GitHub Galaxy 2023: Empower developer teams with a new developer experience
Learn how GitHub’s one, integrated platform–powered by AI and secure at every step—helps developer teams be more productive, collaborative, and efficient.
Throughout my career, I’ve had the opportunity to work with customers all over the stack, from cloud-native early adopters to those who are just beginning their journey. In my experience, one thing is true for all businesses regardless of their size: no organization can grow, thrive, and win without empowered developers.
From idea to deployment, developers are more productive when they have one single place to do it all. A place where they can tap into their flow state: the creative space where the magic happens. A place where they can onboard quickly and spend their time building great software.
This week, at our global enterprise event, GitHub Galaxy, I shared the stage with GitHub’s CEO, Thomas Dohmke, and some of our product leaders. Together, we spoke about helping your teams be more productive to fix today’s problems, clear yesterday’s backlogs–and build for tomorrow.
If you haven’t registered yet to attend Galaxy, you can still join our global community of leaders for three days of fireside chats and forums focused on improving your team’s efficiency, security, and developer productivity by signing up below.
Developers are under immense pressure to do it all: build, run, and maintain software securely and quickly. And yet, developers continue to face fragmented tech stacks, siloed teams, limited collaboration, and more. For organizations, developers fixing issues faster means your product and supply chain are more secure.
Since we previewed the world’s first at-scale AI developer tool in 2021, over one million developers have activated GitHub Copilot.
Research shows that developers using GitHub Copilot write code up to 55% faster and report feeling 75% more fulfilled.
We’ve also introduced new capabilities for GitHub Copilot for Business, which combines the power of our AI pair programmer with features that bring even more benefits to organizations.
GitHub Copilot for Business is already revolutionizing developer productivity for 5,000 organizations. Just take a look at Duolingo. Engineering managers reported a 25% increase in developer speed and 67% decrease in median code review turnaround time with GitHub Copilot.
But that’s not all. Our research and development team, GitHub Next, has been working to evolve GitHub Copilot into a readily accessible AI assistant that’s present throughout the entire development life cycle. This is GitHub Copilot X—the next phase of our mark on the future of AI-powered software development.
Getting into the flow
New languages, new frameworks, new tools, new codebases. These are just a fraction of the things making the world of software development complex. It’s more important than ever to make sure developers have the tools they need to get in the flow state and to build the software that powers every aspect of our world.
Collaboration with context
With GitHub’s integrated platform, developers have one place to collaborate on code and this reduces friction in their day to day workflows.
GitHub Issues detail the work and decisions that have previously been made.
Pull requests and commits show the history and evolution of the codebase.
GitHub Discussions and READMEs give insight into the conversations, questions, and overviews devs need to know to get started.
GitHub Enterprise 3.8 is now generally available, bringing more features focused on automation, security, and project-based collaboration tools.
Saving developers’ time
It’s important that your developers find what they need, and quickly. That’s why we built the world’s largest public code search index. With GitHub’s code search and code view now available in public beta, developers get the results they need thanks to a powerful interface that allows them to construct queries with suggestions, offers completions, and provides the ability to slice and dice results.
And code search doesn’t just work within the confines of your team’s repositories. It also works across public repositories, allowing your developers to learn from the vast set of open source code and libraries.
With code view, developers can rapidly find answers they need by tightly integrating search, browsing, and code navigation. With this context, your teams can learn more about their definitions or references elsewhere in the repository all from one view—minimizing the moments where developers need to switch tools or tabs.
Ultimately, code search and code view can help save developers time, getting them the answers they need before they even start to code.
Onboarding quickly
In an alternate universe (one without GitHub), your developers would be tracking down installation instructions and spending hours on setup. But thanks to GitHub Codespaces, developers can start coding immediately without worrying about dev environment setup.
GitHub Codespaces meets your team in the tools they’re already using—whether that’s a barebone CLI/VIM experience, local Visual Studio Code, or now, JetBrains Rider. And as an organization admin, you control everything from which users can create codespaces, to port-level policies, to prebuild schedules and cost controls.
Secure at every step
Think of the thousands of lines of code that exist in your codebase today. That number’s only growing.
And as your codebase grows, inevitably, your vulnerabilities do, too.
Just last year, free security tools like Dependabot and the GitHub Advisory Database helped developers secure 18 million projects on GitHub. We also saved developers countless hours of remediation time by preventing over 16,000 secret leaks since last April.
Prevention workflows
Empowered developers can play an active role in fixing vulnerabilities before they happen. With GitHub Advanced Security (GHAS), preventive workflows are built-in across the development lifecycle so you can prioritize innovation and enhance developer productivity without sacrificing security.
With code scanning, GitHub surfaces potential vulnerabilities in pull requests so that your teams can stay in the flow state and fix alerts as they work. And we’ve seen the real impact of surfacing results in the pull request: last year, developers fixed over 48% of code scanning alerts surfaced in pull requests in real time, drastically reducing time to fix compared to the industry standard.
Leaked secrets give attackers a wealth of information that can be used for malicious purposes. With GitHub’s push protection capability, you can embed secret scanning in the developer workflow by proactively filtering for pre-commit secrets, preventing leaked secrets from being accidentally pushed into your code.
