September ‘25 enterprise roundup

September 4, 2025 // 18 min read

image

In case you missed it…

Published via GitHub Executive Insights | Authored by Dave Burnison

The September ‘25 GitHub Enterprise Roundup is a must-read for any software developer or engineering leader navigating the rapidly evolving landscape of AI-powered development, security, and platform governance. We have curated the most impactful updates, best practices, and strategic insights from GitHub’s own engineering playbook, blog posts, changelogs, and community resources—each post and link is handpicked to help you and your teams ship faster, reduce toil, and unlock new levels of developer creativity.

We continue to look for additional resources that will enable you get the most out of GitHub and we have uncovered some new resources this month, e.g. Product Guides for GHAS, Copilot, & GHEC now live in the Support Portal, (see the GitHub Platform section to learn more).

We don't expect every person to read every word of this post. Skim through the topics that apply to how you and your teams use GitHub and dig into links that are the most relevant to you. Since some readers may skip over entire sections, you may see the same link appear in multiple sections such as a link that applies to both Code Security and CI/CD. Pass this Enterprise Roundup along to your colleagues or pass along specific links that will be beneficial to others.This Enterprise Roundup highlights topics relevant to how your teams use GitHub. We encourage you to skim the sections and dig into the links that are most relevant to you, we don't expect every person to read every section. Since some readers may skip entire sections, you might find the same link in multiple places, such as a link that applies to both Code Security and CI/CD. Please share this roundup, or specific links, with your colleagues.

Let’s dive in!

Contents at a Glance

  1. Analyst Reports
  2. Events
  3. Developer skills
  4. AI & ML – GitHub Copilot
  5. Security
  6. CI/CD
  7. GitHub platform
  8. Engineering
  9. Legend

Analyst Reports

📚 GitHub recognized as a Leader by IDC MarketScape for AI Coding and Software Engineering Technologies (Source: IDC.) - As the IDC MarketScape notes, “The platform is designed to assist throughout the entire software development life cycle, from planning and code generation to testing, documentation, and code review, providing contextualized assistance at every stage. This comprehensive approach empowers organizations to streamline workflows, maintain code quality, and accelerate delivery across even the most complex, multiplatform projects”. Discover how GitHub Copilot can help your team move faster, build smarter, and deliver with confidence at scale.

Events

While GitHub hosts our own marquee events like Universe and Galaxy each year, you will also find GitHub participating in other industry events. Here is the latest news about upcoming events.

  • 📅 GitHub Universe - Join us at GitHub Universe, happening October 28–29 at the historic Fort Mason in San Francisco. It’s our biggest event of the year—what we like to call the world’s fair of software—bringing together enterprise leaders and engineering experts shaping the future with AI. This year, we’re zeroing in on how companies like yours are:

    • Streamlining your CI/CD pipelines to improve developer velocity
    • Increasing visibility across your application
    • Implementing AI-native threat detection
    • Embedding security into the developer workflow

    You’ll hear from top industry voices, explore hands-on product demos, and connect with other enterprise leaders to learn how they’re driving innovation forward.

    New this year: Each general admission pass includes a GitHub certification exam, so your teams will have even more skills to bring back to your organization.

  • NOTE: September 17 is the last day for Early Bird tickets! Starting September 18, tickets will be full price at $1,499, so act now and save $400!

  • Checkout this recent blog post: 📢 Explore the best of GitHub Universe: 9 spaces built to spark creativity, connection, and joy.

  • The full session catalog, curated agendas, personalized agendas (*new*), and Explore page (*new*) are now available at https://githubuniverse.com

  • 📅 Check out the complete upcoming conference schedule and upcoming webinar schedule.

Developer Skills

General developer expertise based on our own experience and the collective experience of our customers and partners. It's time to start diving into how AI is going to work along side of you to make you a better, more productive developer not, replace you. Check out the new posts 📢, documentation 📄, and articles 📚 to see how AI can make you an awesome developer and guidance for how large enterprises should approach adopting AI.

