The whole world runs on software, with it affecting nearly every aspect of our daily lives. Every company is becoming a software company. Demand for software development has never been higher.

At the same time software has never been more complex to build and run. Expectations of developers in terms of productivity, security, availability etc. are sky high.

GitHub recently held their GitHub Universe conference in San Francisco where they talked about what they are doing to make developer’s lives easier and, as a GitHub Technology Partner, we were invited to hear about the future of development.

Who are GitHub?

Put simply GitHub is where the world stores its code. From a startup 15 years ago focussed on open-source source control they have ridden an incredible wave of adoption in open-source, expanded their focus to enterprise (90% on the Fortune 100 rely upon GitHub). They have expanded beyond simple source control to encompass a full DevOps suite with unparalled collaboration features. Today 94 million developers use GitHub.

They were acquired by Microsoft in 2018 and while Microsoft continues to offer it’s own competing platform, Azure DevOps, which remains popular among large enterprise, the future is very much in GitHub.

At Talk Think Do we have partnerships with both Microsoft and GitHub and have customers using both platforms and, while we would recommend GitHub for new projects, Azure DevOps still has plenty of life in it and there is no need to plan an immediate migration.

What is GitHub Universe?

GitHub hold their annual GitHub Universe conference primarily for customers and employees, but it also serves as a great place for GitHub’s geographically disperse employees to meet up.

After the pandemic-induced hiatus this year it was back at the Yerba Buena Center for the Arts in downtown San Francisco which offered a great blend of indoor and outdoor space – luckily accompanied by glorious weather.

This serves as the main conduit for product announcements and culminates in the release of their Octoverse report, now in its tenth year, which offers a really interesting insight into the current state of software development.

What was announced?

GitHub announced a slew of product enhancements and new releases across the areas of improving developer productivity and collaboration – alongside a huge focus on security. Their focus is very developer-centric and is engineering focussed. This is great for developers, but what does this mean in terms of outcomes for businesses that are using GitHub. Let’s look at each of the areas.

Productivity

Over the last decade developers have been instrumental in moving customer’s applications to the cloud. However, developers themselves have been working locally on desktops and laptops and the tools they use are only recently starting to move to the cloud. This is a huge area of development for GitHub, focussed around Copilot and Codespaces.

Copilot

Copilot is an AI coding assistant which has been trained on the code that exists in GitHub and helps automate the creation of code for developers. There were two major announcements:

1. Some compelling research results were published. In one test of developers completing a project using Copilot 40% of the code was produced by the Copilot AI. In another, of two sample groups, the one using Copilot completed the task 55% faster. It was also interesting that both groups agreed that using Copliot made the process more enjoyable as it automates the creation of a lot of the mundane code and lets developers focus on the real problems.
2. Copilot for Businesses was announced. Copilot is currently only available to open-source developers and individual developers. From December businesses will be able to buy and manage licenses for their teams. Pricing is around $10/month per developer.

What does this mean for our customers? Teams using Copilot should see significant productivity gains. At Talk Think Do we will be adopting this across the engineering team which, ultimately, should result in an improvement in velocity for our customers not to mention happier engineers.

Codespaces

Codespaces provides development environments in the cloud. These avoid having to setup a local development environment which can take many hours; installing tools, downloading code and setting configuration settings. These environments, similar to any cloud service, are charged by the minute. GitHub had a couple of Codespaces announcements:

1. Every developer now gets 60 hours of Codespaces for free every month. This allows many developers to use the feature for free.
2. There is a much larger range of hardware available – up to some hugely powerful machines. Obviously these cost a lot more but it is very hard to argue that Codespaces are not powerful enough for your needs.

What does this mean for our customers? At Talk Think Do we actually still believe in local development for most of our engineers. Offline work is a fundamental part of our business continuity planning and, at least in the UK, mobile network coverage is not good enough to rely on the cloud for all development. We do think it serves an incredible advantage for maintenance and support though. For those projects that engineers are not currently working on day to day it is much easier to use Codespaces to spin up an environment (which may have require different versions of tools and libraries to those currently installed on their laptop). This enables quick fixes and changes to code bases that are not having active feature development very quickly and ultimately reduces the time to fix for these issues.

