The new Crowdbotics extension for GitHub Copilot takes advantage of all the requirements and context in the Crowdbotics platform to help developers generate more accurate code with Copilot. Integrated with GitHub Copilot Chat, the extension enables developers to benefit from this accuracy improvement without ever having to leave their development environment.

A recent joint research study conducted by Crowdbotics, GitHub, and Microsoft using a subset of the Crowdbotics extension features, found that injecting business requirements from Crowdbotics PRD AI into GitHub Copilot’s neighboring tab context model, improved GitHub Copilot code suggestion acceptance rate by 14%. This change reflects a 51% relative improvement in the acceptance rate. Additionally, the study found that developers using this multi-model configuration were 25% more likely to succeed at feature development than non-AI assisted developers. The now-publicly available Crowdbotics extension has this feature built in, along with a number of other additional features to help developers stay “in flow” longer.

“The Crowdbotics extension for GitHub Copilot achieves what both GitHub and Crowdbotics aim to do: improve developers’ lives by making their code smarter and more accurate,” said Anand Kulkarni, CEO at Crowdbotics. “Product requirements are the holy grail when it comes to making coding more efficient, so harnessing the power of this extension is a no-brainer for any developer looking to speed up their workflows without compromising context or accuracy.”

Benefits of the Crowdbotics extension include:

• Break features into decomposed layers, such as front end, back end, business logic, data schema or third-party integrations.

• Technical recommendations for the integrations best suited for the app and development team.

• Seamless connections between developers and PRDs without disrupting workflows or needing to switch to different windows.

The Crowdbotics extension is available now, with a free 30-day trial available through GitHub Marketplace.

The post Crowdbotics unveils extension for GitHub Copilot to improve acceptance rate of suggestions appeared first on SD Times.

Many of the updates were across GitHub Copilot. First up, GitHub announced that users now have access to more model choices thanks to partnerships with Anthropic, Google, and OpenAI. Newly added model options include Anthropic’s Claude 3.5 Sonnet, Google’s Gemini 1.5 Pro, and OpenAI’s GPT-4o, o1-preview, and o1-mini. 

By offering developers more choices, GitHub is enabling them to choose the model that works best for their specific use case, the company explained.

“In 2024, we experienced a boom in high-quality large and small language models that each individually excel at different programming tasks. There is no one model to rule every scenario, and developers expect the agency to build with the models that work best for them,” said Thomas Dohmke, CEO of GitHub. “It is clear the next phase of AI code generation will not only be defined by multi-model functionality, but by multi-model choice. Today, we deliver just that.”

Copilot Workspace has a number of new features as well, like a build and repair agent, brainstorming mode, integrations with VS Code, and iterative feedback loops. 

GitHub Models, which enables developers to experiment with different AI models, has a number of features now in public preview, including side-by-side model comparison, support for multi-modal models, the ability to save and share prompts and parameters, and additional cookbooks and SDK support in GitHub Codespaces.

Copilot Autofix, which analyzes and provides suggestions about code vulnerabilities, added security campaigns, enabling developers to triage up to 1,000 alerts at once and filter them by type, severity, repository, and team. The company also added integrations with ESLint, JFrog SAST, and Black Duck Polaris. Both security campaigns and these partner integrations are available in public preview. 

Other new features in GitHub Copilot include code completion in Copilot for Xcode (in public preview), a code review capability, and the ability to customize Copilot Chat responses based on a developer’s preferred tools, organizational knowledge, and coding conventions.

In terms of what’s coming next, starting November 1, developers will be able to edit multiple files at once using Copilot Chat in VS Code. Then, in early 2025, Copilot Extensions will be generally available, enabling developers to integrate their other developer tools into GitHub Copilot, like Atlassian Rovo, Docker, Sentry, and Stack Overflow.

The company also announced a technical preview for GitHub Spark, an AI tool for building fully functional micro apps (called “sparks”) solely using text prompts. Each spark can integrate external data sources without requiring the creator to manage cloud resources. 

While developers can make changes to sparks by diving into the code, any user can iterate and make changes entirely using natural language, reducing the barrier to application development. 

Finished sparks can be immediately run on the user’s desktop, tablet, or mobile device, or they can share with others, who can use it or even build upon it. 