  • 📢 & 🎧 Rediscovering joy in learning: Jason Lengstorf on the state of development - In a fast-moving industry where panic-learning is the norm, Jason Lengstorf offers a refreshing perspective: joy and curiosity—not fear—are the keys to sustainable growth and innovation. This conversation explores how AI, open source, and developer education are converging to reshape the future of software—and why embracing fun might be your most strategic move yet. If you're leading teams or building systems, this is a must-read for staying ahead without burning out.
  • 📢 Junior developers aren’t obsolete: Here’s how to thrive in the age of AI - Far from being replaced, junior engineers can become your secret weapon by mastering prompt engineering, AI-aided debugging, and domain-specific model fine-tuning. This post offers actionable strategies and career-planning advice to help early-career talent level up rapidly alongside rising AI adoption. Development leads will find concrete recommendations for mentorship programs that integrate AI tools to upskill their junior cohorts.

AI & ML - GitHub Copilot

This section provides a comprehensive overview of recent advancements and feature updates for GitHub Copilot, with a particular focus on agent mode and the coding agent. Key updates include new tools for automating code reviews and testing, expanded support for custom instructions and repository management, and the introduction of several advanced AI models like GPT-5. Additionally, we see the strategic importance of MCP servers for secure, context-rich integrations. There are also practical guides and webinars for maximizing productivity, governance, and collaboration in AI-driven software development.

  • NOTE: Key capabilities that are still in Preview as of 2025-08-01 are: GitHub Copilot coding agent, Copilot Spaces, Upgrade assistant for Java in VS Code, Code feedback in VS Code. To quickly see which GitHub Copilot capabilities are in Preview, go to GitHub Copilot · Your AI pair programmer, Click on "For Business" and scroll down to see a complete list of features. This list highlights which features are Preview.

Rolling out GitHub Copilot across the Enterprise

  • 📚 How to lead a GitHub Copilot rollout that removes blockers and delivers real impact - Unlocking the full value of GitHub Copilot requires more than just a license—it demands a strategic rollout that aligns access, governance, and enablement across your organization. This post offers a practical blueprint for driving adoption, removing deployment blockers, and maximizing ROI through AI-powered development. If you're serious about accelerating delivery and developer satisfaction, this is essential reading.
  • 📚 Playbook series: Activating your internal AI champions - To successfully scale AI adoption across your engineering organization, you need more than just tools—you need trusted internal advocates. This article outlines how to identify, empower, and support AI champions who can drive cultural change, accelerate adoption, and unlock real business value.

GitHub Copilot coding agent and Agent Mode

  • 📺 Demo: end-to-end agentic development with GitHub Copilot (5:19) - Unlock the full potential of GitHub Copilot by seeing how Copilot Agent Mode can automate everything from environment setup to code generation, testing, and self-healing bug fixes—dramatically accelerating developer productivity and backlog management. Discover how leveraging instruction files and Copilot’s integrated workflows ensures your team’s code meets global standards, streamlines collaboration, and keeps projects moving forward with minimal manual intervention. If you want to lead teams that deliver faster, smarter, and with fewer headaches, this walkthrough is essential viewing.
  • 📢 & 📺 How to use GitHub Copilot on github.com: A power user’s guide - Discover how GitHub Copilot on github.com is evolving into an AI-native control center for your entire development workflow—enabling you to create, manage, and resolve issues, prototype solutions, and collaborate with agents and colleagues, all through natural language. Learn why this shift goes far beyond coding assistance in your IDE, and how it can accelerate team productivity, streamline problem-solving, and unlock new ways to orchestrate your software projects directly within the GitHub platform.
  • 📚 Turn engineering knowledge into a scalable advantage with AI agents - Discover how GitHub’s Trade Compliance team used AI agents not just for code generation, but to transform documentation practices and unlock scalable engineering knowledge. This post reveals how intentional prompt engineering and reuse can turn AI experimentation into long-term organizational assets—accelerating collaboration, reducing friction, and driving innovation across your engineering system.
  • 📢 Agents panel: Launch Copilot coding agent tasks anywhere on GitHub - Empower your teams to offload routine coding tasks to Copilot agents that run in the background and surface pull requests only when they’re ready for your review. This post details how to set up and monitor agents directly within GitHub’s interface—no CLI juggling required. Enterprise leaders will learn how to reduce blocker wait times, standardize code quality, and reclaim developer hours for high-value work. See also the 🚢 related changelog item.
  • 📢 GPT-5 in GitHub Copilot: How I built a game in 60 seconds - Discover how GitHub’s latest MCP server integration and GPT-5 models shook up one engineer’s workflow, turning a game prototype from idea to playable demo in under a minute. The post walks through live code examples, showing how to harness Copilot’s new context-protocol capabilities to speed up prototyping at enterprise scale. If you’re evaluating AI for rapid proof-of-concepts or hackathons, these insights will prove invaluable.
  • 📚 & 📺 Unlock what’s next: GitHub Roadmap Webinar, Q3 2025 (53:51) - Discover how GitHub’s latest innovations—like agent-powered development, enhanced security automation, and streamlined governance—are transforming the way enterprises build, secure, and scale software. This session reveals actionable strategies and real-world examples that can help your teams unlock productivity, accelerate delivery, and future-proof your DevOps workflows in the era of AI-driven collaboration. If you want to stay ahead of industry shifts and maximize developer impact, this is essential viewing.
  • 🚢 Copilot coding agent now supports AGENTS.md custom instructions - Copilot coding agent, our autonomous background agent, now supports AGENTS.md custom instructions. With custom instructions, you can guide Copilot on how to understand your project as well as how to build, test, and validate its changes.
  • 🚢 Start and track Copilot coding agent tasks from Raycast - Raycast is a powerful free launcher for macOS. It can launch apps, search files, control your system, and leverage community-built extensions. With the new GitHub Copilot extension for Raycast, you can hand tasks to Copilot coding agent and track progress from anywhere on your Mac.
  • 🚢 Copilot coding agent is now available in GitHub Enterprise Cloud with data residency - GitHub Copilot coding agent, our autonomous developer agent currently in public preview, is now also available in GitHub Enterprise Cloud with data residency.
  • 🚢 Copilot’s next edit suggestion (NES) in public preview in JetBrains - Copilot’s new Next Edit Suggestions (NES) feature for JetBrains IDEs proactively improves existing code in real time—refactoring, fixing, and adapting intelligently as you work—making this changlog entry a must-read for teams focused on code quality and developer velocity.

