InfoQ Homepage Source Control Content on InfoQ
-
GitHub's Copilot Still a Long Way From Autopilot
Three months after GitHub launched Copilot, a group of academics affiliated with New York University's Tandon School of Engineering released their empirical cybersecurity evaluation of Copilot’s code contributions, concluding that 40% of the time, the code created is buggy and vulnerable.
-
Gitpod Announces OpenVSCode Server Project Enabling Developers to Run Upstream VS Code
Cloud-based developer platform Gitpod recently introduced the open-source project OpenVSCode Server, licensed under MIT. This enables any developer to run upstream and stable VS Code IDE in any modern web browser.
-
How GitHub Partitioned Its Relational Database to Improve Reliability at Scale
GitHub has been working for the last couple of years on partitioning their relational database and moving the data to multiple independent clusters. This effort led to a 50% load reduction and a significant reduction of database-related incidents, explains GitHub engineer Thomas Maurer.
-
Announcing Allstar, a GitHub App to Improve Open Source Security
Google recently announced Allstar, a GitHub app that enables continuous enforcement of security policies for a given organization or project repository. Allstar is Google’s contribution towards improving Open Source Software (OSS) security.
-
GitHub to Phase out Support for Git Protocol, DSA Keys and Legacy SSH Algorithms
With a strong focus on having customer data as secure as possible, GitHub has decided to remove support for the unencrypted Git protocol, DSA keys and some legacy SSH algorithms. Also, it is adding requirements for newly added RSA keys and providing support for ECDSA and Ed25519 host keys SSH. These changes might affect only SSH and git:// users, while the https:// users will be unaffected.
-
Travis CI Vulnerability Potentially Leaked Customer Secrets
Popular continuous integration and delivery service Travis CI disclosed a vulnerability that potentially leaked secure environment variables, including signing keys, access credentials, and API tokens. The flaw was quickly fixed on September 10, but the developer community found Travis CI handling of this issue insufficient.
-
GitHub CLI 2.0 Brings Support for Extensions
With its new major version, GitHub CLI enables extending its basic feature set by installing and running extensions. A GitHub CLI extension is just a repository prefixed with gh- and providing an executable file with the same name as the repository.
-
Codespaces is GitHub's New Development Platform, Now Supporting Emacs and Vim
GitHub has moved away from local development environment and adopted Codespaces for its day-to-day development flow. After careful configuration, GitHub achieved a 10 seconds bootstrap time for a new environment. Additionally, now Codespaces support Emacs and Vim besides Visual Studio Code.
-
GitLab Open-Sources Package Hunter, Falco-Based Tool to Detect Malicious Code
GitLab has released a new open-source tool, Package Hunter, aimed to detect malicious code by running your project dependencies inside a sandbox. Package Hunter leverages Falco to detect unexpected application behaviour at runtime.
-
GitHub Funds Independent Legal Support for Developers against DMCA
GitHub has launched a program to offer developers free legal support from Stanford Law School against DMCA takedowns requested under Section 1201. InfoQ has taken the chance to speak with Mike Linksvayer, head of developer policy at GitHub, and Phil Malone, director of Juelsgaard Clinic, Stanford Law.
-
GitHub Previews Copilot, an OpenAI-Powered Coding Assistant
GitHub recently announced Copilot, an AI-powered pair programmer designed to help developers write code faster and with less effort. The service learns from comments and existing code, suggesting new lines and the implementation of whole functions.
-
Sonatype Lift Integrates Facebook Infer, Google ErrorProne, and Other Code Analyzers
Recently launched Sonatype Lift provides a unified code analysis platform that includes over 25 tools to help developers identify a wide range of bugs in their development pipelines as soon as possible, says Sonatype. InfoQ has spoken with Stephen Magill, VP of product innovation at Sonatype, to learn more.
-
GitHub Study Explores What Makes Developers Have a Good Day
GitHub researchers released the results of a survey aimed at investigating what helps developers have good days. InfoQ has taken the chance to speak with Dr. Eirini Kalliamvakou, senior researcher at GitHub & member of the Developer Velocity Lab.
-
GitHub's Journey with Web Standards and Web Components
GitHub has been working for the last few years on moving away from jQuery and running its interface entirely on Web standards, specifically Web Components. InfoQ has talked with GitHub application engineer Kristján Oddsson to learn more.
-
How GitHub Leverages Feature Flags to Ship Quickly and Safely
In a recent blog post, Alberto Gimeno, GitHub actions engineer, shared how GitHub makes use of feature flags to enable frequent, safe deployments. GitHub leverages feature flags for all potentially risky changes, allowing them to quickly disable the change if needed.