Webcast recap: Driving secure, collaborative development

webcast blog image

Security is an essential part of any engineering organization—especially in regulated industries, like automotive.

In our recent webcast, "Driving secure, collaborative development", GitHub Solutions Engineer Phil Holleran walked through GitHub features that can make your security and compliance workflows less painful. Here are some key takeaways and a link to watch the recording.

Watch the webcast

Secure accounts and organization

Simple as it may sound, enforcing multi-factor authentication (MFA) across your organization is an easy way to avoid security vulnerabilities and outsider access. It’s also important to periodically audit the other ways people in your organization can authenticate and deploy. Occasional reviews help you check if the applications and keys are still in use, and if your users have successfully authorized them to act on their behalf.

Secure applications and integrations

Personal access tokens and OAuth applications can present security challenges with complex permissioning. Use GitHub Apps to eliminate the need for machine users, and only grant access to the people who need it.

Secure code

With GitHub branch protection, protect your code from unwanted modifications by preventing force pushes (and deletion) and requiring code reviews. With the new code owners feature in GitHub, you can easily automate the assignment of reviewers.

To learn more, watch the recording.

Check out other webcasts

Diversity and inclusion at GitHub Universe

universe october 11-12

Universe is just around the corner and we wanted to take one more opportunity to acknowledge our 2017 Community Partners. The following incredible organizations were kind enough to assist with scholarship ticket distribution this year and we are looking forward to seeing them at the conference this week.

Last month, we reached out to our Community Partners and asked them to share why diversity and inclusion matters to them—here are some of their responses.

"If technology is going to be used to solve some of the problems facing society today, the people who have experienced these issues firsthand must be on the development teams. Diversity and inclusion must encompass all things—not just race, gender, sexual orientation, age, and educational background. It must include the various backgrounds and life experiences that make up our society."

  • Victoria Westbrook, Program Graduate and Director of Programs and Operations at Code Tenderloin

"We all benefit when we use everyone's talents to make the world a better place. The more awesome people we have working on the world's hardest problems, the better."

  • Makinde Adeagbo, Founder and CEO of /dev/color

"Older Women Coders recognizes the inherent value in older STEM workers. We know that older STEM workers are an underserved market because our own needs are not being met."

  • Julee Burdekin, Older Women Coders

“We believe that the difference that many refer to as a "technical mindset" versus a "non-technical" mindset is primarily cultural. Operation Code works to bridge that cultural gap with a welcoming environment and a friendly community.”

  • Conrad Hollomon, Operation Code

“It’s been proven that focusing on diversity and inclusion creates space for more voices to share knowledge, create ideas and thus solve problems better. That’s why we’re excited to attend the Github Universe conference, where there’s a focus on making sure those from diverse backgrounds have the opportunity to learn, have their opinions matter, and solve problems with the best engineers in the universe.”

  • Albrey Brown, Director of Diversity and Inclusion at Hack Reactor

We’re beyond excited to see these organizations represented at GitHub Universe. If you weren't able to buy your ticket, there are a few ways for you to join us remotely. Watch from a viewing party in Berlin, London, or Paris—or tune into the livestream at githubuniverse.com/watch.

Release Radar · November 2017

GitHub Release Radar October 2017 Edition

We’re kicking off Cyber Security month with a few projects to help up your security game with the tools and know-how to protect yourself from common vulnerabilities.

These are the new projects and releases on our radar built to keep your code safe from across the GitHub community, help you work more efficiently, and have some fun with quadrotors.

Brakeman 4.0.0: Guard your Rails apps from threats

Brakeman is an open source static analysis tool that checks for security vulnerabilities in Ruby on Rails applications. It can guard against common web vulnerabilities like SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, and more.

Installation is simple. Run brakeman against your Rails app, and guard against Little Bobby Tables and friends:

Possible SQL injection near line 1337:
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))

OWASP Juice Shop 5.0.0: Discover new vulnerabilities

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript covering the OWASP Top Ten and other severe security flows. The release notes introduce some of the new features and challenges like the NoSQL Injection challenge.

