GitHub Explains Fundamentals Program
Written by Kay Ewbank   
Tuesday, 13 February 2024

GitHub has been explaining the work of its Engineering Fundamentals Program and how this is being used to ensure GitHub's 100 million users across the world have "uninterrupted access to GitHub's products and services on a platform that is always available, secure, and accessible."

The Fundamentals program aims to ensure that there is clear prioritization of the work needed in order for GitHub to guarantee the success of their platform and products.

githubdeklogo

The goal of the Fundamentals was to help GitHub "address tech debt, improve reliability, and enhance observability of our engineering systems". 

This is a tall order, but GitHub says the program is used to make sure that work is prioritized to ensure GitHub can meet its goals of running a successful platform. This relies on looking at the accessibility, security and availability of the platform.

Fundamental Scorecards are used to provide measurements of progress against these goals. The scorecards show whether a service or feature in GitHub has reached some expected level of performance against the GitHub standard. GitHub expects that some scorecards will eventually become concrete technical controls, at which point any deviation will be treated as an incident and other automated safety and security measures may be taken, such as freezing deployments for a particular service until the issue is resolved.

Each service has a set of attributes that are captured in a YAML file, such as a service tier (tier 0 to 3 based on criticality to business), quality of service (QoS values include critical, best effort, maintenance and so on based on the service tier), and service type. The Fundamental scorecards read the service's YAML file and start monitoring the applicable services based on their attributes. If the service does not meet the requirements, an action item is generated with an SLA for effective resolution. A corresponding issue is automatically generated in the service's repository to tie into the developer's workflow.

Among the scorecards in use, code scanning is used to track security vulnerabilities in GitHub software, using CodeQL to detect vulnerabilities during development. Other scorecards are used to track secrets in GitHub's repositories; and to measure incident readiness.

blog post describing the Fundamentals program is available now.

githubdeklogo

 

More Information

GitHub Developers Blog Explaining Engineering Fundamentals

Related Articles

GitHub Announces AI-Powered Changes

GitHub Releases Innovation Graph

GitHub Sees Exponential Rise In AI

GitHub Enterprise Server Adds Projects Support

GitHub Enterprise Adds Centralized User Accounts

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Wasmer 5 Adds iOS Support
12/11/2024

The Wasmer team has released Wasmer 5.0. The WebAssembly runtime adds experimental support for more back ends including V8, Wasmi and WAMR. It also now has iOS support, and upgraded compilers includin [ ... ]



Edera Releases Open Source Container Benchmark And Scanner
07/11/2024

Edera has released Am I Isolated, an open source container security benchmark that probes users runtime environments and tests for container isolation.


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 13 February 2024 )