Everything new from GitHub Universe 2022

Coming soon, businesses can purchase and manage seat licenses for GitHub Copilot for their employees. This will give businesses the proven benefits of core AI-assisted technologies, as well as added admin controls for various GitHub Copilot settings on behalf of your organization. We’ve measured the impact GitHub Copilot has on developer happiness since it launched for individuals. Because of how GitHub Copilot understands natural language and code, it gives you WAY more than just a productivity boost. It helps you focus on business logic-over-boilerplate, and discover ideas you might not have otherwise considered. All from the comfort of your editor.

Join the waitlist to see what doors AI can open for your business!

If GitHub Copilot is our pair programmer, why can’t we talk to it? That’s exactly what the GitHub Next team is working towards. “Hey, GitHub!” enables voice-based interaction with GitHub Copilot and more. With the power of your voice, we’re excited about the potential to bring the benefits of GitHub Copilot to even more developers, including developers who have difficulty typing using their hands. “Hey, GitHub!” only reduces the need for a keyboard when coding within VS Code for now, but we hope to expand its capabilities through further research and testing.

“Hey, GitHub!” is an experiment by the folks in GitHub Next, and they’d love to get your feedback. Join the waitlist and let us know what you think.

Today, we’ve made GitHub Codespaces available to individual users (Free and Pro) and we are including up to 60 hours of Codespaces for free every month. GitHub Codespaces provides an on-demand cloud development environment so developers can start building in seconds. Last year, when we made Codespaces available to GitHub Team and Enterprise Cloud customers, we saw how it reduced the time it takes to onboard new developers and improve the developer workflow. Yet this problem still exists for developers and maintainers of open source projects. By removing the complexity of managing a dev environment and having to own a powerful machine, we hope to increase the number of developers in the world, so that anyone can create, collaborate, and innovate from the cloud.

Through our partnership with JetBrains, developers can now use the IDE of their choice on GitHub Codespaces. We’ve also added JupyterLab in Codespaces, in public beta, so that machine learning and data scientists can get the full IDE experience. JupyterLab support is even more powerful when combined with GPU-powered codespaces. GPU access is in private preview; you can request early access here.

You can try GitHub Codespaces through LinkedIn Learning’s 50+ Codespaces-enabled courses that cover six programming languages and topics including data science and machine learning. Take these courses for free through February 2023.

Code search has a powerful new interface that allows developers to construct queries with suggestions, offers completions, and provides the ability to slice and dice results, bringing you relevant results with incredible speed. 🔎

Code view also has an entirely new redesign, which tightly integrates search, browsing, and code navigation, allowing developers to rapidly traverse their code to find answers. It puts code in context, showing where it fits into the rest of the repository, and enables developers to easily browse files across their repository.

These two features will change the way you navigate on GitHub.com by helping you find the right code faster and organizing work to improve your collaboration within and across repos.

Join the waitlist to get set up.

Roadmap provides the next level visualization of your projects. 👀 Alongside tables and boards, you can create a roadmap view to visualize your work items across a timespan, plan and track a body of work over time, or watch the progress towards a deadline. With the full picture of timing and progress, you can easily communicate with all stakeholders to keep them up to date. 🖼️

We love a good checklist, but sometimes you just need to break it down a little more. The new Tasklists UI shows meta-data-like assignees and labels, and allows you to quickly decompose work into sub-tasks, then convert them to GitHub Issues with a click.

Tasklists are deeply integrated with GitHub Projects, and you can use new fields like “tracked by” and “tracks” to get a birds-eye view across your parent and child issues.

And, under the hood, it’s all just Markdown. 😎

Roadmap and Tasklists will be available soon. Join the waitlist to try them out when they are ready.

Keep things moving. ▶️ GitHub Mobile now has more features to let you do what you need from your phone, including accessing GitHub Projects, running GitHub Actions for your workflows, and editing files in pull requests. 📱

Quickly get into your recent projects to edit custom fields and switch views so you can find what you need with easy‐to‐read metadata tags—available today from Google Play (Beta) or iOS TestFlight.

With GitHub Enterprise Cloud, you get access to our newest features as soon as they’re released. Features like our new fine-grained personal access tokens that massively reduce the surface area of credential leaks from integrations, by empowering developers with fine-grained permissions and individual repository targeting, and administrators with full control over what access, is approved. Or the ability to track all of those tokens now in your enterprise audit log.

Over the last few years, GitHub Actions has become a mature CI/CD platform, and is more powerful than ever. In fact, over 10 million builds a day are happening with GitHub Actions, across Linux, Windows, and macOS. If you’re running a lot of builds, or have some time-consuming workflows, you can take advantage of GitHub Actions larger GitHub-hosted runners. These runners, the machines that execute jobs in a GitHub Actions workflow, let you build in Linux and Windows, and provide compute with up to 64 cores, and 256 GB of RAM. This ensures that no matter how enormous your codebase is, you can build, test, and deploy it in a matter of minutes.