GitHub Copilot - New Models

GitHub Copilot and Model Context Protocol (MCP) Servers

  • 📺 Automate debugging with the Playwright MCP server (1:44) - Unlock the power of the Playwright MCP server to not only automate end-to-end testing, but also to perform live validation and debugging as you build web applications. This video demonstrates how Copilot agent mode can help you rapidly identify, reproduce, and fix frontend and backend bugs. If you want to accelerate delivery and boost confidence in your releases, this is a must-watch.
  • 📢 Why we open sourced our MCP server, and what it means for you - GitHub just published its internal MCP server code, unlocking the same context-protocol foundation that powers Copilot for any organization. Learn how maintainers are already customizing it for bespoke code workflows, security scans, and compliance automations. If you’re evaluating an on-prem or hybrid AI strategy, this post outlines the governance, extensibility, and integration benefits you need to make an informed decision.
  • 📢 & 📺 Building your first MCP server: How to extend AI tools with custom capabilities (1:15:00) - Take control of your AI stack by deploying a MCP server that links Copilot (and other tools) to your own data stores, private APIs, and internal libraries. This hands-on guide walks you through spinning up a turn-based game server as an example but scales to real enterprise use cases like compliance checks and domain-specific code generation. Technical leaders will appreciate the deep dive into tool-integration best practices that maintain security and performance.
  • 🚢 Model Context Protocol (MCP) support for JetBrains, Eclipse, and Xcode is now generally available - This enables deep integration with external tools and secure enterprise workflows through customizable MCP servers and policies.
  • 🚢 GitHub MCP Server: Secret scanning, push protection, and more - The GitHub MCP server now blocks tool calls that expose secrets in public repositories—closing a major prompt injection vector and introducing powerful new tools for CI/CD, sub-issues, and secure agent workflows across your enterprise.

Providing Context to GitHub Copilot

  • 🚢 Copilot coding agent: Automatically generate custom instructions - Now available in public preview, GitHub Copilot coding agent can automatically generate custom instructions tailored to your repository. This enables you to guide Copilot on how to understand your project as well as how to build, test, and validate its changes. With these instructions, Copilot produces higher quality pull requests you can merge more quickly.
  • 📄 Adding repository custom instructions for GitHub Copilot - Use the extensive prompts in this documentation as a starting point when asking GitHub Copilot to generate custom instructions for your repository.
  • 🚢 Copilot Spaces supports adding entire repositories - This makes it faster to explore unfamiliar codebases, manage cross-cutting features, and provide Copilot with broader context for more accurate and efficient assistance.

