Back to GitHub Support Contact GitHub

GitHub for Unity Package Beta Release

GitHub for Unity Beta now available

Sadly, GDC 2018 is coming to a close. Tens of thousands of developers visited San Francisco to explore the latest and greatest in the gaming industry—including a large number of Unity developers who might be excited to hear that we’ve released GitHub for Unity Beta to support them through their adventures in game development.

GitHub for Unity Package

Our Unity package provides Unity game developers with the benefits of source control and GitHub without having to switch to the command line. The package already included basic Git support from within Unity and allowed you to use GitHub features in just a few clicks. With our latest update, you can now take advantage of Git LFS and file locking, too.

Git-LFS and file locking

Git-LFS provides a unique experience for game developers. With the ability to store your large asset files outside your repository (but still on servers) your repository becomes a more manageable size, making cloning and fetching much faster. You gain versioning and the same integrated Git workflow you use for text files for large asset files. Git-LFS also brings your team file locking, ensuring your assets are not overwritten or corrupted.

All of our features

  • Unity 5.4 and above on both Mac and Windows
  • GitHub authentication (including 2fa) with HTTPS support
  • Git management added to Unity, providing users with user and email configuration, Git remote configuration, and Git installation path configuration
  • Local repository management including a list of changes, selective commit, and the ability to discard file changes
  • Git and GitHub repository operations including lists of commits with details that can be reverted and branch operations including listing local and remote branches. You can also create and publish new branches, delete existing branches, and of course fetch, push, and pull operations between local and remote
  • File locking with visual locking indicators in the UI within the file, a list of locked files, and notifications when a file is locked by someone else

Open source

And don’t forget, our package is open source. We encourage you to share feedback, report bugs, and contribute where you can! Just visit our GitHub for Unity repository to get started!

Require multiple reviewers for pull requests

As your projects grow in size and complexity, it can be challenging to make sure all of the code changes are reviewed by enough people on your team. Now, with the a multiple reviewer requirement, you can specify exactly how many people are required to review every pull request—so important projects are protected from unwanted changes. 

How it works

To require multiple reviewers for pull requests, go to your repository’s settings and select “Branches”. Under “Protected branches”, select the branch you’d like to protect with a multiple reviewers requirement. There you can select the number of reviewers required for each pull request to that branch.


After you’ve selected the number of reviewers, you’ll see that number and the status of their reviews in the sidebar and merge section of pull requests to protected branches.


Learn more about required reviews for pull requests

Get to know your collaborators with hovercards

Whether you’re working on open source projects or collaborating with new developers on your team, it’s not always clear who you’re working with and how they’re connected to the project you’re working on.

With hovercards, you can hover your mouse over a contributor’s avatar—or most places you see their username—to get more information about who you’re collaborating with. On every hovercard, you’ll see a larger avatar image and profile information, so be sure to check if your profile is up to date with what you want others to see on your hovercard.

You’ll also see information about the individual that’s specific to your interaction with them, like which teams they belong to in your organization, if they are a code owner, if they’re contributing to their very first pull request, and more.


REST API and GraphQL API support are currently in preview—and stay tuned for hovercards in a GitHub Enterprise release soon.

Learn more about the hovercard REST API

Learn more about the hovercard GraphQL API

Mission report: Git Merge 2018


Last week, hundreds of Git fans met in Barcelona for Git Merge 2018—the conference dedicated to your favorite version control tool—and even more people joined the sessions from around the world on our live stream. The event brought together business leaders, source control teams, and developers for two days of Git-focused activities, promoting goodwill and dialogue between companies that have a vested interest in the progression of Git and that employ Git contributors.

We donate all proceeds from Git Merge tickets to the Software Freedom Conservancy to support their work in improving and defending free and open source software.


Git Merge kicked off with a full day of workshops led by experts from GitHub and Praqma about topics like Git aliases, scripting, and simulating Git workflows.

On the second day, Brett Smith of Software Freedom Conservancy delivered a thoughtful keynote about how free and accessible software is the key to building the future. Then speakers from Mozilla, Microsoft, and other leading technology companies took the stage to discuss refactoring, automation, and the future of Git over the course of the day.

Thank you

Thanks to everyone who participated in this year’s Git Merge! And we couldn’t have done it without our sponsors who came together to support the Software Freedom Conservancy and open source software at this important event.


How security alerts are keeping your code safer


As more developers draw from existing code libraries to build new tools, tracking changes in dependencies like security vulnerabilities has become more difficult. Since the launch of security alerts last year, we’ve taken an active role in alerting project maintainers of known-vulnerable libraries in RubyGems for Ruby and npm for Javascript. In almost all cases, there’s a new, patched version of the library we can recommend in the alert. Here’s a summary of how security alerts have been used to protect your code so far.

What does “known-vulnerable” mean?

In the security community, there are standardized and shared lists of vulnerabilities. The most comprehensive of these is Common Vulnerabilities and Exposures (CVEs). The security community works together to document vulnerabilities consistently and shares them in this list. GitHub’s security alerts notify you when Ruby and Javascript library vulnerabilities from the list are detected in your repositories.

Security alerts at work

Initially, we took our list of vulnerable libraries and compared it to the dependency graphs of all public repositories. We found over four million vulnerabilities in over 500,000 repositories and displayed an alert to repository admins in their dependency graphs and repository home pages (for Ruby and Javascript).

By December 1 and shortly after we launched, over 450,000 identified vulnerabilities were resolved by repository owners either removing the dependency or changing to a secure version. Since then, our rate of vulnerabilities resolved in the first seven days of detection has been about 30 percent. Additionally, 15 percent of alerts are dismissed within seven days—that means nearly half of all alerts are responded to within a week. Of the remaining alerts that are unaddressed or unresolved, the majority belong to repositories that have not had a contribution in the last 90 days.

In other words, for almost all repositories with recent contributions, we see maintainers patching vulnerabilities in fewer than seven days. With the recent launch of our regular vulnerability digest emails, we’re working to make this even easier for maintainers and security teams.

What’s next

Security alerts are opening the door to new ways we can improve code checking and generation by combining publicly available data with GitHub’s unique data set. And this is just the beginning—we’ve got more ways to help you keep code safer on the way!

Learn more about security alerts



Discover new ways to build better

Try Marketplace apps free for 14 days

Learn more