We want to make sure that everyone can take advantage of GitHub Actions, even if you’ve already invested in another CI/CD platform. GitHub Actions Importer helps ease the toil of CI/CD workflow migration. With GitHub Actions Importer, users can plan and execute migrations from their former CI/CD tool to GitHub Actions so you can get up and running faster. It’s distributed as a Docker container, and an extension to the official GitHub CLI used to interact with the container automates a large portion of the migration process for even a large CI/CD footprint, saving you from tedious and error-prone manual labor.

GitHub Actions Importer will be free to any GitHub customer, no professional services contract required. Try it out today.

Fine-grained personal access tokens give developers granular control over the permissions and repository access they grant to a PAT. With this update, organization administrators are in control, too, with approval policies and full visibility for tokens that access organization resources, keeping your account secure.

Read more about fine-grained PATs on our blog.

As a GitHub Enterprise owner, you can now enable authentication token data to display for audit log events. In doing so, you’ll be able to query your audit logs for activity associated with specific authentication tokens. This feature will better equip you to detect and trace activity associated with corrupt authentication tokens, which have the potential to provide threat actors access to sensitive private assets.

Learn more about identifying audit log events performed by an access token.

We’re excited to share that we have partnered with Arm to revolutionize IoT software development by making the Arm Development tools (Arm cross-compiler and Arm Virtual Hardware) natively available inside GitHub Actions cloud hosted runners to create an efficient CI workflow. Learn more.

Today, GitHub Enterprise Server 3.7 is generally available for our customers who want the power of GitHub from inside their data center. This release includes over 70 new features, like the security overview dashboard, which is now available to all enterprise customers, and support for nesting reusable GitHub Actions workflows. New enterprise innersource policies also make it easier to collaborate across teams in any company, including the ability to restrict repositories to organizations only, and allow multiple forks of a repository within a single organization.

Read more about the latest version or sign up for your free trial.

Someone has found a vulnerability in your public repository—wouldn’t you like to be the first (and only) person to know? Private vulnerability reporting is a collaborative solution for security researchers and open source maintainers to report and fix vulnerabilities in open source repositories. It provides a convenient, standardized, and secret way to report, assess, and address vulnerabilities. No more wasting time hunting down email addresses or submitting vulnerability reports via social media! Private vulnerability reporting makes it easy for community members to privately submit a report within GitHub to public repository owners, who can then take appropriate action within their GitHub workflow.

Maintainers, try it out today to bring standardization, efficiency, and discretion to your vulnerability reporting workflow.

CodeQL support for Ruby is now generally available. We’ve made significant improvements to CodeQL support for Ruby over the course of the beta, including doubling the amount of default queries, providing coverage for all Ruby related OWASP categories out of the box, and optimizing performance to deliver tests in less than five minutes for 90% of beta users who on average run almost 5,000 tests per day. This means that CodeQL users can easily find, identify, and fix vulnerabilities in their Ruby codebases, all within GitHub.

Ruby support for CodeQL is available by default in GitHub.com code scanning, CodeQL CLI, and the CodeQL extension for VS Code.

To celebrate, the GitHub Security Lab Bug Bounty Program will give a $2,000 bonus for the first 10 CodeQL queries to test open source projects written in Ruby that score High or Critical. Submissions will be accepted until March 31, 2023. Learn more about how to participate here.

Managing the security of hundreds or thousands of repositories? Security overview’s new risk and coverage views provide greater visibility for GitHub Enterprise users into their security posture and risk analysis. The coverage view gives visibility into enablement across all repositories and is complemented by the risk view that gives visibility into all alerts across these repositories. Dynamic filtering–across teams, alert types, severity and and more–means you can easily prioritize where to focus your remediation efforts.

Security coverage view

Security risk view

For more comprehensive insights into your security risk, check out the security tab of your repository.

As we do every year, we’ve undertaken extensive research to gather data on open source. In this year’s Octoverse report, we wanted to answer a singular question: What impact is open source having on business? And for that matter, what impact is business having on open source? We found both groups are far more connected in 2022 than at any point previously, with 90% of the top open source projects by contributors being commercially backed—and first-time contributors favoring commercially backed projects.

Read the report.

We are booting up a new way for us at GitHub to directly support, mentor, and grow the maintainers of projects we depend on. Our GitHub Accelerator will fund 20 maintainers and teams that want to commit to open source careers with a full stipend and mentorship, allowing them to turn their current open source side gig into a full-time career or company. This work will include a specific focus on building enterprise founders through GitHub Sponsors.

Apply now, before the December 31, 2022, deadline.

We want to fund the open source companies of the future, too. Today we announced a $10 million GitHub Fund in partnership with M12 to ensure that open source continues to get the funding they need. Because if we want open source to be vibrant tomorrow, we need to invest in the developers and maintainers of today.

Learn more here.

GitHub Sponsors lets you invest in the open source projects you depend on. This past summer, we contributed half a million dollars to 900 of the dependencies that GitHub needs to run our own software, impacting developers across the world and allowing them to spend more time on open source: fixing lingering bugs, onboarding new contributors, patching security flaws, or sketching out the next iteration of their project. This would have been quite tedious in the past, but we took advantage of a new bulk sponsorship feature, which is coming soon for all users.

Instead of checking out one by one for each sponsorship you make, you’ll be able to upload a list of maintainers and dollar amounts and checkout with them all in one go. This will make it possible for you to support more of your dependencies all at once.