|New From GitHub Universe|
|Written by Lucy Black|
|Friday, 15 November 2019|
GitHub Universe, its annual user event, took place this week. Here is a round up of its notable announcements including the launch of GitHub SecurityLab which aims to bring together security researchers across the industry to secure the open source ecosystem.
If you prefer to see and hear what CEO Nat Friedman announced at GitHub Universe 2019, here's the Day 1 Keynote:
The new product revealed during the keynote brings GitHub collaboration tools to small screen. The idea is that GitHub for mobile gives you the flexibility to move work forward and stay in touch with your team, wherever you are, with the ability to review code and merge changes from anywhere.
Two products we've met before, GitHub Actions launched at Universe 2018 and GitHub Packages, introduced in May as GitHub Package Registry are now generally available. GitHub Actions and Packages are now part of every developer account with included minutes, storage, and data transfer and are free for all public repositories. You can use Actions to automatically publish new package versions to GitHub Packages, trigger package installs with Actions, and install packages and images hosted on GitHub Packages or your preferred registry of record with minimal configurations. This enables developers to automate workflows from code to cloud.
Improvements to GitHub's tools and facilities were also announced. Code Navigation, which has been in limited public beta is now available for all Rugy, Python and Go repos with more languages coming soon. It consists of two features: jump to definition and find all references. Hovering over function and method calls will expose jump-to-definition links and references by line number for all call sites in the blob content within the same repository.
A new search experience is also being introduced over the coming months that will provide better results thanks to matching special characters and being case sensitive. You can sign up to be added to the waitlist for the limited beta. Two other features being beta tested were also announced: Code review assignment, which aims to help distribute workload evenly across a team is currently available as public beta for all users who are members of an organization. Scheduled reminders which enables sending Slack notifications for pending code reviews to the channel of your choice is in limited public beta and will be made generally available over the next few months. For those who want to participate in pre-release features on GitHub there's a new facility called Feature Preview which gives GitHub users the chance to opt in to beta features for the opportunity to share feedback throughout the rollout process.
Universe 2019 Day 1 also marked the release of GitHub Enterprise Server 2.19 which includes updates to community and project management, developer productivity, and new security features. Security was also the main focus of Day 2 with the announcement of GitHub Security Lab which will bring together security researchers, maintainers, and companies across the industry to help secure the open source ecosystem. Companies who are partnering in this initiative include: Google, HackerOne, Intel, J.P. Morgan, LinkedIn, Microsoft, Mozilla, NCC Group, Oracle, Uber and VMWare.
GitHub Security Lab is looking for help from security researchers and those who work ion security teams stating:
Securing the world’s open source software will require the whole community to work together.
and will run events and share best practices to help everyone participate.
As an initial step GitHub Security Lab is making CodeQL, which GitHub acquired through its recent purchase of Semmie, free to use on open source code. CodeQL is a tool many security research teams around the world use to perform semantic analysis of code, and GitHub says it has used it to find over 100 reported CVEs in some of the most popular open source projects. It also launched the GitHub Advisory Database, a public database of advisories created on GitHub, plus additional data curated and mapped to packages tracked by the GitHub dependency graph.
or email your comment to: email@example.com
|Last Updated ( Thursday, 19 March 2020 )|