“With Spark, we will enable over one billion personal computer and mobile phone users to build and share their own micro apps directly on GitHub—the creator network for the Age of AI,” said Dohmke.

And finally, the company revealed the results of its Octoverse report, which provides insights into the world of open source development by studying public activity on GitHub. 

Some key findings were that Python is now the most used language on the platform, AI usage is up 98% since last year, and the number of global developers continues increasing, particularly across Africa, Latin America, and Asia. 

The post GitHub Copilot now offers access to new Anthropic, Google, and OpenAI models appeared first on SD Times.

For its survey, GitHub surveyed 2,000 developers from the U.S., Brazil, Germany, and India, with an equal number of participants from each country. 

The company found that the usage of AI coding tools at work was consistent among the countries, but companies’ attitudes and policies for AI vary widely. For instance, in the U.S., 88% of respondents said their company supports AI use at some level, while in Germany only 59% said the same. 

Developers from the U.S. and India in particular believe AI increases code quality, with 90% and 81% of respondents, respectively, saying it either significantly or somewhat increases quality. In Brazil, only 62% believe AI improves quality, and in Germany, only 60% said so. 

Brazilian and German devs also tended to be more neutral about the effect on code quality than the other two countries. When asked about the effect on code quality, the percentage that responded that it neither increases or decreases quality were 2% for the U.S., 18% in Brazil, 25% in Germany, and 9% in India. 

Other interesting findings of the survey were that:

• 98% of respondents experimented with using AI for test case generation
• 99-100% predict AI will improve code security and development efficiency
• 99-100% also believe AI skills make job seekers more attractive to potential employers

“The potential of AI-driven software development is undeniable,” GitHub wrote in the report. “By prioritizing a strategic approach that balances innovation, security, and organizational alignment, we can unlock its full potential—and this is an exciting time for engineering leaders to leverage these advancements and propel their engineering teams forward.”

You may also like…

Who’s going to pay for AI?

Addressing AI bias in AI-driven software testing

The post GitHub: Perceptions of AI vary widely in different countries appeared first on SD Times.

Copilot Autofix in GitHub Advanced Security (GHAS) analyzes vulnerabilities, explains their importance, and offers suggestions on how to remediate them. 

“For developers who aren’t necessarily security experts, Copilot Autofix is like having the expertise of your security team at your fingertips while you review code,” Mike Hanley, chief security officer and SVP of engineering at GitHub, wrote in a blog post.  

When GHAS finds a vulnerability, there is now a button that developers can click and have Copilot Autofix generate a fix. Then, developers can either dismiss the suggestion or have it create a new pull request with a code change that remediates the issue. 

It can generate fixes for dozens of classes of vulnerabilities, including SQL injection and cross-site scripting. 

Copilot Autofix was first introduced as a public beta in March, and according to the company, beta participants were able to fix vulnerabilities three times faster than developers fixing them manually. Fixing cross-site scripting vulnerabilities was seven times faster and fixing SQL injection vulnerabilities was 12 times faster. 

According to GitHub, Copilot Autofix will help cut down on technical debt when it comes to vulnerabilities. The company explained that the longer a vulnerability remains in a codebase, the more difficult it is to remove them.

“When a developer is asked to fix vulnerabilities in code that they haven’t seen in a while or aren’t familiar with, it can take hours to assess the surrounding code and experiment with manual fixes,” Hanley wrote.

The new functionality is available to any GitHub customer with an Advanced Security license, and, starting in September, Copilot Autofix will be made available for free to open source maintainers as well. 

“As the global home of the open source community, GitHub is uniquely positioned to help maintainers detect and remediate vulnerabilities so that open source software is safer and more reliable for everyone,” Hanley wrote. 

You may also like…

Harness software intelligence to conquer complexity and drive innovation

Software engineering leaders must act to manage integration technical debt

The post GitHub’s Copilot Autofix generates remediation fixes for code vulnerabilities appeared first on SD Times.

Developers can access models and then test different prompts and model parameters in a playground environment. 

“For most of us, learning to be a developer didn’t happen on a linear path in the classroom. It took practicing, playing around, and learning through experimentation. The same is true today for AI models. In the new interactive model playground, students, hobbyists, startups, and more can explore the most popular private and open models from Meta, Mistral, Azure OpenAI Service, Microsoft, and others with just a few clicks and keystrokes,” Thomas Dohmke, CEO of GitHub, wrote in a blog post.  

