New github products in 2020
Github codespaces, Github discussions, code scanning and secret scanning, Github private instance.
Recently Github announced 4 new products to help all software development communities work together. This new feature are sure to change the way that make open
Github codespaces.(A New Way for Developer Communities to Collaborate Outside the Code Base)
Github codespaces offers a cloud-hosted development environment that initialize in seconds, directly in Github. The user can thus immediatly contribute to a project.
Github codespaces can be configured to load the developer’s code and dependencies as well as his development tools, extensions, and dotfiles. Switching from one environment to another is very simple. The user can navigate at any time. When he comes back, his code space is automatically reopened. Github codespaces contains a web version of the full vscode IDE. Support for code navigation, extensions, terminal access, etc. is included. If the user has a preference for his desktop IDE, he can start a code space in Github and connect to it from his workstation.
Github discussions.( A New Way for Developer Communities to Collaborate Outside the Code Base)
Communities of software developers don’t just write code together. They also think about new features, help new users find their way around, and collaborate on the best ways to use the software. Github believes that community discussion is as much a part of the development process as writing code. That’s why contributions to discussions appear in the graphs of user contributions.
With GitHub Discussions, conversations take place in a project repository. They are therefore accessible where the user is already working in the community. The fact that they exist in "threaded" format makes it easy to start, reply, and organize unstructured conversations. Questions can be annotated as having been answered. Thus, over time, a community's knowledge base grows naturally. Discussions can easily serve as a place to maintain FAQs and other collaborative documents. Github believes that community discussion is as much a part of the development process as writing code. That's why contributions to discussions appear in the graphs of user contributions.
Code scanning and secret scanning (to help communities on GitHub produce and use more secure code.)
Within developer communities, collaboration requires tools that allow code to be safely consumed and produced. These tools must also help users protect each other from their own mistakes. Last year, GitHub announced the acquisition of Semmle, introducing code security into the workflows of developers working on its platform. In the process, GitHub became a CVE numbering authority and launched the GitHub Advanced Security offering. Today, GitHub is expanding its products with two new beta releases for the GitHub cloud:
- Code Scanning is now available as a native experience on GitHub. When Code Scanning is enabled, each "git push" is scanned for potential new security vulnerabilities. The results are displayed directly in the user’s pull request. Code parsing uses the world’s most advanced semantic analysis engine, CodeQL. It holds an unparalleled record for discovering real vulnerabilities. In order to contribute to the security of the world’s most important software, GitHub makes code analysis free for open source. Any public project can register to participate in the beta.
- Secrets Scanning is now available for private deposits. This feature (formerly called "token scanning") is available for public repositories since 2018. GitHub has worked with many partners to expand coverage, including AWS, Azure, Google Cloud, npm, Stripe, and Twilio. With more than ten million potential secrets identified, customers have requested the same capacity for their private code. Now secret scanning also monitors private repositories for known secret formats. When they are identified, the solution immediately informs the developers.
Code Scanning and Secret Scanning are available free of charge for all public repositories. They are available as part of GitHub Advanced Security.
Github private instances
Companies rely on GitHub communities to create and use software. GitHub wants them to be able to do so with confidence, regardless of their security and compliance requirements.
Today, GitHub presents a preview of GitHub Private Instances. This new option, soon to be available, is entirely managed by GitHub for its corporate clients. Private Instances offers enhanced security, compliance and governance features. These include encryption with an enterprise-specific key, backup archiving, and compliance with national data sovereignty requirements.
