GitHub Releases New Workflow Tools, 'Octoverse' Report

The global open source code repository also released new security tools with the GitHub Security Advisory API, new ways to learn across teams with GitHub Learning Lab for organizations, and other items. Oh yes, it also released the annual "State of the Octoverse" report.


GitHub held its Universe 2018 conference at the Palace of Fine Arts in San Francisco Oct. 16, and it was quite a newsy event for the little gang of about 31 million developers who use the company’s 96 million repositories of open source code each day.

Those numbers are correct. That’s how large and in charge open source software has been for more than a generation and here in the waning months of 2018.

This event was largely about helping devs with building workflows that are: a) easy to do; b) realistic; and c) efficient. The company introduced some futuristic features that included GitHub Actions and GitHub Connect advance development workflows and break down barriers between teams.

GitHub also released new security tools with the GitHub Security Advisory API, new ways to learn across teams with GitHub Learning Lab for organizations, and other items.

“As a developer, you spend too much time configuring workflows—or get locked into inflexible tools as the industry evolves around you,” GitHub Senior Vice-President of Technology Jason Warner wrote in a blogpost. “We’re bringing the same tools you use while writing software to the rest of your development workflow, allowing you to focus on what matters most: code.”

Users can choose the developer tools, languages and deployment platforms they need most, supported by the ecosystem of GitHub Apps and integrations using the REST and GraphQL APIs, Warner said.

The company on Oct. 16 also released its "State of the Octoverse" report, which illustrates what the GitHub community can do in a year--such as creating 2.9 billion lines of code and promoting teamwork across time zones. Go here to read the report.

Here are the new GitHub products/features announced Oct. 16, as described by Warner:

  • GitHub Actions (limited public beta): Available on Developer, Team and Business Cloud plans.

GitHub Actions enables a personal workflow: built by users, run by GitHub. GitHub Actions allows users to connect and share containers to run their software development workflow. It is designed to easily build, package, release, update, and deploy your project in any language—on GitHub or any external system—without having to run code yourself.

By applying open source principles to workflow automation, GitHub Actions empowers users to pair the tools and integrations they use with their own custom actions or those shared by the GitHub community, no matter what languages or platforms they use. Develop and share actions to automate any task your projects require, building on an ecosystem of options. Whether you need to package an NPM module, send an SMS alert, or deploy production-ready code to the cloud in parallel, you can create or find a GitHub Action for the job.

If you want to sign up to be one of the first to use Actions, go here.

Securing Your Code

The security challenges that underpin software today are community problems—not just the burdens of individual CISOs, IT admins and open source maintainers, Warner said. With the breadth of data and connections GitHub maintains as the leading software development platform, we have a responsibility to protect the community from cybersecurity threats and enhance security for all, Warner said.

“GitHub’s goal is to harness the collective knowledge of the community and share this data, so you don’t have to solve the same problems individually,” Warner said. “From automating detection and remediation to tracking emergent security vulnerabilities, we’re launching several community-powered features to help you identify and proactively address threats in your code.”

  • Java and .NET support for security vulnerability alerts: Available on Developer, Team and Business Cloud plan.

GitHub’s security vulnerability alerts now support Java and .NET (in addition to existing support for JavaScript, Ruby, and Python). With these security vulnerability alerts, organization owners and repository admins receive a notification when a known vulnerability enters a codebase. Enterprise owners can also share the responsibility by selecting additional individuals and teams to receive notifications when a vulnerability occurs, Warner said.

 Go here to see how security alerts work.

  • GitHub Token Scanning for public repositories (public beta): Available on Developer, Team, and Business Cloud plans.

Developers need to ensure that tokens and keys are never accidentally committed and exposed in a public repository. With GitHub Token Scanning, GitHub scan public repositories to search for known token formats. “If we find a token, we alert the provider to validate the commit and contact the account owner to issue a new token,” Warner said.

Go here to learn how Token Scanning works.

  • GitHub Security Advisory API

The GitHub Security Advisory API provides security advisories as a public service and a building block toward a powerful security platform. To power GitHub security features, the service aggregates and validates security vulnerabilities across millions of projects. With the new API, this data is at your fingertips and ready to be integrated into the tools and services you already use. The Security Advisory API provides a foundation for GitHub, researchers, and integrators to collectively create a more secure future.

Go here to start using the GitHub Security Advisory API.

Connecting your business

A major value for companies using GitHub is the ability to tap into the knowledge and innovation of 31 million users, 96 million repositories, and 500 TB+ of data across the platform. This vast collection of knowledge can solve critical challenges, regardless of whether companies deploy GitHub on-premises using GitHub Enterprise or in the cloud using GitHub Business Cloud.

To create a bridge between our business and open source communities, we’re launching GitHub Connect. With it, we’re releasing new ways for developers to collaborate beyond organizational silos and allowing companies to enjoy the best of both worlds: the scalability and ease-of-use of our cloud offering with the control of self-hosting.

  • GitHub Connect

Developers should have the same seamless experience, no matter where companies deploy GitHub. GitHub Connect begins to break down organizational barriers, unify the experience across deployment types, and bring the power of the world’s largest open source community to developers at work, Warner said.

At launch, GitHub Connect includes three features: Unified Business Identity, Unified Search and Unified Contributions. These initial releases make it easy for developers to connect to GitHub’s public data and communities whether your companies run GitHub Enterprise or GitHub Business Cloud, Warner said.

  • Unified Business Identity (limited public beta): Available on Business Cloud

Many companies have different GitHub Business Cloud accounts across their organization, creating operational challenges for administrators. With Unified Business Identity, administrators can unify the management of multiple Business Cloud accounts to improve overall billing, licensing, permissions, and policies using a single, familiar interface.

  • Unified Search and Contributions: Available on GitHub Enterprise

With our latest version of GitHub Enterprise, v2.15, developers can search public repositories on and private repositories in Business Cloud organizations without leaving GitHub Enterprise. They can also get recognition for their hard work on public profiles across Enterprise and accounts, with Unified Contributions.

Note: A GitHub Enterprise account must be connected to a GitHub Business Cloud organization in order to use Unified Search and Unified Contributions. For more information on Business Cloud and Enterprise updates, join GitHub’s Check In webcast on Oct. 25.

New Ways to Learn on GitHub

“The developer community is at the core of GitHub. We want to help you all do your best work, whether you’re just starting out or leveling up your skills,” Warner said. “In support of our growing community, we’re creating new ways to learn from each other and train the next generation of developers and non-developers alike.”

  • GitHub Learning Lab courses: Available on Developer, Team and Business cloud plans

Earlier this year, GitHub introduced GitHub Learning Lab, an interactive way to grow development skills in real-world scenarios using industry-standard tools. With Learning Lab, devs can learn how to get started with GitHub, manage merge conflicts, contribute to a first open source project, and more—all within GitHub repositories and guided by the Learning Lab bot.

Today, three new Learning Lab courses are available to everyone. These courses cover secure development workflows with GitHub, reviewing a pull request, and getting started with GitHub Apps.

Sign up here for Learning Lab, free of charge.

  • GitHub Learning Lab for organizations: Available for Business Cloud customers, with support for GitHub Enterprise coming soon.

This is GitHub’s approach to onboarding new developers, increasing productivity, and helping them shars skills across teams. GitHub’s free Learning Lab courses are a good way to build development knowledge in users’  own time. Now organizations can use this same interactive learning experience to help developers level up their skills on GitHub inside business hours.

With GitHub Learning Lab for organizations, users can create private courses and learning paths, customize course content, and access administrative reports and metrics.

You can start learning with your team/organization landing page here.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...