Collaboration

From the beginning GitHub was all about collaboration as open-source projects rely on geographically dispersed teams and require a lot of collaboration and support to coordinate efforts effectively. It turns out these collaboration features work just as well within businesses and so have been widely adopted across the industry. GitHub is still leading the way and are pushing forward with projects for everyone and are also really encouraging responsible open-source support from businesses with specific support for sponsorship.

GitHub Projects

JIRA has long been the go-to agile planning and issue tracking system used widely across the industry. It is, however, on the decline and, in our experience, is pretty much universally disliked by users and administrators (sorry Atlassian!). Azure DevOps Boards offer a good alternative but a Microsoft solution is not for everyone. The whole industry is looking for a better option. Alternatives, such as Linear, are starting to gain traction. A new version of GitHub’s alternative, GitHub Projects was released in Q2 2022 and is being rapidly evolved into a contender and is well worth a look.

Open-source sponsorship 

It is now virtually impossible to find an organisation that doesn’t depend upon open-source software in some capacity. Many businesses are now choosing to support the communities developing their open-source dependencies more directly. This has long been the case for big tech but is a growing trend among the wider business community. GitHub announced increased support for the sponsorship of open-source projects via the platform as well as a slew of direct financial support that they are offering the community themselves.

Security

Security was a major focus of the conference and is an area that GitHub really focus on. Most of their tools have free support for open-source projects and are available for private enterprise projects through their GitHub Advanced Security product.

GitHub Advanced Security

GitHub Advanced Security is a develop-centric suite of security tools that directly assess the security risk of code as it is being created. This includes the code itself and the dependencies that are being added. This includes code scanning, secret scanning and dependency review.

In order to use this on private projects a GitHub Enterprise license is required along with an additional license for an annual cost around $550 per developer. For the level of protection offered we think it is money well spent.

Supply chain security

Supply chain security is an ever-growing concern as threats in this area are growing fast for a number of reasons:

1. There has been a massive increase in third party dependencies mainly driven by open-source adoption, but also the huge explosion in SaaS vendors and integration.
2. Change happens an order of magnitude faster than it used to. The use of automated security, such as GitHub Advanced Security, means that new versions of dependencies are applied to production systems within hours of the vulnerabilities being identified.
3. The ease and low cost of attacks via the software supply chain and lack of maturity in protection, compared to traditional attack vectors, make it an appealing target for hackers.

Automated tools such as GitHub Advanced Security are only part of the answer. Phishing and social engineering to take control of developer accounts are the number one threat to the software supply chain. Developer account security is something to take seriously. Here there are two recommendations:

1. Use FIDO2 keys rather than passwords. At Talk Think Do we moved over some time ago to Yubikey FIDO 2 keys for passwordless login using Azure Active Directory. It is very hard for phishing to be effective if users do not even know their passwords.
2. GitHub Enterprise supports Enterprise Managed Users, where Active Directory (or Okta) can be used for GitHub authentication which gives much more control over authentication and authorization.

Migrating to GitHub

DevOps may still be seen as a buzzword but many of the processes now classed as DevOps have been around for many years. There are a number of older continuous integration products in place and, additionally there is a growing demand for Azure DevOps moving over to GitHub.

DevOps Modernization is the process of moving these processes onto the modern GitHub stack. As with App Modernization this can range from a lift and shift to a wider reimagining for modern practices. GitHub have a number of automated tools available to help organisations make the transition, including the newly announced GitHub Actions Importer which covers some of the more involved steps.

Adopt GitHub with Talk Think Do

We hope this article has helped you understand the how GitHub can help manage your code and improve productivity and collaboration for developers, as well as help make your systems more secure. 

If you are interested in adopting GitHub for new projects or modernising your existing DevOps processes, you’ll benefit from the support of a trusted GitHub partner, like Talk Think Do. Our end-to-end support ensures that your unique needs are met from start to finish. 

If you’d like to learn more about how Talk Think Do could help you maximise the potential of GitHub, get in touch with one of our experts today.

FAQs