GitHub codespaces securing code in private repositories

GitHub is home to thousands of software communities, from open source projects to enterprises, from small teams to the largest organizations. This year’s Satellite, GitHub’s first virtual conference, is all about giving communities tools to come together to solve the problems that matter to them and removing barriers that stand in their way.

Earlier this year, GitHub made GitHub free for teams to ensure cost isn’t a barrier for teamwork on GitHub. The company expanded GitHub Sponsors to more than 30 countries to help developers make a living from open source. GitHub launched GitHub for mobile, which has already helped hundreds of thousands of developers collaborate on the go. GitHub also brought npm to the GitHub family to support the largest developer ecosystem in the world.

This week, GitHub launched four new products to help all software communities work together:

● GitHub Codespaces
○ A complete dev environment within GitHub that lets developers contribute
immediately
● GitHub Discussions
○ A new way for software communities to collaborate outside the codebase
● Code scanning and secret scanning
○ Helping communities on GitHub produce and consume more secure code
● GitHub Private Instances
○ Collaboration even for stringently regulated customers

“Thousands of communities live on GitHub and today’s announcements reaffirm our commitment to foster them, help remove barriers, and connect new communities. By introducing GitHub Codespaces, GitHub Discussions and GitHub Advanced Security features, we are making the entire software development supply chain more collaborative and secure, and bringing the development environment to wherever developers want to work,“ said Maneesh Sharma, General Manager, GitHub India.

“The pace of digital transformation in India demands for modern, reliable and secure cloud- based development toolchains. Enterprises rely on communities on GitHub to build and use software. With GitHub Private Instances, enterprises who are looking to modernize their software development environment with a secure cloud platform, can rely on the same platform that supports more than 50 million developers globally. I’m excited about continuing to support developers and organizations through their innovation journey,” Sharma added.

Contributing code to a community can be hard. Every repository has its own way of configuring a dev environment, which often requires dozens of steps before developers can write any code. Even worse, sometimes the environment of two projects they are working on, conflict with one another. GitHub Codespaces gives developers a fully featured cloud-hosted dev environment that spins up in seconds, directly within GitHub, so they can start contributing to a project right away.

Codespaces can be configured by developers to load their code and dependencies, developer tools, extensions, and dotfiles. Switching between environments is simple—they can navigate away at any time, and when they switch back, their codespace is automatically reopened.

Codespaces in GitHub include a browser-based version of the full VS Code editor, with support for code completion and navigation, extensions, terminal access, and more. If they prefer to use their desktop IDE, developers will be able to start a codespace in GitHub and connect to it from your desktop.

Pricing for Codespaces has not been finalized, but code-editing functionality in the codespaces IDE will always be free. GitHub plans to offer simple pay-as-you-go pricing similar to GitHub Actions for computationally intensive tasks such as builds. During the beta, Codespaces is free.

Software communities don't just write code together—they brainstorm feature ideas, help new users get their bearings, and collaborate on best ways to use the software. Until now, GitHub only offered issues and pull requests as places to have these conversations. But issues and pull requests both have a linear format—well suited for merging code, but not for creating a community knowledge base. Conversations need their own place—that’s what GitHub Discussions is for.

Discussions live in the project repository, so they’re accessible where the community is already working together. Their threaded format makes it easy to start, respond to, and organize unstructured conversations. Questions can be marked as answered, so over time a community’s knowledge base grows naturally. And because discussions aren’t closed the way issues are, they can easily serve as a place for maintaining FAQs and other collaborative documentation. GitHub recognizes that community discussion is as much a part of development as coding, so discussion contributions appear in users’ contribution graphs.

GitHub is in beta with a few open source communities and will be making Discussions available to other projects soon.

Collaborating in software communities requires tools to help consume and produce code safely and keep each other secure from our own mistakes. Last year GitHub announced the acquisition of Semmle, introduced code security in developer workflows on GitHub, made GitHub a CVE Numbering Authority, and launched our GitHub Advanced Security offering. GitHub is now expanding its products with two new cloud betas:

● Code scanning is now available as a GitHub native experience. With code scanning
enabled, every `git push` is scanned for new potential security vulnerabilities, and results
are displayed directly in the pull request. Code scanning uses the world’s most
advanced semantic analysis engine, CodeQL, which has an unmatched record finding
real vulnerabilities. GitHub is making code scanning free for open source to help keep
the world’s most important software secure. Any public project can sign up.
● Secret scanning is now available for private repositories. This feature (formerly named
token scanning) has been available for public repositories since 2018. GitHub has
worked with many partners to expand coverage, including AWS, Azure, Google Cloud,
npm, Stripe, and Twilio. With over ten million potential secrets identified, customers have
asked to have the same capability for their private code. Now secret scanning also
watches private repositories for known secret formats and immediately notifies
developers when they are found.

Code scanning and secret scanning are available for free for all public repositories, and available as part of GitHub Advanced Security.

Enterprises rely on communities on GitHub to build and use software, and the company wants every enterprise to do so with confidence, no matter how strict their requirements are for security and compliance. GitHub today introduced their plans for GitHub Private Instances, a new, fully-managed option for our enterprise customers. Private Instances provides enhanced security, compliance, and policy features including bring-your-own-key encryption, backup archiving, and compliance with regional data sovereignty requirements.

For more information, visit, www.githubsatellite.com

SHARE
Previous articleelement14 Community Launches ‘Sustain The World’ Challenge
Next articleCitrix Expands Remote PC Access Offerings
ELE Times provides a comprehensive global coverage of Electronics, Technology and the Market. In addition to providing in depth articles, ELE Times attracts the industry’s largest, qualified and highly engaged audiences, who appreciate our timely, relevant content and popular formats. ELE Times helps you build awareness, drive traffic, communicate your offerings to right audience, generate leads and sell your products better.

LEAVE A REPLY