Announcing the public preview of GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps is now available for public preview, making GitHub’s same application security testing tools natively available on Azure Repos.
With all the news coming out of GitHub Universe today we wanted to give you a quick summary of all the announcements and timelines for the features being shown off this week. Don’t forget you can tune in between December 8th-10th or catch up with your favorite sessions on demand after the show.
Last year, we launched GitHub Sponsors so individuals could support the open source developers they depend on. We’ve already seen millions of dollars flow to open source maintainers and projects. Those investments continue to grow rapidly. Some developers are already making six figures using GitHub Sponsors, and even more are able to envision supporting their communities as their full-time job.
Companies have asked how they can get involved, too. For many businesses, open source provides critical components for their software and services, and they would like to support the maintainers of those projects so they can continue to thrive. However, setting up individual procurement agreements in many organizations can be a complex task for both the company and the recipient of the funds.
Today, we’re launching GitHub Sponsors for companies, enabling organizations to invest in the open source developers and projects that they depend on via their existing billing arrangements. Starting today, investing in open source is as easy as just adding it to your GitHub bill! Sponsors supports payment via credit card or PayPal, and you can join the waitlist to get updates about other payment options coming soon.
We’re so excited to be joined by a stellar line-up of companies who have already committed to invest in open source projects through GitHub Sponsors at launch, including: American Express, AWS, Daimler, Stripe, New Relic, Indeed, Microsoft, Substack, Major League Hacking, Indent, Notion, and Cognitect.
Learn more about investing in open source with GitHub Sponsors.
Whether you like your screen bright or if you want to feel like Mr. Robot in dark mode, it’s your choice in how you experience GitHub. Enable dark mode (public beta) from your settings or set it to track your system preferences.
Today, pull request authors have to monitor their pull requests so they can merge them once all required reviews and checks have passed. This means you have to wait before moving onto your next task, even though 9 times out of 10 everything will pass fine once your reviews are in.
Auto-merge solves this problem by allowing pull request authors to opt into having a pull request merged automatically once its required reviews or status checks have passed. This means merges happen more quickly, and you can move on to your next task once as soon as the pull request has been submitted.
Starting next week, auto-merge will be available as a public beta on public repositories, and available to private repositories on Team and GitHub Enterprise Cloud plans.
Discussions is the dedicated space for your community to come together, ask and answer questions, and have open-ended conversations. Discussions make it easier to curate and maintain conversation threads, with controls for customizing categories, transferring, and pinning discussions, and converting Issues into discussions.
We announced a limited beta of Discussions earlier this year. Since that announcement, we’ve worked with hundreds of open source communities – like Vercel, Gatsby, Prisma and Laravel – to get feedback on the features that matter most to their communities. In response to that feedback, we’ve added many new features, like customizable categories for incoming discussions, and closer integration with GitHub notifications.
Today, we’re excited to announce that the Discussions beta is available to all public repositories. Learn more about getting started with Discussions, or join the Universe conversation to try out Discussions and get a preview of what’s coming next. We’re also bringing Discussions to GitHub for mobile very soon, so you can participate from anywhere.
This morning, we introduced environments, required reviewers, deployments and deployment logs, plus a beautiful workflow visualizer to ensure that you can stay in the flow, troubleshoot easier, and continuously deliver while keeping your pipelines secure and compliant.
Environments, environment protection rules, and environment secrets enable separation of concerns between deployment and development to meet compliance and security requirements. With required reviewers, jobs attempting to deploy to an environment are automatically paused and reviewers are notified. Once approved, the job runs and is given secured access to the environment’s secrets. Environments also includes a deployment log. Using the deployments view, you can see what version of your code is running in an environment, when it was deployed, why it was deployed, and past versions.
Workflow visualization for GitHub Actions maps workflows, and tracks their progression in real time, making it easier for you to understand complex workflows, and communicate status with the rest of your team. Displaying workflow metadata and directly linking to source code, and deployment URLs makes it easier to troubleshoot runs when something goes wrong.
Later this month, protected environments and required reviewers will be made available in a beta for private repositories on GitHub Enterprise Cloud and all public repositories on GitHub.com. Workflow visualization, deployments, and deployment logs will enter public beta for everyone on GitHub.com.
Today, dependency graph helps you understand your dependencies, and security alerts notify you of newly discovered vulnerabilities in your dependencies. But what if you could receive these alerts before introducing vulnerable code through new or updated dependencies?
Dependency review helps reviewers and contributors understand dependency changes and their security impact at every pull request. It provides an easy to understand view of dependency changes introduced by the pull request, within the review experience with a rich diff on the Files Changed tab. Dependency review informs you of which dependencies were added, removed, or updated, along with the release dates, how many projects use these components and vulnerability information for these dependencies.
Today, we’re excited to announce that the dependency review beta will be available to all public repositories and Advanced Security customers on GitHub Enterprise Cloud. We will be gradually rolling it out to everyone on GitHub.com over the coming weeks.
For our enterprise customers we will be shipping a release candidate of GitHub Enterprise Server 3.0 in the following weeks. 3.0 brings built in CI/CD and automation capabilities to the platform with GitHub Actions and Packages. In addition, Enterprise Server customers can now automate Advanced Security, including code and secret scanning, into their workflows as part of the server deployment. And GitHub Enterprise Server 3.0 now supports GitHub for mobile, which lets developers on Enterprise Server instances work the way they want, where they want – on coffee runs, commutes, or when you’re just away from your desk.
GitHub has scanned every push to public repositories for secrets (like API keys) for the past two years, and at GitHub Satellite this year we announced secret scanning for private repositories. Since then GitHub Advanced Security users have enabled secret scanning on more than 50,000 private repositories, and we now perform over 2 million scans on private git pushes every week. Today, we’re happy to announce that a secret scanning beta will be available in GitHub Enterprise Server 3.0 to allow you to scan for hard-coded credentials in your codebase.
GitHub users can also enable code scanning on their repositories to find and prevent security vulnerabilities. We made code scanning generally available on GitHub.com in September, and since then we’ve more than doubled the number of repositories that are using code scanning. Today, we’re happy to announce that code scanning is generally available for GitHub Enterprise Server.
Both secret scanning and code scanning are part of Advanced Security for our Enterprise Server customers.
Jump into our Universe Discussion and share what feature you’re most excited about or check out the line up for Universe Day 2.