OWASP Juice Shop 5.0.0

Why not level up your web security skills or host a Capture the Flag (CTF) event? OWASP Juice Shop is easy to install on Windows/MacOS/Linux. Choose from Node.js, Docker, or Vagrant to deploy.

Speaking of Vagrant...

Vagrant 2.0: Create and configure lightweight development environments

Vagrant is a tool for building, maintaining, and distributing development environments running on local virtualized platforms like VirtualBox or VMware. Use Vagrant in the cloud via AWS or OpenStack—or in containers like Docker or raw LXC.

Find out more about in the Vagrant 2.0 annoucement.

Vagrant 2.0

Did you know: Since the project began more than seven years ago, 750 contributors have helped move it forward.

Stories Untold Update #3: An experimental text adventure

In Stories Untold, viruses and cybersecurity are the least of your worries. This award-winning game from No Code Studio is a compilation of experimental text adventure games that'll have you on the edge of your seat.

The latest release fixes a number of bugs and introduces support for macOS.

Did you know: Stories Untold started out as game jam entry for the Ludum Dare competition. The first episiode, originally called House Abandon, was built in a single weekend by just two people.

Voyager 1.0: Get help with administrative tasks

Voyager is an Admin Package for Laravel to enable CRUD tasks (creating, replacing, updating, or deleting) content. Well, they prefer BREAD (reading, editing, adding, and deleting content).

Read more in the 1.0 announcement blog post.

Voyager 1.0

AirSim 1.0: Experiment with AI

AirSim is an open source simulator for drones, cars, and more available as a plugin for Unreal Engine. Developed by Microsoft Research AI, AirSim is a platform to experiment with deep learning, computer vision, and reinforcement learning algorithms for autonomous vehicles. Find out more or read the recently-published paper from the Field and Service Robotics conference on their website.

AirSim 1.0

Did you know: Quadrotors were the first vehicles to be implemented in the platform, but there’s also support for self-driving cars—and you can take over the controls manually.

React v16.0: A JavaScript library for building user interfaces

React, a declarative JavaScript library for building component-based user interfaces for web and mobile recently released v16.0. This is the first version of React built on top of a new core architecture, codenamed “Fiber”. The v16.0 announcement post has all the details.

Installing or upgrading with Yarn is as easy as:

yarn add react@^16.0.0 react-dom@^16.0.0

Speaking of Yarn...

Yarn 1.0.0: Fast, reliable dependency management

Almost a year after it was initially released, the Yarn JavaScript dependency manager just hit 1.0.

At Facebook, Yarn has been adopted across many codebases including the main Facebook app and website, Instagram, Oculus, and WhatsApp. Yarn supports hundreds of thousands of package installs on our systems every day. It was designed to scale even when a project has hundreds or thousands of direct or transitive dependencies.

The 1.0 release introduces a number of new features like Workspaces, auto-merging of lockfiles, and a whole bunch of performance improvements and bug fixes to help developers move fast and ship software. Find out more in their blog post.

JGProgressHUD 2.0: Simple progress HUDs for iOS and tvOS apps

pProgressHUD  2.0

Build simple progress HUDs for iOS and tvOS apps with JGProgressHUD. It's simple to use, has customizable styles, and there are plenty of examples to play with. A little Swift can go a long way:

let hud = JGProgressHUD(style: .dark)
hud.textLabel.text = "Loading"
hud.show(in: self.view)
hud.dismiss(afterDelay: 3.0)

JGProgressHUD example

Speaking of Swift...

Swift 4.0

Congratulations to the Swift team and to all the contributors working on Swift 4.0! Find out more about the release in announcement blog post, or check it out for yourself in this Xcode playground showcasing the new features in Swift 4.0.

Thanks to everyone building projects that make our community great. Are you releasing something exciting soon? We'd love to help you celebrate! Send a note to releaseradar@github.com.

