Story image

GitHub’s ‘universe of data’ empowers developers

17 Oct 2018

The opening of GitHub Universe in San Francisco today brought a colourful array of neon and thousands of people to the Palace of Fine Arts, kicking off two days of keynotes, technical sessions and seminars. 

Senior vice president of Technology Jason Warner opened this morning’s keynote, acknowledging more than 31 million developers in the community who build a collective future. They have built 96 million repositories and contributed more than 500 terabytes of data cross the platform.

“These past ten years have been the most transformative in tech,” Warner says.

With the forthcoming GitHub acquisition by Microsoft at the front of everyone’s mind, Warner addressed the news briefly:  

“We’ve been acquired… Microsoft is changing its approach to open source. Our openness isn’t going anywhere. While we don’t have a close date yet, we expect to close towards the end of the year.”

In a later press conference, Warner stated that Microsoft wasn't targeting any particular aspect of what GitHub is doing, besides its large developer base and its reputation as 'something special'.

To celebrate GitHub's collective future, the company unveiled a slew of announcements including a ten-year commitment to openness, customisation, and community innovation.

“Every change affects the entire software development platform. It’s invigorating.”

GitHub Actions

GitHub Actions, currently in a limited public beta for those on Developer, Team, and Business Cloud plans, allows users to connect and share code containers to run software development workflows.  

“Easily build, package, release, update, and deploy your project in any language—on GitHub or any external system—without having to run code yourself.”

The company says that by applying open source principles to workflow automation, GitHub Actions can help to pair tools and integrations with users’ own custom actions or those shared by the GitHub community, no matter what the platform or language.

“Develop and share actions to automate any task your projects require, building on an ecosystem of options. Whether you need to package an NPM module, send an SMS alert, or deploy production-ready code to the cloud in parallel, you can create or find a GitHub Action for the job.”

The company has also refreshed a number of projects aimed at improving security across multiple areas, particularly as security challenges that underpin software are community problems, not ones limited to CISOs.

GitHub security vulnerability alerts support Java, .NET

Java and .NET is now supported by GitHub security vulnerability alerts, adding to support for Python, Ruby and JavaScript.

The security vulnerability alerts allow developers to receive alerts when their code repositories rely on packages that have known security vulnerabilities.  Organisations can also set up alerts for teams and individuals when a vulnerability occurs.

GitHub Token Scanning for public repositories

Currently in public beta, Token Scanning scans public repositories to search for known token formats. If it finds a token, the provider receives an alert. The provider can validate and contact the account owner to issue a new token.

GitHub Security Advisory API

GitHub says that security advisories are part of a public service and to help build a powerful security platform. The platform aggregates and validate security vulnerabilities across millions of projects. 

The GitHub Security Advisory API is now able to be integrated into tools and services already in use. 

“The Security Advisory API provides a foundation for GitHub, researchers and integrators to collectively create a more secure future.”

GitHub Connect

GitHub is also focusing on the idea of ‘connection’ to break down organisational barriers through GitHub Connect. GitHub Connect aims to unify the development experience across deployment types. 

“GitHub Connect includes three features: Unified Business Identity, Unified Search, and Unified Contributions. These initial releases make it easy for developers to connect to our public data and communities whether their companies run GitHub Enterprise or GitHub Business Cloud.”

Unified Search and Contributions for GitHub Enterprise 2.15

Developers can search public repositories on GitHub.com and private repositories in their Business Cloud organisations without leaving GitHub Enterprise. Developers can also use Unified Contributions to get recognition for their work.

GitHub adds three new Learning Lab courses

GitHub Learning Lab is an interactive way to grow development skills in real-world scenarios. The labs are guided by a bot and repositories that teach users how to get started, manage merge conflicts, how to contribute to open projects.

The three courses include securing workflows, reviewing a pull request, and getting started with GitHub Apps.

Learning Lab for GitHub Business Cloud customers (GitHub Enterprise support coming soon)

Organisations can now use Learning Lab’s free courses to onboard new developers, increase productivity, and share new skills across teams. 

“With GitHub Learning Lab for organisations, you can create private courses and learning paths, customise course content, and access administrative reports and metrics.”

Suggested changes (public beta)

To a round of applause, senior director of product management Kathy Simpson announced suggested changes, which are available on Developer, Team and Business Cloud plans.

“Collaboration is key to building better software, faster. Now your collaborators can suggest, edit and accept changes inline with a single click. No more copy pasting and moving between tools to accept suggestions.”

Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Security top priority for Filipinos when choosing a bank - Unisys
Filipinos have greatest appetite in Asia Pacific to use biometrics to access banking services
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.