GitHub Copilot Code Reviews

  • 📢 How to use GitHub Copilot to level up your code reviews and pull requests - Copilot can transform your pull-request workflow by suggesting context-aware review comments, automating boilerplate fixes, and even drafting merge-ready code snippets. This post breaks down real prompts and examples from GitHub’s own engineering teams so you can benchmark and accelerate your organization’s code-review cycles. Leaders will appreciate the practical tips for integrating Copilot directly into your team’s existing review tools to boost velocity without sacrificing quality.
  • 📺 How to automate code reviews and testing with GitHub Copilot (4:35) - Discover how integrating Copilot into your code review and DevOps workflows can elevate productivity—ensuring every change is validated by both AI and human reviewers. This walkthrough reveals practical strategies for leveraging Copilot’s code scanning, AutoFix, and review features to enforce best practices and accelerate delivery, making it essential viewing for anyone responsible for code quality or team efficiency.
  • 🚢 Copilot code review: Generally available in Xcode and new admin control - Copilot code review is now generally available in Xcode, with new enterprise-level controls that give you independent, predictable management across your organization—see what’s changing and how to prepare.
  • 🚢 Copilot code review: copilot-instructions.md support is now generally available - Create a copilot-instructions.md file to customize GitHub Copilot's code review behavior, enabling enterprise teams to define code review guidelines based on your organizations guidelines and best practices for consistent, tailored AI feedback.

Additional GitHub Copilot Updates

  • 📄 Creating diagrams - GitHub Docs - Learn how to leverage GitHub Copilot Chat to generate dynamic, data-driven diagrams—like Gantt charts—directly from natural language prompts. This guide shows how to turn project timelines or code structures into visual insights using Mermaid syntax, helping your team communicate more effectively and accelerate planning and documentation workflows.
  • 🚢 GitHub Copilot in VS Code July release (v1.103) - The July release of GitHub Copilot for VS Code introduces chat checkpoints, improved agent workflows, and experimental task lists—enhancing reliability, context management, and multi-step planning for enterprise-scale development.
  • 🚢 GitHub Copilot in Visual Studio — August update - Here’s what’s new: GPT-5 model support, MCP support is now generally available, Smarter Copilot Chat with better context, Bring your own model, Greater control over Copilot suggestions and more.
  • 🚢 Update on GitHub Copilot consumptive billing for GitHub Enterprise Cloud with data residency - GitHub Enterprise Cloud with data residency users with a paid GitHub Copilot plan will now be billed for premium request usage. GitHub Enterprise Cloud with data residency users with Copilot Business and Copilot Enterprise plans will have a monthly allowance of premium requests per user. Usage exceeding the monthly allowance will be charged based on the premium models and features used.
  • 🚢 Premium request overage policy is generally available for Copilot Business and Enterprise - GitHub Copilot’s new premium request overage policy gives organizations clear, configurable control over usage beyond included limits—enabling cost management and uninterrupted access to advanced AI coding features.
  • 🚢 GitHub Changelog - Copilot, August, 2025 - Skim through all of the Copilot changes from August.

Security

Application security with GitHub, ensuring the code that lives in GitHub and the dependencies that go into the solutions you build are secure and do not contain any secrets.

Secret Protection

  • 🚢 The secret risk assessment is generally available - GitHub’s new secret risk assessment dashboard gives your organization a free, point-in-time scan of leaked secrets across all repositories—offering actionable insights, ROI estimates, and a clear path to stronger security.
  • 📄 Remediating a leaked secret in your repository - Secrets like API keys and credentials can be compromised the moment they’re exposed—even if you delete them from your codebase. This guide walks you through GitHub’s recommended remediation steps, including risk assessment, revocation, and service updates, to help you respond quickly and securely. If you’re leading a team or managing sensitive infrastructure, understanding this process is critical to preventing breaches and maintaining compliance.
  • 📢 How we accelerated Secret Protection engineering with Copilot - Discover how GitHub’s Secret Protection team used GitHub Copilot as a coding agent to dramatically accelerate the onboarding of new token validators—scaling from 32 to nearly 90 types in just weeks. This post reveals how agentic AI can supercharge repeatable engineering workflows without compromising code quality, offering practical insights for teams looking to automate securely and effectively.
  • 🚢 Secret scanning: Configuring patterns in push protection is now generally available - Secret scanning push protection now supports configurable patterns—giving organizations fine-grained control over which secrets to block at commit time, backed by usage insights and REST API support for scalable policy enforcement.
  • 🚢 GitHub MCP Server: Secret scanning, push protection, and more - The GitHub MCP server now blocks tool calls that expose secrets in public repositories—closing a major prompt injection vector and introducing powerful new tools for CI/CD, sub-issues, and secure agent workflows across your enterprise.
  • 🚢 New API endpoints for listing and updating push protection configurations - New REST API endpoints now let you centrally list and update push protection configurations for secret scanning patterns at the enterprise and organization levels—streamlining security management and improving audit visibility.

