might have been that we missed the mark with one of them being on There's a setting for example in compiler that you can say hey I'm going to enable all preview features So anything that comes in gets enabled by default uh over all And now if you have that off anything coming in new should also be disabled by default But you thanks for the feedback It seems like we probably missed one of them But I think directionally we align we do not want to have many of these things enabled by default at all We want to give you the choice to be able to do it So maybe there was a bug between what an enterprise had said and an organization or something like that And and know I'll I I took the note as well and we'll we'll try to see how we could improve All right next question is from Nate Are there plans to easily pull in context from existing team documentation for example SharePoint yes Um I would say there's like three ways to think about that one in my opinion Number one is you there's always an ability to write an extension that does that with Copilot and be able to integrate it I think with the new advancements of MCP of the model context protocol you should probably expect that there will be further integration there And then the third thing that I would say is we are working more and partnering more with the Microsoft team on just seamless integration between the Microsoft 365 copilot fabric and all those items and uh the GitHub copilot So you should expect that to get better and better as the you know as the months progress over here So that's what I would say like we we know of some of the gaps and we're trying to go and close them but yes at the end you should be able to seamlessly get that context Okay next question Will or is Copilot able to solve or support PR conflicts pr conflicts if uh that's interesting I don't think we have a button today that just let's just say boom go and and resolve it and or at least I have not actually seen it overall and but definitely there's nothing saying that once you get in that state that you're going to have a conversation with copilot and have them help you um overall and so like I know how I personally have used that and but maybe we should make it a lot more a lot easier to just go in with one click can say we solve this conflict for me and specifically when it comes to hard diff merges overall So you have to take one more step today to do it like and so um maybe with MCP and some tools that will make it really seamless Great Sort of in the same vein we have a question from Arya who asks is there a plan to have co-pilot as PR approver in the future besides the code review right now uh I would say the next quarter we do not have that plan right now We want them giving you a lot of guidance Um we don't want to give them that power at this second But yes in the future as you think that that agentic layer will continue to get better at better uh from a quality perspective then I would anticipate that people will want to do that Now there's not to say that there are rules that you could set and this is what we're looking at So imagine just one line change on a JSON file or something like that and you know that's very low probability of causing any issues If Copalio would review that and give it a thumbs up can it just go ahead and merge it too or automatically merge it so we'll we'll take a look at some of those things where which is like hey let's make sure that on very low probability of failure can we allow Kalo to do it but at the this moment we don't have big plans to have it you know go end to end uh without your permission Awesome All right and we have time for one more Our last question comes from Jeremy who asks "Will Copilot ever be accessible within JupyterHub chat edits agents in parenthesis or any Jupiter platforms?" Thanks Um yeah we want to make a value So we'll continue to go and evaluate where the places that we need to do that I know in VS Code just recently by the way we improve a lot the notebook support with Copilot So I'm really proud of that you know we're going to make 3.5 and 3.7 models GA here shortly And after we get a lot of those things done we're going to turn our attention again to okay where are the other these other places that we need to have copilot uh be in Uh by the way I noticed in the chat to someone asking about uh GitHub platform support for Dora metrics So I just want to answer that one really quick Um so we are going to have an opinion from GitHub on how to think about productivity overall It is mainly based on space So think about it as a fail as a flavor of space uh not necessarily just Dora but we are partnering with the Dora creators as well on this and we'll continue to do that especially in the era of AI to try to see how we advance many of these metrics but there will be something coming from us next quarter on an opinion on productivity productivity metrics and then also just like engineering system health in our opinion more than anything else So that will be something u that you should expect from us too Awesome Well really really really appreciate having you here Mario Thank you so much for joining us Folks if you joined us late this recording will be shared with everyone We also do host the latest webinar on our website on a landing page So if you weren't signed up or have friends who are interested you can always point them there And we will see you next quarter Bye everyone Thank you