Project note summary cards bring more context into your boards

Now you can get a more complete overview of the work going into your project without leaving your project board. When you reference an issue or pull request in a note, you'll see a preview of the cross-referenced link in a summary card.

Example of project summary cards

Projects are a great way to organize tasks, but often those tasks have external dependencies to keep track of. Notes provide a way to add links to those external dependencies. Now, those references will bring valuable context like assignee, state, and labels right into view on the board.

You can add any issue or pull request on GitHub to your project by entering its URL into the note field. If it can be a first class card in the project, we'll convert it for you. If it's outside the scope of your project, you'll see the new summary card instead. This behavior is automatically applied to all notes, so there's nothing you need to do to upgrade your existing boards.

GitHub Universe is almost here

universe_blog_header

Our flagship conference is just a week away, and tickets are almost sold out! Don’t miss your chance to hear about some of our biggest product ships, learn from industry experts in over 40 breakout sessions, and support a great cause at the Universe After Party featuring Neon Trees.

Get tickets

Make this Universe yours

There’s something for everyone at our flagship community conference. If you can make it, here are a few events you might want to make part of your mission.

Executive keynotes at Pier 70

Get a closer look at new GitHub products and plans from Co-Founder and CEO, Chris Wanstrath, and SVP Technology, Jason Warner.

Ask GitHub

From using the command line to landing your dream job, experts from the GitHub Team are ready to help you do more. Just stop by the Ask GitHub area when you arrive!

The Universe After Party at Mezzanine

Support one of our closest nonprofit partners Maven—an organization that empowers LGBTQ youth to network, organize, and build tech solutions for social change—and celebrate with a set from our headliner, Neon Trees.

Check out the schedule

Watch where you are

If you can’t make it to San Francisco, we’re hosting viewing parties in three cities across Europe. Join developers in your community for the next best thing to being there.

Join a viewing party

u17_sponsor_lockup

Celebrate open source this October with Hacktoberfest

Hacktoberfest returns this October

Celebrate open source this October by participating in the fourth annual Hacktoberfest, a month-long celebration of open source software in partnership with DigitalOcean.

Last year, contributors from 114 countries submitted over 90,000 pull requests to all kinds of projects—everything from documentation tweaks and bug fixes to new features and performance improvements.

Some incredibly welcoming communities and projects like Home Assistant, the open source home automation platform, saw over five hundred contributions throughout the month. Some first time-contributors continued on projects and have gone on to become regular contributors and maintainers.

Home Assistant Hacktoberfest Tweet

Whether it's your first or four-hundredth contribution, we think everyone can get something out of Hacktoberfest—the thrill of committing to open source or the rush that comes with your first merged pull request, for example.

@AlexandraABowen Hacktoberfest Tweet

If that's not enough, consider the free limited-edition t-shirt you'll receive when you make four valid pull requests! Please visit the Hacktoberfest website for full details.

Free Hacktoberfest 2017 T-shirt for completing four pull requests

Connect with other participants, show the world your contributions, or just show off your new shirt with the #hacktoberfest hashtag on Twitter, Facebook, or Instagram. We love hearing about your first open source contributions 🎉

Don't know where to start? If you've got the skills and a little free time this October, there's an open source project that could use your help.

To participate, simply open a pull request and contribute to any open source project during the month of October. Fix a bug, add a feature, or even improve some documentation. You can find projects that need your help by searching the hacktoberfest label and filtering for your programming language of choice.

Learn more from the Hacktoberfest website

Inline comments in GitHub for Visual Studio

GitHub for Visual Studio 2.3 adds the ability to comment on pull requests directly from your IDE. Simply open a pull request in the GitHub pane in Visual Studio, and open a compare view, and you'll see existing comments right there in the editor. Click the icon in the margin to add new comments.

Inline comments using without leaving your IDE

The functionality is limited right now to adding single comments, but we're hoping to bring the whole GitHub review experience right into Visual Studio soon!

