The GitHub Blog

Home / Enterprise software / Governance & compliance Explore how the Open Source Program Office uses GitHub’s new license compliance product to manage open source dependencies at scale. & June 30, 2026 | 7 minutes Share: Every day, GitHub engineers introduce new dependencies into the GitHub platform, internal applications, and open source projects.

Claude Sonnet 5 is Anthropic’s latest Sonnet-class model, now available in GitHub Copilot. It brings strong coding performance to everyday development and agentic workflows, giving developers a new Sonnet-class option for tasks across the IDE and CLI. In our internal testing, Claude Sonnet 5 showed strong results across a range of coding scenarios, including particularly strong performance on CLI-style tasks.

You can now use branch rulesets to block pull requests from merging when test coverage drops below thresholds you set. You can set a minimum coverage percentage, a maximum allowed drop from the default branch, or both. You can start in evaluate mode to understand impact first, then switch to active mode when you’re ready to enforce merge protection.

You can now scan and navigate release pages more easily with a dedicated sidebar table of contents. We also updated release metadata placement for a more consistent layout so it’s easier to move between entries on long pages. Users with write access can also now see download counts per release asset directly in the Releases UI. Previously, this data was only available through the API.

Today, JetBrains and GitHub are announcing a deeper integration between JetBrains AI Assistant and GitHub Copilot. Millions of developers already rely on the GitHub Copilot plugin as their AI pair programmer in JetBrains IDEs, and Copilot has also been available inside JetBrains AI Assistant through the Agent Client Protocol (ACP).

Enterprises can now manage their dependencies’ licenses at scale with sophisticated, ruleset-based checks that enforce a centralized policy. Open source license compliance is in public preview, letting you block noncompliant dependencies before they reach production. Open source license compliance expands on the capabilities of the dependency review action by introducing an enterprise-wide license policy.

Dependabot will no longer attempt to infer .npmrc configuration for npm private registries. Previously, Dependabot tried to reconstruct .npmrc contents from lockfile resolved URLs, but incorrect lockfile URLs, lockfile format differences across npm, Yarn v1, Yarn Berry, and pnpm, and other edge cases regularly caused registry authentication failures. You can now define a scope property on registries in your dependabot.yml. Dependabot uses this to automatically generate the correct .npmrc.

Starting August 25, 2026, GitHub will introduce a data retention policy for closed Dependabot security alerts. This policy gives you a clear commitment for how long your alert data stays accessible and where you can find it. It applies to Dependabot security alerts on github.com, including GitHub Enterprise Cloud (GHEC). It does not apply to GitHub Enterprise Server (GHES). The policy will roll out gradually across security alert types, beginning with Dependabot.

Enterprise admins can now set a cost center user-level budget: one per-user AI credit budget on a cost center that applies to every individual in it. As membership changes, the budget follows. Anyone added to the cost center, directly or through an enterprise team, picks up its per-user budget, and anyone removed is no longer covered by it. You do not reconfigure budgets monthly or when people move teams.

The open source Git project just released Git 2.55. Here is GitHub’s look at some of the most interesting features and changes introduced since last time. June 29, 2026 | 14 minutes Share: The open source Git project just released Git 2.55 with features and bug fixes from over 100 contributors, 33 of them new. We last caught up with you on the latest in Git back when 2.54 was released.