GitHub Models currently includes models from AI21 Labs, Cohere, Meta, Mistral, OpenAI, and Microsoft’s Phi-3.

The playground also includes sample code for several different frameworks and languages so that developers can easily try out multiple scenarios during their experiments. 

It also features a seamless transition path to Codespaces, so developers can experiment in GitHub Models and then bring it to their project when they are satisfied with their decision. 

GitHub Models is currently in a limited public beta, which can be signed up for here.  

You may also like…

GitHub reveals the winners of the second GitHub Accelerator cohort

White House is recommending that use of open source AI models not be restricted

The post GitHub Models is a new playground for experimenting with AI models appeared first on SD Times.

Artifacts in GitHub are files or collections of files that were created during a workflow run, such as build or test output. 

Attestations include a link to the workflow associated with the artifact, along with other relevant information like its repository, organization, environment, commit SHA, and triggering event. 

According to GitHub, Artifact Attestations are powered by Sigstore, which is an open source project that allows software artifacts to be signed and verified to promote greater software integrity. 

Along with this general availability release, GitHub also is now offering a new way to build Kubernetes admission controllers that allows developers to validate attestations from within Kubernetes clusters. According to GitHub, this ensures that only properly validated artifacts get deployed.

“By integrating Artifact Attestations into your GitHub Actions workflows, you enhance the security of your development and deployment processes, protecting against supply chain attacks and unauthorized modifications,” GitHub wrote in a blog post. 

You may also like…

Sonatype shines light on current state of supply chain security in latest report

OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs

The post GitHub improves supply chain security with general availability of Artifact Attestations appeared first on SD Times.

Each project receives $400,000 in support, broken down into $40,000 in non-dilutive sponsorship funding from GitHub Sponsors and $350,000 in Microsoft benefits, such as Azure and OpenAI credits, free Copilot and GitHub projects, and connection to GitHub Fund and Microsoft’s M12 Venture Fund. 

“GitHub is on a mission to enable a world where 1 billion individuals call themselves developers. GitHub Accelerator is one of many possible ways to support open source—but that impact is really made when everyone supports the technology they rely on. We want to ensure that open source thrives, developers have the choice to contribute full-time to the projects they care about most, and those depending on open source benefit from the innovation and sustainability. Together, we can invest, build, and nurture more open source categories, projects, and people,” GitHub wrote in a blog post. 

This most recent cohort was themed around open-source AI, and the winning projects include: 

• UnslothAI, which uses emerging technologies to fine tune open source models faster and using less memory than competitors
• Giskard, a library for testing and evaluating LLMs
• A-Frame, which integrates AI workflows into the creator of AR/VR experiences
• Nav2, an autonomous mobile robots navigation solution
• OpenWebUI, a UI for running AI and LLMs locally
• LLMware.ai, which is a set of tools that can be used to build enterprise LLM applications 
• LangDrive, a framework for training and deploying LLMs via an API and configuration files
• HackingBuddyGPT, which provides AI copilots for security teams 
• Web-Check, which provides security insights into websites, infrastructure, and servers
• Marimo, a notebook for AI and machine learning
• Talkd.ai, a unified LLM Chat API

The post GitHub reveals the winners of the second GitHub Accelerator cohort appeared first on SD Times.

Artifact Attestation allows maintainers of open-source software to easily create a paper trail for the software they are creating, so that consumers of that software can verify where it came from and how it was created.

The attestations include a link to the workflow associated with the artifact, along with other relevant information like its repository, organization, environment, commit SHA, and triggering event. 

“There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to their source code and build instructions. And with more than 100M developers building on GitHub, we want to ensure developers have the tools needed to help protect the integrity of their software supply chain,” Trevor Rosen, staff engineering manager for supply chain security at GitHub, wrote in a blog post. 

Artifact Attestations is powered by Sigstore, which is an open source project that allows software artifacts to be signed and verified to promote greater software integrity. 

According to GitHub, the process to set up an Artifact Attestation is simple. Developers must first enable their GitHub Actions workflow to be able to write to the attestations store, then direct a workflow to create an attestation, and finally, use GitHub CLI to verify it. 

Consumers can easily download attestation documents, which can also be extracted as JSON files to be used in a policy engine like OPA. 

