What's New with GitHub for ISVs: June 2023 Edition
Published Jun 22 2023 10:06 AM 1,911 Views
Microsoft

justinroyal_1-1687452391569.png

In this new monthly blog series focused on GitHub, we will be sharing product updates, notable reads, and other new resources that can be leveraged by ISVs who are building apps for the commercial marketplace. 

Product Updates:

  1. GitHub Actions is GitHub’s answer to automation and CI/CD, with the ability to trigger based on several GitHub events. Alongside a rich ecosystem of community and third-party actions, the platform provides a number of primitives to assist you in governing your workflows.
  2. Introducing GitHub Enterprise Importer, a brand new tool for migrating from other code hosting platforms to GitHub and between GitHub products. You can seamlessly move to GitHub Enterprise Cloud, bringing your code and collaboration history with you so your team doesn’t miss a beat. To learn more, head over to "Using GitHub Enterprise Importer" in the docs and check out our blog post.
  3. Swift support brings broader mobile application security to GitHub Advanced Security bringing a heightened level of security to the mobile application development process.
  4. GitHub Advanced Security trial now available on GitHub Enterprise Cloud. All eligible GitHub Enterprise accounts can now try GitHub Advanced Security for free for 14 days. GitHub Advanced Security provides integrated security with unparalleled access to curated security intelligence. This unlocks your ability to keep your code, supply chain, and secrets secure before pushing the code to production. During the trial, you can try features such as
    • Code scanning to help find and remediate security issues in your code
    • Secret scanning to prevent and detect secret exposures across your organization
    • Dependency review to catch vulnerable dependencies before introducing them to your environment
  5. GitHub Copilot for Business was made generally available earlier this year. GitHub Copilot is offered as a simple extension within a developer’s editor and draws context from a developer’s code to suggest new lines, entire functions, tests, and even complex algorithms, helping developers code up to 55% faster.The AI developer tool has already been used by over 1M developers and 5000 organizations. Microsoft has a Introduction to GitHub Copilot learning path defined for further reading. Helpful links include:
  6. GitHub Advanced Security for Azure DevOps is now available for public preview, making GitHub’s same application security testing tools natively available on Azure Repos.

 

Notable Reads :

  1. Inbal Shani, GitHub’s chief product officer and the GitHub staff writes a fantastic blog about AI’s impact on the developer experience based on a survey of 500+ developers.
    • Key survey findings:
      • AI is here and it’s being used at scale. 92% of U.S.-based developers are already using AI coding tools both in and outside of work.
      • Waiting on builds and tests is still a problem. Despite industry-wide investments in DevOps, developers still say the most time-consuming thing they’re doing at work besides writing code is waiting on builds and tests.
      • Developers want more collaboration. Developers in enterprise settings work with an average of 21 other engineers on projects—and want collaboration to be a top metric in performance reviews.
      • And they think AI will help. More than 4 out of 5 developers expect AI coding tools will make their team more collaborative.
      • Developers also see big benefits to AI. 70% say AI coding tools will offer them an advantage at work and cite better code quality, completion time, and resolving incidents as some of the top anticipated benefits.

Particularly interesting is being cognizant of the significant gap between the day-to-day reality for most developers and “conversations about "what developers want.”

 

2. The blog on Applying GitOps principles to your operations outlines how we could use our Git repository as the source of truth for operational tasks, and reconcile changes with our real-world view.

3.  The ReadMe project features a guide by Anton Mirhorodchenko, a software developer on how to Harness the power of generative AI for software development . In the article Anton aims to demystify LLMs, offers tips and tricks for integrating them into your own processes, and shares the insights he gained from using ChatGPT and GitHub Copilot to aid in the development process.

4.  Feross Aboukhadijeh, CEO of Sockett outlines how you can Do your part to secure the open source supply chain including tips on how to proactively address dependency security

5.  The README podcast has a number of helpful videos, the latest episode on Bridging code and community talks about navigation of open source in regulated environments.

 

Other Resources:

  1. A ReDoS is a denial-of-service (DOS) vulnerability in which a regex runs exceptionally slowly on some inputs. While code scanning detects ReDoS vulnerabilities automatically, fixing them requires some human intervention and isn’t always easy. But our security researcher Kevin Backhouse provides a well-written tutorial that details four steps to fix a ReDoS bug
  2. Here’s your guide to automating a Power Platform deployment with GitHub Actions

 

Upcoming Events:

  • GitHub Universe 2023, our annual developer event is back, better, and bigger than ever at San Francisco’s Yerba Buena Center for the Arts and online on November 8-9.

 

Co-Authors
Version history
Last update:
‎Jun 22 2023 10:29 AM
Updated by: