How GitHub became the de facto automated supply chain for software
GitHub is an example of a web service that absorbs the function of an entire industry’s supply chain, but it took a few versions for it to become the software we now know and use.
Microsoft-owned code hosting site GitHub has launched a new Sponsors feature to let supporters of a project give contributors funds to continue their work. Also, to kick off Sponsors GitHub will for the first year match all contributions up to $5,000.
GitHub announced the new contribution platform on Thursday at its 2019 Github Satellite conference in Berlin, Germany — the first Satellite conference to open with a keynote by recently appointed CEO Nat Friedman, the former CEO of Microsoft’s Xamarin who was appointed to the role when Microsoft completed its $7.5bn acquisition of Github in October.
GitHub won’t charge platform fees for GitHub Sponsors and is covering payment processing fees for the first year of the program. Sponsors payouts are available in all countries GitHub does business.
Anyone with a GitHub account can sponsor another developer, however if a developer wants to be sponsored, they’ll need to apply and provide GitHub their developer file, banking and tax information, and enable two-factor authentication on their account. The GitHub Sponsors is currently opened as a “wait list” and the company is starting with a small beta.
The platform is designed to let GitHub users fund contributors for example when they answer a question, triage an issue, or merge code. Users will be able to sponsor their work from the recipient’s profile.
GitHub also announced it had acquired open-source automated bug-fixing outfit Dependabot. The service is being offered free to all GitHub users as of today.
“If I as a maintainer release a new version of a package, which has a security fix, now all my downstream users on GitHub will get an automatic pull request that they can just merge. That’s a huge advantage,” said Friedman of the Dependabot integration.
With Dependabot, GitHub will now also monitor a project’s dependencies for known security vulnerabilities.
Automated pull requests will come to all all accounts that have enabled GitHub security alerts enabled over the coming months.
GitHub is also beefing up its security alerts service with additional data from open source security firm, White Source.
GitHub says that since 2017 it has sent almost 27 million security alerts for vulnerable dependencies in .NET, Java, JavaScript, Python and Ruby. However, how many of these resulted in fixes is not known.
GitHub also hasn’t suffered an exodus of developers unhappy Microsoft’s acquisition, according to Friedman.
“During the last six months GitHub has grown tremendously. You know now we have more than 36 million developers on the platform. There are millions of contributions to open source every day.”
Friedman said GitHub was now treating big open source communities like “VIP customers”. LLVM, for example, has decided moving to GitHub. Also, the Apache Foundation is moving all Apache projects to GitHub.
“From where we’re sitting GitHub is only growing,” he said.
More than half of the Fortune 50 are GitHub users while more than two million organizations use GitHub for internal work, according to Friedman.
On the enterprise front, GitHub has launched a beta of “internal repositories”, which lets enterprise create internal repositories that are only visible to their developers. Enterprise users also gain a new “dependency insights”
Additionally, GitHub is introducing two new user roles called Triage and Maintain. This allows admins to seek help like triaging or managing users from trusted contributors without granting them write permissions or the ability to change repository settings.
Finally, GitHub announced new a “enterprise account” aimed at organizations that want to adopt “Inner Source” or taking open-source development practices and applying them inside a single organization. Microsoft recently went on a mini-hiring spree for inner source engineers to help Microsoft engineers to use GitHub and adopt inner source practices.
Liam Tung
Related Topics:
Cloud
Big Data Analytics
Innovation
Tech and Work
Collaboration
Developer