GitHub ups security game as Microsoft crawls into the platform. Also: Devs’ days get longer

GitHub platform update

Code repository management service GitHub has used the online version of its annual Satellite conference to introduce more security and cooperation features into the platform, also making use of tech from parent company Microsoft.

After years of users nudging the company to add something that facilitates spontaneous contributing, GitHub now sports a preview of Codespaces, a “fully featured, cloud-hosted dev environment that spins up in seconds”. The name might sound familiar to those keeping up with Microsoft’s doings, since the company’s IDE section announced the rebranding of its online IDE Visual Studio Online to Visual Studio Codespaces only last week.

And in fact, the new feature is “powered by Visual Studio technology” providing “a browser-based version of the full VS Code editor, with support for code completion and navigation, extensions, terminal access, and more”. Pricing is said to be still in the works, though Codespaces “will be free to use during the limited beta” – presumably to add chum to the waters, drawing companies into using the new hosted feature as the platform moves more into pay as you go territory.

To highlight the collaborative aspect of the platform, discussions will soon get their own forum-like space in repositories, descriptively called “Discussions”, so new features don’t have to be fleshed out in issues and pull requests anymore. 

Security crept into focus again, with GitHub announcing betas for code and secret scanning. While code scanning checks everything pushed to the platform for potential security vulnerabilities which maintainers will surely appreciate, secret scanning “watches private repositories for known secret formats” and lets developers know should they have accidentally made their way into a repo. The latter capability isn’t really new, but was previously only available for public repositories.

In other security news, the company offered first looks into GitHub Private Instances, a soon to come fully managed option for enterprise customers with features such as “bring-your-own-key encryption, backup archiving, and compliance with regional data sovereignty requirements”.

Devs seem to feel the COVID-19 pressure

GitHub also released a report authored by recently hired DevOps luminary Nicole Forsgren, that provides some insight into developer activity on its code hosting platform  “in the early days of COVID-19”.

Compared to the beginning of the year, the findings of the company’s data science team suggest “developer activity has stayed consistent or slightly increased throughout the initial wave of the pandemic and shift to working from home”. However, work days seem to have become longer in March, “up to an hour per day”. 

This could be a result of “non-work interruption” when working from home, but also a perceived “pressure to push more often” to show activity and stay employed in times of economic uncertainty or “combat boredom” on the lighter end of the spectrum. 

To make sure the changed work patterns don’t lead to burnout, Forsgren and the data science team cautioned devs and organisations to “take proactive steps to prevent burnout, and watch for it among their teams and peers”.

Other findings include that teams seem to have become more responsive to pull requests while working from home, given that repositories owned by Enterprise Cloud accounts or paid teams saw a significant drop in the time needed to merge a PR, when compared to January of this year.

But not only company repositories seem to profit from devs being restricted to their four walls. Collaboration on open source projects picked up as well in March, and unsurprisingly it’s a project that helps people to stay in touch that profits most. Video conference system Jitsi Meet saw by far the “largest increase in distinct contributions in 2020”. 

Jitsi only crept into the common focus earlier this year as an open source alternative to Zoom and Co. It isn’t exactly new though, having been around since 2003, with audio and video capabilities since 2011 and working up some street cred in open source circles since then. So don’t give up on that little looked-at open source project of yours, there’s always the chance of it making its breakthrough some day. Hopefully under nicer circumstances.