On top of that, we've shipped a whole bunch of new features and bugfixes. To find out more check out the release notes.

New in the GitHub Shop: Octocat laptop decals

decals

Looking for a new way to protect your laptop and stand out from the crowd? We've got two new game-inspired decals that are ready to shield your laptop against unforeseen scratches. No need to thank Mona—she's just doing what she can to help you keep your laptop looking its best.

Shop the decals

decals2

Through thick and thin, you can count on this Vinyl Disorder decal to have your back—or at least the back of your laptop.

Choose from "Boxing Mona", ready to knock out tasks with a one-two punch, or "Adventure Mona", fearlessly leading the way to her next ship. Decals work for all laptop brands and come in small for 11"-13" laptops or large for 15"-17" laptops.

Learn more

Announcing GitHub Desktop 1.0

Collaborating on GitHub with the power of a GUI application just got easier! GitHub Desktop 1.0 is now available.

1.0!

A few months ago, we completely redesigned and reimplemented GitHub Desktop on Electron to provide a simpler, more unified experience. The public beta launched in May. Since then we've been hard at work fixing bugs, adding features, and responding to feedback—but now we're ready for prime time. Here's an overview of what you'll see in 1.0.

Download now

Image diffs

Image diff example

Easily compare changed images. See the before and after, swipe or fade between the two, or look at just the changed parts.

@mathieudutour implemented image diffs for Kactus, a design review tool forked off GitHub Desktop. Then he was kind enough to submit the work back upstream to us!

Faster cloning

Clone dialog

See all your repositories and clone them with the click of a button. Git LFS assets download in parallel for even faster cloning.

Integrated

Editors and terminals

Open your favorite editor or shell from the app, or jump back to GitHub Desktop from your shell. GitHub Desktop is your springboard for work.

Everywhere

GitHub Desktop works with GitHub Enterprise. Log in to your GitHub Enterprise server, clone, commit, push, and pull. Whether you're working on a personal or company project, GitHub Desktop is here to help.

Open source

GitHub Desktop is open source and we've already received some fantastic contributions from the community. Go check out our roadmap, contribute, and help us make collaboration even easier.

Classic apps

We think GitHub Desktop is a big step forward—but don't worry, we won't force you to update! If you have a good thing going with the classic Mac or Windows app, you can continue to use them and move over to the new app when you're ready.

Download now

Project navigation for the way you work

Today we shipped accessibility enhancements to GitHub Projects that make it easier for everyone to navigate and update their project boards. If you rely on assistive technology or prefer using the keyboard to get work done, you can now use these tools more effectively to manage your projects on GitHub.

animation

With new keyboard shortcuts, you can efficiently move and navigate between cards and columns. Select a card or column using the enter key and move it anywhere
on the board. Commit the change with enter again, or cancel it with escape. Press the ? key on any project board to review the new keyboard shortcuts in more detail.

We're committed to building tools that empower everyone to work better together. The changes we're announcing today are a first step toward more accessible project management on GitHub. We'd love to hear from you about other ways we can help you do your best work.

GitHub Constellation is coming to a city near you

blog-email

In June, we hosted Constellation Tokyo, our first-ever conference in Japan. Now, we’re bringing this two-day event for software builders and entrepreneurs to cities around the world.

Every Constellation is customized to fit the city it’s hosted in. Most will have two events: one dedicated to the local GitHub community and another dedicated to how people use GitHub at work. Take a look at the host cities, and sign up for the event that fits your interests.

Find a Constellation near you

We’ve planned Constellation events in these cities, but we’ll keep adding stops.

Sign up to receive updates on the Constellation site if you don’t see a convenient location to meet us.

Git LFS 2.3.0 released

LFS

Git LFS v2.3.0 is now available with performance improvements to git lfs migrate and git clone, new features, bug fixes, and more.

