InfoQ Homepage github Content on InfoQ
-
GitHub Release Improved Developer Flow at Universe Event
At their annual industry event, GitHub released new functionality with a focus on flow, better developer experience, and security. GitHub Universe is an annual conference -- which ran virtually this year -- bringing a raft of announcements relating to new functionality in GitHub - Microsoft’s developer source code repo and software integration tool.
-
GitHub Improves Code Navigation and Search
GitHub announced improvements to its code search and code navigation capabilities. The new code search, which is still available experimentally, features now the possibility of finding code symbols and using regular expressions. Code navigation has been made available from within pull requests and extended to provide more precise information for Python repos.
-
ClusterFuzzLite Brings ClusterFuzz to GitHub Actions and Other CI/CD Pipelines
ClusterFuzzLite, as implied by its name, is a light version of Google ClusterFuzz, a tool aimed to find security and stability issues in software systems through fuzz testing. ClusterFuzzLite is meant to be integrated in a CI pipeline with a few lines of code, says Google.
-
GitHub State of the Octoverse 2021 Highlights Trends and Predicts Good Practices
GitHub's latest State of the Octoverse research highlighted three major trends towards writing and shipping code faster, creating documentation, and supporting developer communities. It also includes three predictive models to help organizations identify what they can action to achieve success.
-
Microsoft Launches VSCode.Dev, Visual Studio Code in the Browser
Microsoft has launched the Cloud-based version of its Visual Studio Code editor through the vscode.dev domain, which offers a lightweight version of the editor which can be run right out from the browser with no installation.
-
GitHub Introduces Projects, Updates Codespaces, Copilot, Code Scanning, and More
At its Universe 2021 conference, GitHub promoted its new Issues experience to public beta, providing projects and dynamic tables, expanded Copilot support for Jetbrains and Java, added Ruby support for code scanning, and announced many more features.
-
GitHub's Copilot Still a Long Way From Autopilot
Three months after GitHub launched Copilot, a group of academics affiliated with New York University's Tandon School of Engineering released their empirical cybersecurity evaluation of Copilot’s code contributions, concluding that 40% of the time, the code created is buggy and vulnerable.
-
How GitHub Partitioned Its Relational Database to Improve Reliability at Scale
GitHub has been working for the last couple of years on partitioning their relational database and moving the data to multiple independent clusters. This effort led to a 50% load reduction and a significant reduction of database-related incidents, explains GitHub engineer Thomas Maurer.
-
Announcing Allstar, a GitHub App to Improve Open Source Security
Google recently announced Allstar, a GitHub app that enables continuous enforcement of security policies for a given organization or project repository. Allstar is Google’s contribution towards improving Open Source Software (OSS) security.
-
GitHub to Phase out Support for Git Protocol, DSA Keys and Legacy SSH Algorithms
With a strong focus on having customer data as secure as possible, GitHub has decided to remove support for the unencrypted Git protocol, DSA keys and some legacy SSH algorithms. Also, it is adding requirements for newly added RSA keys and providing support for ECDSA and Ed25519 host keys SSH. These changes might affect only SSH and git:// users, while the https:// users will be unaffected.
-
Travis CI Vulnerability Potentially Leaked Customer Secrets
Popular continuous integration and delivery service Travis CI disclosed a vulnerability that potentially leaked secure environment variables, including signing keys, access credentials, and API tokens. The flaw was quickly fixed on September 10, but the developer community found Travis CI handling of this issue insufficient.
-
GitHub CLI 2.0 Brings Support for Extensions
With its new major version, GitHub CLI enables extending its basic feature set by installing and running extensions. A GitHub CLI extension is just a repository prefixed with gh- and providing an executable file with the same name as the repository.
-
Codespaces is GitHub's New Development Platform, Now Supporting Emacs and Vim
GitHub has moved away from local development environment and adopted Codespaces for its day-to-day development flow. After careful configuration, GitHub achieved a 10 seconds bootstrap time for a new environment. Additionally, now Codespaces support Emacs and Vim besides Visual Studio Code.
-
GitLab Open-Sources Package Hunter, Falco-Based Tool to Detect Malicious Code
GitLab has released a new open-source tool, Package Hunter, aimed to detect malicious code by running your project dependencies inside a sandbox. Package Hunter leverages Falco to detect unexpected application behaviour at runtime.
-
GitHub Funds Independent Legal Support for Developers against DMCA
GitHub has launched a program to offer developers free legal support from Stanford Law School against DMCA takedowns requested under Section 1201. InfoQ has taken the chance to speak with Mike Linksvayer, head of developer policy at GitHub, and Phil Malone, director of Juelsgaard Clinic, Stanford Law.