Code Security

Supply Chain Security

Additional Security Updates

CI/CD

Continuous Integration & Continuous Deployment with GitHub Actions.

  • 📚 & 📺 Fast and compliant CI/CD pipelines in the financial industry - In highly regulated industries like finance, speed and compliance often feel at odds—but they don’t have to be. This webinar reveals how GitHub and Octopus Deploy are helping enterprise teams build fast, secure, and auditable CI/CD pipelines across hybrid and multi-cloud environments. If you're leading development or DevOps in a compliance-heavy sector, this is your blueprint for accelerating delivery without compromising control.
  • 🚢 GitHub Actions policy now supports blocking and SHA pinning actions - GitHub Actions policies now support blocking specific actions and enforcing SHA pinning—giving organizations powerful new tools to mitigate supply chain risks, enforce secure workflows, and respond quickly to compromised dependencies.
  • 🚢 Releases now support immutability in public preview - GitHub’s new immutable releases feature, now in public preview, locks down release assets and tags with cryptographic attestations—giving your team a powerful new safeguard against supply chain attacks and tampering.
  • 🚢 arm64 hosted runners for public repositories are now generally available - GitHub Actions now offers free, standard arm64 hosted runners for Linux and Windows in public repositories—enabling faster, native multi-architecture builds without virtualization and simplifying CI/CD for ARM-based workloads.
  • 🆕Our research team, GitHub Next (https://githubnext.com), continues to explore new possibilities such as GitHub Next | Agentic Workflows - Agentic Workflows from GitHub Next introduce a powerful new way to automate repository tasks using natural language instead of traditional scripting. By compiling plain-language instructions into GitHub Actions workflows, this research prototype offers a glimpse into how AI-driven automation can streamline documentation, testing, triage, and more—while preserving transparency, auditability, and control.
  • 🚢 GitHub Changelog - Actions, August, 2025 - Skim through all of the security related changes from August.

GitHub Platform

Resources to assist those who manage the rollout and maintenance of GitHub for hundreds if not thousands of stakeholders.