“Artifact Attestations will allow customers unprecedented visibility into the composition and usage of their built software artifact, and this is just the beginning. We’ll be offering the ability to attest other kinds of artifacts associated with the build process, such as vulnerability reports and other pieces of metadata supported by the in-toto project’s defined predicate types. Look for exciting news around Kubernetes support, new guarantees for releases, and more later this year,” Rosen said. 

Dependabot can now be run as GitHub Actions workflow

Artifact Attestations is not the only announcement from GitHub to be aware of; The company also announced that Dependabot, GitHub’s automated solution for monitoring dependencies for vulnerabilities, can now be run as a GitHub Actions workflow, both as hosted or self-hosted runners. 

It was previously only using hosted compute, which meant that it couldn’t access on-premise resources. This also meant that logs were spread out in different places, and one of the requests from users was to be able to see all logs in a single place. 

“Developers will see performance improvements, like faster Dependabot runs and increased log visibility. APIs and webhooks for GitHub Actions can also detect failed runs and perform downstream processing should developers wish to configure this in their CI/CD pipelines,” Carlin Cherry, product manager at GitHub, wrote in a blog post. 

This is part of GitHub’s long-term strategy to consolidate Dependabot entirely to GitHub Actions. Over the course of the next year, GitHub will migrate all of Dependabot’s update jobs to GitHub Actions, leading to faster runs, increased troubleshooting visibility, self-hosted runners, and other benefits, GitHub explained. 

According to GitHub, running Dependabot does not count towards GitHub Actions minutes. 

The post GitHub announces new updates to improve supply chain security appeared first on SD Times.

“Copilot Workspace represents a radically new way of building software with natural language, and is expressly designed to deliver–not replace–developer creativity, faster and easier than ever before. With Copilot Workspace we will empower more experienced developers to operate as systems thinkers, and materially lower the barrier of entry for who can build software,” GitHub wrote in a blog post. 

GitHub Copilot Workspace leverages a task-centric experience for starting big projects, tackling feature requests, or resolving bug reports. It comes up with a step-by-step list of what tasks developers need to complete to achieve their goals.

The process can be started from a GitHub repository or a GitHub Issue, and it creates the plan based on its understanding of the codebase, existing issue replies, and more, GitHub explained. 

Developers can edit the plan that Copilot Workspace presents, allowing them to continue iterating even after they’ve started the process.

“You retain all of the autonomy, while Copilot Workspace lifts your cognitive strain,” GitHub wrote. 

Copilot Workspace is designed to work on any device, even mobile, enabling developers to work on their ideas from anywhere. 

The post GitHub Copilot Workspace provides developers a full step-by-step plan for creating features, applications appeared first on SD Times.

GitHub Copilot Enterprise is a version of GitHub Copilot that integrates into an organization’s knowledge bases so that it can provide more relevant and specific responses, enabling greater developer productivity. 

This new offering has features that streamline code navigation and completion, which helps developers gain a deeper understanding of their codebase. “It empowers junior developers to contribute quicker, assists senior developers in handling live incidents, and aids in modernizing aging codebases by offering clear code summaries, relevant suggestions, and quick answers to queries about code behavior,” Thomas Dohmke, CEO of GitHub, wrote in a blog post. 

Chat functionality integrates directly into GitHub.com, which allows developers to ask questions and receive answers that include links to relevant documentation or other existing solutions to meet their needs. 

GitHub is also beta testing an integration with Bing search, which will allow developers to turn to the the internet to find information as well, such as searching for updates to frameworks. 

Another feature of GitHub Copilot Enterprise is autogenerated pull request summaries and the ability to analyze the difference between the existing code and proposed changes, which will help save time in understanding the changes being made in a codebase. 

GitHub has stated that GitHub Copilot Enterprise does not use companies’ data to train its models, except in the case of custom models where explicit permission has been granted. 

“Personalized, natural language recommendations are now at the fingertips of all our developers at Figma,” said Tommy MacWilliam, engineering manager for Infrastructure at Figma. “Copilot Enterprise has improved collaboration across the SDLC by making it easier for our engineers to source and find information via Copilot Chat. We’re also seeing a significant increase in overall developer productivity. Our engineers are coding faster, collaborating more effectively, and building better outcomes.”

The post GitHub Copilot Enterprise is generally available appeared first on SD Times.