Depot vs GitHub
Side-by-side trajectory, velocity, and editorial themes.
Depot extends from build acceleration into hosted source control with Depot Code.
Depot is broadening from a CI and build-cache company into a full developer-infrastructure platform. This cycle it launched Depot Code — a diskless git server backed by S3 blob storage — into private beta, moved CI and Sandboxes onto a re-architected Depot Metal compute tier, and kept extending Depot CI with new triggers, snapshot improvements, OIDC auth, and Datadog observability.
The direction is a vertically integrated build-and-source stack: Depot Code stores git packfiles as S3 objects and runs stateless git workers, mirroring the same storage-compute separation behind Depot Metal. Each piece plugs into Depot CI, so the company is assembling an end-to-end alternative to the hub-and-spoke GitHub model rather than just accelerating it. The CI surface is maturing in parallel with reliability and integration features.
Expect Depot Code to move toward wider access and tighter Depot CI integration, and GitHub Actions runners and container builds to migrate onto Depot Metal over the coming months as promised.
GitHub tightens enterprise control over Copilot while hardening the npm supply chain
GitHub's changelog has split into two clear tracks: making Copilot governable at enterprise scale, and locking down the software supply chain. Recent releases add MDM-delivered Copilot settings, mandated OpenTelemetry export, and new adoption-phase metrics in the usage API — the machinery large orgs need to deploy and audit AI coding across a fleet. In parallel, npm v12, innersource advisories, and signed JDK downloads push provenance and access control deeper into the everyday toolchain.
The direction is GitHub-as-control-plane: Copilot is being wrapped in the same admin, telemetry, and policy surfaces enterprises already expect from managed software. Supply-chain security is moving from opt-in feature to default posture, with npm's install-time defaults now on for everyone. Expect these two threads to converge — governed AI agents operating inside a hardened, auditable supply chain.
Look for more Copilot fleet-management controls (policy-as-code, usage and cost guardrails) and continued tightening of npm and Actions provenance defaults over the next few releases.
See more alternatives to Depot →
See more alternatives to GitHub →