Home / Companies / GitHub / Blog / July 2021

July 2021 Summaries

8 posts from GitHub

Filter
Month: Year:
Post Summaries Back to Blog
GitHub has expanded its code scanning capabilities, a feature in GitHub Advanced Security available for free on GitHub.com for public repositories, by introducing over 15 new integrations with open-source security tools. These integrations, contributed by members of the open-source community, now support additional languages such as PHP, Swift, Kotlin, Ruby, and more, enhancing static analysis for a wide range of programming environments. Key tools include Detekt for Kotlin, MobSF for mobile security testing, and Brakeman for Ruby on Rails, among others, with many offering GitHub Actions and Static Analysis Results Interchange Format (SARIF) support for seamless integration. The initiative emphasizes community collaboration and provides users with comprehensive tools to detect vulnerabilities in their codebase directly within the GitHub interface, encouraging contributions to the ecosystem by offering a straightforward process for integrating additional static analysis tools and fuzzers.
Jul 28, 2021 972 words in the original blog post.
GitHub is addressing the challenges open source developers face under Section 1201 of the Digital Millennium Copyright Act (DMCA) by launching a Developer Defense Fund and partnering with Stanford Law School's Juelsgaard Intellectual Property and Innovation Clinic. This initiative aims to provide free, independent legal support to developers receiving takedown claims, ensuring they know their rights and can assert them without the resources of a large company. The collaboration also includes the creation of a GitHub Developer Rights Fellowship, which will focus on research, education, and advocacy related to DMCA and other legal issues relevant to software innovation. The fellowship will train students and lawyers to support open source communities, fostering a legal ecosystem that benefits developers. As part of its commitment to supporting developers, GitHub is actively seeking candidates for the fellowship and encourages those interested in shaping a developer-focused legal environment to apply.
Jul 27, 2021 519 words in the original blog post.
GitHub has introduced supply chain security features for Go modules, enhancing the Go community's ability to manage and secure dependencies by leveraging tools such as Security Advisories, Dependency Graph, Dependabot alerts, and Dependabot security updates. These features are designed to help developers identify, report, and mitigate vulnerabilities in Go modules, which have become widely adopted since their introduction in 2019. The Security Advisories enable coordinated vulnerability disclosures and facilitate the request of CVE identification numbers, while the Dependency Graph analyzes go.mod files to provide insights into a repository's dependencies. Dependabot alerts notify users of new vulnerabilities, and Dependabot security updates automatically generate pull requests to update vulnerable dependencies, thus accelerating the patching process by 40%. These enhancements underscore GitHub's commitment to strengthening the security of the Go ecosystem, benefiting both GitHub users and the broader community.
Jul 22, 2021 586 words in the original blog post.
Minimum Viable Governance (MVG) is a streamlined governance framework designed to alleviate the complexities of managing free and open-source projects, particularly when transitioning from a single maintainer to multiple maintainers. It offers a two-tier structure with a technical steering committee at the organizational level to ensure cohesive direction and coordination, and a consensus-based governance model for individual projects. MVG covers decision-making, trademark and antitrust policies, a code of conduct, and project criteria, all of which are customizable to suit specific project needs. The framework is open source, allowing users to modify and share the governance documents, and it is designed to be an easy on-ramp for projects that might later require more formal structures. Currently in beta, MVG invites feedback to refine the framework before its official release, aiming to provide a balanced approach to governance that reduces friction and fosters collaboration.
Jul 22, 2021 834 words in the original blog post.
GitHub's Education Stream Team (GEST) is a student-led initiative that offers a variety of programs on Campus TV, aiming to provide resources, connections, and community engagement for budding developers. The platform features diverse shows, including "What in the Tech Do I Do" hosted by Iqrah Nadeem, which explores unconventional tech job titles, and "Hadith Tech" by Abdurrahman Rajab, which highlights local technologists from the MENA region in Arabic to foster relatability and empowerment. Additionally, "Ota’s Live" hosted by Otávio Reis Perkles and Otacilio Saraiva Maia Neto creates an interactive experience with live coding challenges streamed in Portuguese. These shows not only offer educational content but also build a sense of community by involving viewers in discussions and providing mentorship opportunities. The Stream Team emphasizes shared experiences and offers tools such as the GitHub Virtual Event Kit to support successful online events, with content accessible through GitHub Education on Twitch and GitHub Campus TV for both live and recorded sessions.
Jul 15, 2021 891 words in the original blog post.
GitHub announced a series of updates and enhancements across its platform, emphasizing improvements in usability and functionality. Key highlights include the beta release of the revamped GitHub Issues, which offers new features like improved issue relationships, project board toggling, and custom fields. The launch of GitHub Copilot, an AI-driven coding assistant, promises to enhance coding efficiency by suggesting lines or functions based on context. Other notable updates include expanded GitHub Actions integrations, enhancements to GitHub Desktop for Apple Silicon machines, and the general availability of the GitHub Packages Container registry. Security updates feature improved code scanning functionalities and Dependabot enhancements, while a new dark high contrast theme is now available in public beta. GitHub encourages users to explore these updates and stay informed through its public roadmap and changelog communications.
Jul 13, 2021 1,248 words in the original blog post.
GitHub has made significant strides in enhancing the Rails framework by addressing the challenges of handling associations across multiple databases. By extracting internal functionality to disable join queries when associations span different databases, GitHub has improved the framework's capability to manage data across 30 databases, each with distinct schemas. This initiative involved implementing non-join queries in Rails, allowing for more efficient querying when data is partitioned functionally rather than horizontally sharded. GitHub developed an internal gem to disable joins for cross-database associations, which was later refined and integrated into Rails as an option called `disable_joins`. This option allows Rails to perform separate queries for each database connection instead of a single join query, thereby supporting applications that use multiple databases. While the new feature may lead to slower database performance for associations due to multiple queries, it empowers applications to scale effectively as their data and traffic increase. This contribution not only demonstrates GitHub's commitment to reducing technical debt and enhancing their system but also showcases their dedication to contributing back to the Rails community, encouraging further improvements and optimizations.
Jul 12, 2021 1,256 words in the original blog post.
In June, GitHub reported no incidents causing service downtime to its core services, indicating a stable month for the platform's availability. Users are encouraged to monitor the status page for real-time updates and visit the blog for the following month's availability report. For more insights into ongoing projects, readers are directed to the GitHub engineering blog.
Jul 07, 2021 56 words in the original blog post.