Download Git LFS v2.3.0

git lfs migrate

With our latest release, git lfs migrate ships with a native implementation for reading packed objects: an important next step to making Git LFS's migrator performance significantly faster. Git LFS also learned how to avoid saving unchanged objects, making it 52% faster[1] to examine your repository for large objects than in previous releases.

~/g/git-lfs (master) $ git lfs version
git-lfs/2.2.1 (GitHub; darwin amd64; go 1.8.3; git 621d1f82)

/g/git-lfs (master) $ time git lfs migrate info
migrate: Sorting commits: ..., done
migrate: Rewriting commits: 100% (5840/5840), done
# ...
git lfs migrate info  36.30s user 19.80s system 147% cpu 38.127 total
~/g/git-lfs (master) $ git lfs version
git-lfs/2.3.0 (GitHub; darwin amd64; go 1.8.3; git 70995b39)

~/g/git-lfs (master) $ time git lfs migrate info
migrate: Sorting commits: ..., done
migrate: Examining commits: 100% (5840/5840), done
# ...
git lfs migrate info  23.74s user 5.71s system 162% cpu 18.144 total

git clone

The git clone command is now 170% faster on repositories using Git LFS than in previous releases.[2] That means the native git clone command is as fast as the (now deprecated) git lfs clone wrapper. With simultaneous object batching and transferring, you can expect dramatic performance improvements for tools that shell out to git clone or git checkout.

You'll also find support for new transfer agents, release targets, documentation, and more—all of which are thanks to gracious contributions from the Git LFS open source community.


For more information about the Git LFS v2.3.0 release, check out the release notes.

Introducing our Universe Community Partners

universe_blog_header

With GitHub Universe one month away we are excited to announce our 2017 Community Partners!

We choose Community Partners based on several criteria but the three main questions we ask ourselves when reaching out to potential organizations are:

  • Does their work assist in lowering barriers for people from underrepresented backgrounds to enter and succeed in the tech industry?
  • Do they have an audience that can benefit from complimentary tickets to the conference?
  • Are they making a positive social impact, namely in the geographic region where the conference will take place?

GitHub’s push towards a more diverse, inclusive and accessible Universe is rooted in the fact that bringing together people from disparate backgrounds fosters innovation within our industry. If we're not working to actively engage people from all walks of life, we're doing our community a disservice. The more we can bring diverse communities together, the more enriching, educational and valuable an experience we can provide for everyone.

Meet our 2017 community partners at GitHub Universe

Our 2017 community partners

With that, we are happy to introduce you to this year’s Universe Community Partners. We encourage you to read ahead in order to learn more about them and the valuable work they do.

Who they are and what they do

  • Code Tenderloin’s mission is to remove barriers that keep people from securing long-term employment. They believe that homelessness, prior substance abuse, prior incarceration, or other barriers should not define a person’s future nor disqualify them from securing jobs.
  • Economic power is key to breaking the cycle of exploitation among vulnerable communities. AnnieCannons trains survivors of human trafficking to become software professionals. Their holistic program trains and equips survivors to independently support themselves and their families.
  • Techqueria is a professional community for Latinxs in tech where Latinx folks can network and advance their careers, offer low-income communities access to tech, and assist in increasing the opportunities for other Latinxs in tech.
  • /dev/color helps Black software engineers grow into industry leaders. They ensure Black engineers fulfill the promise of their talents, transform the industry, and use their resulting skills and position to give back to their communities.
  • Older Women Coders joined together to empower older coders, especially those who have “aged-out” of STEM. They seek to establish a channel of visibility for older women STEM workers, provide continuing education, and eliminate the stigma of age in tech.
  • Code2040 creates pathways to educational, professional, and entrepreneurial success in technology for underrepresented minorities with a specific focus on Black and Latinx people. The Code2040 Fellows Program builds bridges between top, college-level Black and Latinx computer science students and companies who are in need of their talent.
  • Operation Code is veteran-founded and led. Their mission is to help the military community (transitioning service members, veterans, and military spouses) learn software development, enter the tech industry, and code the future through mentorship, scholarship programs, and community outreach near military bases.
  • Telegraph Track is a Hack Reactor community that supports underrepresented students as they go through Hack Reactor’s bootcamp. They offer a safe space, leadership development, mentorship, and networking opportunities to members. Then Telegraph Track connects members with companies that have diversity and inclusion top of mind.