For the millions of developers who rely on third-party dependencies, GitHub’s Dependabot detects and helps automatically remediate any security issues in open source code you depend on. In 2022, Dependabot helped automatically fix more than 24 million vulnerable dependencies.
Finally, with GitHub Copilot we’ve launched an AI-based vulnerability prevention system that blocks insecure coding patterns in real-time, making GitHub Copilot suggestions more secure. Our model targets the most common vulnerable coding patterns, including hardcoded credentials, SQL injections, and path injections. This means insecure coding patterns are quickly blocked and replaced by alternative suggestions.
Self-service SBOMs from the dependency graph
Security and compliance teams increasingly request software bills of material (SBOMs) to identify open source components, assess their vulnerability to emerging threats, and verify alignment with license policies. So, we asked ourselves, how do we make SBOMs easier to generate and share?
The answer is a new Export SBOM function on the dependency graph, where anyone with read access to a GitHub cloud repository can now generate an SBOM with a single click. The resulting JSON file saves project dependencies and metadata in the industry standard SPDX format, which can then be used with a variety of security and compliance workflows and tools, or reviewed in spreadsheets like Microsoft Excel.
As part of GitHub’s supply chain security solution, self-service SBOMs are free for all cloud repositories on GitHub.
Empowering open source security researchers and the community
The world runs on open source. At GitHub, we cultivate a community around the globe to help secure our community’s software.
We’ve made some enhancements to help security researchers and maintainers identify and report security risks quickly and easily:
Multi-repository variant analysis (MRVA): security researchers can now scale variant analysis across thousands of repositories, giving them a powerful tool to find and respond to newly discovered vulnerabilities.
Private vulnerability reporting: when enabled for a public repository on GitHub, private vulnerability reporting provides a private collaboration channel for reporters to report suspected vulnerabilities to open source maintainers. Vulnerabilities stay private until a fix is in place, supporting the safe use of open source software.
GitHub believes free and open security data tools are critical to empowering developers and organizations worldwide to best secure our software. GHAS features, such as secret scanning and code scanning, are available for all developers and organizations to use in their public repositories, while Dependabot and the GitHub Advisory Database are free for everyone in both their public and private GitHub repositories.
Building efficiency
Efficiency and collaboration are difficult to master whether you’re managing a 10-person start-up or a Fortune 100 company with thousands of employees. With GitHub, your teams communicate and collaborate alongside their code, breaking down silos, getting results faster, and increasing efficiency by automating repetitive tasks.
Driving efficiency with GitHub Actions
With more than 130 million CI jobs running every month, GitHub Actions enables teams to double their daily pull requests and slash their time to merge by 33%. One secret behind these productivity gains lies in GitHub Actions’ diverse fleet of cloud-hosted runners, where you can choose from machines running the latest Windows, macOS, and Linux releases with up to 64 cores and 256 GB of RAM.
By having your GitHub Actions workflows stored in your repository, development teams get seamless and efficient collaboration. Organizations can build-in compliance across their teams by establishing and enforcing organization-wide CI/CD practices. And with our new required workflows feature in beta and features like reusable workflows, we are creating tools that help you ensure your code deployments follow standardized procedures, fostering reliable and consistent release environments.
And with our recent GA release of GitHub Actions Importer, you can automate the conversion of other workflows from platforms like Circle CI and Jenkins to GitHub Actions. We’ve seen conversion rates as high as 100% with a goal to achieve an 80% conversion rate for every workflow.
With a simple user management experience, project management capabilities, and CI/CD with GitHub Actions, your organization can collaborate and drive efficiency at scale in the cloud with GitHub.
Project management tools on GitHub
Our project management tools are designed to plan, track, and communicate what your teams are working on at any given time—without all the context switching.
GitHub Projects: define tasks and prioritize work with GitHub Projects. And now, with the general availability of roadmaps, teams can adjust, visualize, and track work with important milestones.
At GitHub Galaxy, you’ll delve deeper into these products and have the opportunity to ask questions live during the interview-style fireside chats and interactive forum sessions. Spanning three days and three global regions with more than 50 regional speakers, you’ll learn from leaders with a variety of expertise across the software development industry.
Join us on March 29-31 to dive into each of these product areas, so you can grow your business and build for tomorrow. We’ll see you there!
I'm the Chief Product Officer at GitHub. Prior to joining GitHub, I was the General Manager of AWS Elastic Containers, where I led the development of containers-based solutions to assist developers in modernizing their application development. I'm committed to empowering developers by creating products and services that enhance developer experience and productivity. I enjoy spending time with my husband, three children, and Havanese puppy, running between swimming, cross-country, and basketball meets.
Applications for the new GitHub Secure Open Source Fund are now open! Applications will be reviewed on a rolling basis until they close on January 7 at 11:59 pm PT. Programming and funding will begin in early 2025.
Microsoft and GitHub are committed to empowering developers around the world to innovate, collaborate, and create solutions that’ll shape the next generation of technology.
We do newsletters, too
Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.