GitHub is home to
thousands of software communities, from open source projects to enterprises,
from small teams to the largest organizations. This year’s Satellite, GitHub’s
first virtual conference, is all about giving communities tools to come together
to solve the problems that matter to them and removing barriers that stand in
their way.
Earlier this year, GitHub made GitHub
free for teams to ensure cost isn’t a barrier for teamwork on GitHub. The
company expanded GitHub Sponsors to more than 30 countries to help developers
make a living from open source. GitHub launched GitHub for mobile, which has already
helped hundreds of thousands of developers collaborate on the go. GitHub also
brought npm to the GitHub family to support the largest developer ecosystem in
the world. This week, GitHub launched four new products to help all software
communities work together:
● GitHub Codespaces
○ A complete dev environment within
GitHub that lets developers contribute immediately
● GitHub Discussions
○ A new way for software communities to
collaborate outside the codebase
● Code scanning and secret scanning
○ Helping communities on GitHub produce
and consume more secure code
● GitHub Private Instances
○ Collaboration even for stringently
regulated customers
Start coding in seconds on GitHub with
GitHub Codespaces Available in limited public beta Contributing code to a
community can be hard. Every repository has its own way of configuring a dev
environment, which often requires dozens of steps before developers can write
any code.
Even worse, sometimes the environment of
two projects they are working on, conflict with one another. GitHub Codespaces
gives developers a fully featured cloud-hosted dev environment that spins up in
seconds, directly within GitHub, so they can start contributing to a project
right away.
Codespaces can be configured by
developers to load their code and dependencies, developer tools, extensions,
and dotfiles. Switching between environments is simple—they can navigate away
at any time, and when they switch back, their codespace is automatically
reopened.
Codespaces in GitHub include a
browser-based version of the full VS Code editor, with support for code
completion and navigation, extensions, terminal access, and more. If they
prefer to use their desktop IDE, developers will be able to start a codespace
in GitHub and connect to it from your desktop.
Pricing for Codespaces has not been
finalized, but code-editing functionality in the codespaces IDE will always be
free. GitHub plans to offer simple pay-as-you-go pricing similar to GitHub
Actions for computationally intensive tasks such as builds. During the beta, Codespaces
is free.
Stay on top of the conversation with
GitHub Discussions Available in beta for public repositories soon Software
communities don't just write code together—they brainstorm feature
ideas, help new users get their bearings, and collaborate on best ways to use
the software. Until now, GitHub only offered issues and pull requests as places
to have these conversations. But issues and pull requests both have a linear
format—well suited for merging code, but not for creating a community knowledge
base. Conversations need their own place—that’s what GitHub Discussions is for.
Discussions live in the project repository,
so they’re accessible where the community is already working together. Their
threaded format makes it easy to start, respond to, and organize unstructured
conversations. Questions can be marked as answered, so over time a community’s
knowledge base grows naturally. And because discussions aren’t closed the way issues
are, they can easily serve as a place for maintaining FAQs and other
collaborative documentation. GitHub recognizes that community discussion is as
much a part of development as coding, so discussion contributions appear in
users’ contribution graphs.
GitHub is in beta with a few open source
communities and will be making Discussions available to other projects soon.
Keep your code secure with code scanning
and secret scanning
New features available in beta
Collaborating in software communities
requires tools to help consume and produce code safely and keep each other
secure from our own mistakes. Last year GitHub announced the acquisition of
Semmle, introduced code security in developer workflows on GitHub, made GitHub
a CVE Numbering Authority, and launched our GitHub Advanced Security offering.
GitHub is now expanding its products with
two new cloud betas:
●Code scanning is now available as a
GitHub native experience. With code scanning enabled, every `git push` is scanned for
new potential security vulnerabilities, and results are displayed directly in
the pull request. Code scanning uses the world’s most advanced semantic analysis engine,
CodeQL, which has an unmatched record finding
real vulnerabilities. GitHub is making
code scanning free for open source to help keep the world’s most important software
secure. Any public project can sign up.
● Secret scanning is now available for
private repositories. This feature (formerly named token scanning) has been
available for public repositories since 2018. GitHub has worked with many
partners to expand coverage, including AWS, Azure, Google Cloud, npm, Stripe,
and Twilio. With over ten million potential secrets identified, customers have asked
to have the same capability for their private code. Now secret scanning also watches
private repositories for known secret formats and immediately notifies developers
when they are found.
Code scanning and secret scanning are
available for free for all public repositories, and available as part of GitHub Advanced
Security. Get our most secure and compliant offering with GitHub Private
Instances Coming soon Enterprises rely on communities on GitHub to build and
use software, and the company wants every enterprise to do so with confidence,
no matter how strict their requirements are for security and compliance.
GitHub today
introduced their plans for GitHub Private Instances, a new, fully-managed
option for our enterprise customers. Private Instances provides enhanced security,
compliance, and policy features including bring-your-own-key encryption, backup
archiving, and compliance with regional data sovereignty requirements.
Keep Exploring
Watch the GitHub Satellite keynote with
all of these announcements and sessions from 50 speakers from around the world
speaking about security, DevOps, collaboration and more — or join the
discussion.
Mumbai, 07 May 2020