Please follow GitHub's Community Twitter account for announcements from our Community Partners in the coming weeks.

The data science behind topic suggestions

Add topics to repositories

Earlier this year, we launched topics, a new feature that lets you tag repositories with descriptive words or phrases. Topics help you create connections between similar GitHub projects and explore them by type, technology, and other characteristics they have in common.

All public repositories show topic suggestions, so you can quickly tag repositories with relevant words and phrases. These suggestions are the result of some exciting data science work—in particular, a topic extraction framework based on text mining, natural language processing, and machine learning called repo-topix.

Learn more about repo-topix from the Engineering Blog

Topic suggestions close up

Now when you add or reject topics, you're doing more than keeping projects organized. Every topic will contribute to surfacing connections and inspiring discovery across GitHub. Repository names, descriptions, and READMEs from millions of public projects serve as the very start of an ever-evolving knowledge graph of concepts. Eventually, the graph will map how these concepts relate to each other and to the code, people, and projects on GitHub.

Topics is part of a greater effort to use our public data to make meaningful improvements to how people discover, interact, and build on GitHub. We'll be sharing more ways that data can improve the way you work at Universe—our flagship product and community conference.

Get tickets to GitHub Universe

Introducing GitHub Enterprise 2.11

Enhance performance in high availability environments, define more granular permissions, and seamlessly review code with GitHub Enterprise 2.11. Our latest release brings together some of the most-requested features to make your team's development process smoother and more efficient.

Ready to upgrade?
Download GitHub Enterprise 2.11

Enhance performance with geo-replication

Geo-replication is now out of early access and available in Enterprise 2.11. Geographically distributed data centers use multiple replicas, so requests are always sent to the closest server and fulfilled faster than ever before.

Learn more about geo-replication

Reduce downtime during patch upgrades with hotpatching

Hotpatching is also out of early access and available in GitHub Enterprise 2.11. Now, you'll almost always be able to upgrade to a newer patch release with zero downtime—no need to sweat about last minute security fixes.

Learn more about hotpatching

Define permissions with nested teams

Whether you're working on a project within your team or across departments, nested teams keep information clearly organized. With Enterprise 2.11, you can make sure the right people have access to the right code and reduce noise as contributors grow. Child teams inherit their parent’s access permissions, so repository permissions and mentioning among nested teams work from top to bottom, improving the flow of communication. For example: If your team structure is Employees > Engineering > Application Engineering > Identity, granting Engineering write access to a repository means Application Engineering and Identity also get that access.

how to use nested teams

Learn more about nested teams

Save time with code review improvements

Great reviews can take a village. With team reviews, you can ask an entire team to look at your pull request with one mention. Just tag the team in the "Reviewers" section of your pull request for better reviews from more teammates in less time.

Learn more about team reviews

You can now define exactly which people and teams always need to review projects with code owners. Select code owners, and they’ll automatically be requested for review when a pull request touches the files they own. There’s also a protected branch option, which requires code owners to leave a review before anyone can merge a pull request to the branch. Never worry about mistaken merges going unnoticed again.

Learn more about code owners

With Enterprise 2.11, you can also navigate to changed methods and functions right from your pull request file finder in Go, Javascript, Ruby, Python, or TypeScript files. Your team will have a better understanding of changes in code review and a faster path to shipping the best possible version of your code.

python-changed-functions

Learn more about changed method and function review

Additional updates

Upgrade today

Download GitHub Enterprise 2.11 to start using these features today. You can also check out our release notes to learn more, and enable update checks to automatically check when the next GitHub Enterprise release is available.

Want to try GitHub Enterprise?
Request a free 45-day trial