  • 📺 Managing your enterprise, organization and repos on GitHub (4:42) - Unlock the full potential of GitHub Copilot and modern governance tools to streamline security, automate user management, and enforce enterprise-wide policies with precision. This video reveals how top-down controls, actionable dashboards, and advanced APIs empower you to proactively manage vulnerabilities, optimize developer workflows, and ensure your organization’s codebase remains secure and compliant.
  • 📚 & 📺 Unlock what’s next: GitHub Roadmap Webinar, Q3 2025 (53:51) - Discover how GitHub’s latest innovations—like agent-powered development, enhanced security automation, and streamlined governance—are transforming the way enterprises build, secure, and scale software. This session reveals actionable strategies and real-world examples that can help your teams unlock productivity, accelerate delivery, and future-proof your DevOps workflows in the era of AI-driven collaboration. If you want to stay ahead of industry shifts and maximize developer impact, this is essential viewing.
  • Product Guides for GHAS, Copilot, & GHEC now live in the Support Portal. Enterprise users can now leverage these curated and maintained resources to aid in your product adoption journey. This change marks a major step forward in creating a more seamless, centralized experience for you to access self-serve resources. You can can now access:
    • ✅ Step-by-step adoption guides via Product Guides
    • 🤖 Real-time technical Q&A with GitHub Copilot in Support
    • 📚 Instant access to key resources like Docs, Community, and Professional Services
    • 👉 Explore the new experience at support.github.com to continue your journey with GitHub — simplified, streamlined, and built for success.
  • 🚢 Copilot coding agent is now available in GitHub Enterprise Cloud with data residency - GitHub Copilot coding agent, our autonomous developer agent currently in public preview, is now also available in GitHub Enterprise Cloud with data residency.
  • 🚢 Defense of third-party claims added for volume licensing customers - GitHub has added indemnity protections for volume licensing customers using pre-release features—removing liability caps and blanket exclusions to make it safer for enterprises to explore and adopt new capabilities.
  • 🚢 Enterprises can create organization roles for use across their enterprise, and custom role limits have been increased - Enterprise owners can now define reusable organization roles across all orgs and create up to 40 custom roles per org—streamlining access management, enforcing consistent permissions, and scaling governance with precision.
  • 🚢 Template URLs for fine-grained PATs and updated permissions UI - New template URLs and an improved permissions UI make it faster and easier for teams to create, share, and manage fine-grained PATs with precision and confidence.
  • 🚢 Customers can now add users to a cost center from both the UI and API - Enterprise admins and billing managers can now add users to cost centers directly from the UI or API—streamlining cost attribution, improving financial visibility, and simplifying user management across large organizations.
  • 🚢 Introducing metered GitHub Enterprise billing for Visual Studio subscriptions with GitHub Enterprise - Enterprise customers using Visual Studio subscriptions with GitHub Enterprise can now adopt metered, usage-based billing—unlocking flexible license management, automated user mapping via API, and streamlined compliance auditing.
  • 🚢 Improved repository creation generally available, plus ruleset & insights improvements - GitHub’s improved repository creation experience and enhanced ruleset insights now generally available streamline onboarding, enforce governance at scale, and give teams clearer visibility into policy impact across their codebase.
  • 🚢 Dependencies on issues - GitHub Issues now supports native dependencies between issues—enabling teams to clearly define and visualize blocking relationships, streamline project planning, and automate workflows with full API and webhook support.
  • 🚢 New API endpoints for listing and updating push protection configurations - New REST API endpoints now let you centrally list and update push protection configurations for secret scanning patterns at the enterprise and organization levels—streamlining security management and improving audit visibility.
  • 📢 Securing the supply chain at scale: Starting with 71 important open source projects - Discover how contributing to the Secure Open Source Fund not only strengthens the open source ecosystem you depend on—but also directly enhances the security posture of your enterprise software supply chain.
  • 🚢 GitHub Changelog - GitHub Platform, August, 2025 - Skim through all of the GitHub Platform related changes from August.

Engineering

An inside look at how we’re building the home for all developers. Resources based on our internal experiences.

  • 📢 How we accelerated Secret Protection engineering with Copilot - Discover how GitHub’s Secret Protection team used GitHub Copilot as a coding agent to dramatically accelerate the onboarding of new token validators—scaling from 32 to nearly 90 types in just weeks. This post reveals how agentic AI can supercharge repeatable engineering workflows without compromising code quality, offering practical insights for teams looking to automate securely and effectively.
  • 📢 How to use GitHub Copilot to level up your code reviews and pull requests - Copilot can transform your pull-request workflow by suggesting context-aware review comments, automating boilerplate fixes, and even drafting merge-ready code snippets. This post breaks down real prompts and examples from GitHub’s own engineering teams so you can benchmark and accelerate your organization’s code-review cycles. Leaders will appreciate the practical tips for integrating Copilot directly into your team’s existing review tools to boost velocity without sacrificing quality.
  • 📚 Turn engineering knowledge into a scalable advantage with AI agents - Discover how GitHub’s Trade Compliance team used AI agents not just for code generation, but to transform documentation practices and unlock scalable engineering knowledge. This post reveals how intentional prompt engineering and reuse can turn AI experimentation into long-term organizational assets—accelerating collaboration, reducing friction, and driving innovation across your engineering system.

Legend

That’s it for the September '25 edition of the enterprise roundup. Check back in to the GitHub Executive Insights at the beginning of next month to see the next round of key updates.

We want to hear from you! Did you find this curated list of updates from GitHub helpful? Do you have suggestions on how we can provide the information that is going to be the most useful and timely for your role? Visit the GitHub Community. · September ‘25 enterprise roundup - community · Discussion

Tags