InfoQ Homepage github Content on InfoQ
-
GitHub Codespaces Can Now Be Templated to Improve Performance
GitHub has introduced prebuilt Codespaces to reduce the time it takes to spin up a full development environment for large, complex projects.
-
How GitHub Uses Machine Learning to Extend Vulnerability Code Scanning
Applying machine learning techniques to its rule-based security code scanning capabilities, GitHub hopes to be able to extend them to less common vulnerability patterns by automatically inferring new rules from the existing ones.
-
Google and GitHub Announce OpenSSF Scorecards v4 with New GitHub Actions Workflow
GitHub and Google have announced the version 4 release of the Open Source Security Foundation (OpenSSF)'s Scorecards project. Scorecards is an automated security tool that identifies risky supply chain practices in open source projects. This release includes a new Scorecards GitHub Action, new security checks, and a large increase in the repositories included in the foundations weekly scans.
-
How GitHub Does DevOps for its iOS and Android Apps
GitHub relies heavily on GitHub Actions to manage the release process for their iOS and Android apps. Using the right tools to automate the process allows the mobile team to ship a new release every week, GitHub engineer Taehun Kim explains.
-
GitHub Release Improved Developer Flow at Universe Event
At their annual industry event, GitHub released new functionality with a focus on flow, better developer experience, and security. GitHub Universe is an annual conference -- which ran virtually this year -- bringing a raft of announcements relating to new functionality in GitHub - Microsoft’s developer source code repo and software integration tool.
-
GitHub Improves Code Navigation and Search
GitHub announced improvements to its code search and code navigation capabilities. The new code search, which is still available experimentally, features now the possibility of finding code symbols and using regular expressions. Code navigation has been made available from within pull requests and extended to provide more precise information for Python repos.
-
ClusterFuzzLite Brings ClusterFuzz to GitHub Actions and Other CI/CD Pipelines
ClusterFuzzLite, as implied by its name, is a light version of Google ClusterFuzz, a tool aimed to find security and stability issues in software systems through fuzz testing. ClusterFuzzLite is meant to be integrated in a CI pipeline with a few lines of code, says Google.
-
GitHub State of the Octoverse 2021 Highlights Trends and Predicts Good Practices
GitHub's latest State of the Octoverse research highlighted three major trends towards writing and shipping code faster, creating documentation, and supporting developer communities. It also includes three predictive models to help organizations identify what they can action to achieve success.
-
Microsoft Launches VSCode.Dev, Visual Studio Code in the Browser
Microsoft has launched the Cloud-based version of its Visual Studio Code editor through the vscode.dev domain, which offers a lightweight version of the editor which can be run right out from the browser with no installation.
-
GitHub Introduces Projects, Updates Codespaces, Copilot, Code Scanning, and More
At its Universe 2021 conference, GitHub promoted its new Issues experience to public beta, providing projects and dynamic tables, expanded Copilot support for Jetbrains and Java, added Ruby support for code scanning, and announced many more features.
-
GitHub's Copilot Still a Long Way From Autopilot
Three months after GitHub launched Copilot, a group of academics affiliated with New York University's Tandon School of Engineering released their empirical cybersecurity evaluation of Copilot’s code contributions, concluding that 40% of the time, the code created is buggy and vulnerable.
-
How GitHub Partitioned Its Relational Database to Improve Reliability at Scale
GitHub has been working for the last couple of years on partitioning their relational database and moving the data to multiple independent clusters. This effort led to a 50% load reduction and a significant reduction of database-related incidents, explains GitHub engineer Thomas Maurer.
-
Announcing Allstar, a GitHub App to Improve Open Source Security
Google recently announced Allstar, a GitHub app that enables continuous enforcement of security policies for a given organization or project repository. Allstar is Google’s contribution towards improving Open Source Software (OSS) security.
-
GitHub to Phase out Support for Git Protocol, DSA Keys and Legacy SSH Algorithms
With a strong focus on having customer data as secure as possible, GitHub has decided to remove support for the unencrypted Git protocol, DSA keys and some legacy SSH algorithms. Also, it is adding requirements for newly added RSA keys and providing support for ECDSA and Ed25519 host keys SSH. These changes might affect only SSH and git:// users, while the https:// users will be unaffected.
-
Travis CI Vulnerability Potentially Leaked Customer Secrets
Popular continuous integration and delivery service Travis CI disclosed a vulnerability that potentially leaked secure environment variables, including signing keys, access credentials, and API tokens. The flaw was quickly fixed on September 10, but the developer community found Travis CI handling of this issue insufficient.