SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
GitHub’s ‘universe of data’ empowers developers
Wed, 17th Oct 2018
FYI, this story is more than a year old

The opening of GitHub Universe in San Francisco today brought a colourful array of neon and thousands of people to the Palace of Fine Arts, kicking off two days of keynotes, technical sessions and seminars.

Senior vice president of Technology Jason Warner opened this morning's keynote, acknowledging more than 31 million developers in the community who build a collective future. They have built 96 million repositories and contributed more than 500 terabytes of data cross the platform.

“These past ten years have been the most transformative in tech,” Warner says.

With the forthcoming GitHub acquisition by Microsoft at the front of everyone's mind, Warner addressed the news briefly:

“We've been acquired… Microsoft is changing its approach to open source. Our openness isn't going anywhere. While we don't have a close date yet, we expect to close towards the end of the year.

In a later press conference, Warner stated that Microsoft wasn't targeting any particular aspect of what GitHub is doing, besides its large developer base and its reputation as 'something special'.

To celebrate GitHub's collective future, the company unveiled a slew of announcements including a ten-year commitment to openness, customisation, and community innovation.

“Every change affects the entire software development platform. It's invigorating.

GitHub Actions

GitHub Actions, currently in a limited public beta for those on Developer, Team, and Business Cloud plans, allows users to connect and share code containers to run software development workflows.

“Easily build, package, release, update, and deploy your project in any language—on GitHub or any external system—without having to run code yourself.

The company says that by applying open source principles to workflow automation, GitHub Actions can help to pair tools and integrations with users' own custom actions or those shared by the GitHub community, no matter what the platform or language.

“Develop and share actions to automate any task your projects require, building on an ecosystem of options. Whether you need to package an NPM module, send an SMS alert, or deploy production-ready code to the cloud in parallel, you can create or find a GitHub Action for the job.

The company has also refreshed a number of projects aimed at improving security across multiple areas, particularly as security challenges that underpin software are community problems, not ones limited to CISOs.

GitHub security vulnerability alerts support Java, .NET

Java and .NET is now supported by GitHub security vulnerability alerts, adding to support for Python, Ruby and JavaScript.

The security vulnerability alerts allow developers to receive alerts when their code repositories rely on packages that have known security vulnerabilities.  Organisations can also set up alerts for teams and individuals when a vulnerability occurs.

GitHub Token Scanning for public repositories

Currently in public beta, Token Scanning scans public repositories to search for known token formats. If it finds a token, the provider receives an alert. The provider can validate and contact the account owner to issue a new token.

GitHub Security Advisory API

GitHub says that security advisories are part of a public service and to help build a powerful security platform. The platform aggregates and validate security vulnerabilities across millions of projects.

The GitHub Security Advisory API is now able to be integrated into tools and services already in use.

“The Security Advisory API provides a foundation for GitHub, researchers and integrators to collectively create a more secure future.

GitHub Connect

GitHub is also focusing on the idea of ‘connection' to break down organisational barriers through GitHub Connect. GitHub Connect aims to unify the development experience across deployment types.

“GitHub Connect includes three features: Unified Business Identity, Unified Search, and Unified Contributions. These initial releases make it easy for developers to connect to our public data and communities whether their companies run GitHub Enterprise or GitHub Business Cloud.

Unified Search and Contributions for GitHub Enterprise 2.15

Developers can search public repositories on GitHub.com and private repositories in their Business Cloud organisations without leaving GitHub Enterprise. Developers can also use Unified Contributions to get recognition for their work.

GitHub adds three new Learning Lab courses

GitHub Learning Lab is an interactive way to grow development skills in real-world scenarios. The labs are guided by a bot and repositories that teach users how to get started, manage merge conflicts, how to contribute to open projects.

The three courses include securing workflows, reviewing a pull request, and getting started with GitHub Apps.

Learning Lab for GitHub Business Cloud customers (GitHub Enterprise support coming soon)

Organisations can now use Learning Lab's free courses to onboard new developers, increase productivity, and share new skills across teams.

“With GitHub Learning Lab for organisations, you can create private courses and learning paths, customise course content, and access administrative reports and metrics.

Suggested changes (public beta)

To a round of applause, senior director of product management Kathy Simpson announced suggested changes, which are available on Developer, Team and Business Cloud plans.

“Collaboration is key to building better software, faster. Now your collaborators can suggest, edit and accept changes inline with a single click. No more copy pasting and moving between tools to accept suggestions.