How developers use automation to innovate and secure software

How developers use automation to innovate and secure software

When a generative AI tool like ChatGPT is making the headlines almost every day, automation can become an overlooked capability in the developer’s toolkit. But just like salt and pepper are essential to almost any prepared dish, automation is essential to shipping impactful, quality-assured software. We automate the tasks that are necessary but don’t need to be sustained with manual effort—at least, for the most part.?

(If you’re wondering where we got the salt and pepper analogy, apparently there’s a lot of crossover between software development and cooking… and isn’t LinkedIn the place where you want to highlight transferable skills?)

The impact of automation on human lives

  • Automation likely conjures images of mechanical arms and conveyor belts. But TELUS, western Canada's largest communications and information technology provider, relies on automation to secure its software. Its software powers wireless connectivity, accessible healthcare, and safe food supply chains for more than 35 million people across the second-largest country in the world.?

  • TELUS uses a model it calls “security by design” as part of its shift-left strategy. Instead of relying solely on its security team to identify bugs and vulnerabilities, the company leverages GitHub Advanced Security (GHAS), which enables its developers to spot problems before those problems make it into production.?

Before we dive in more, let’s answer a frequently asked question: Is automation AI?

Not quite, although there is overlap:

Three columns detailing the difference between automation and AI
The differences between automation and AI

Generative AI is still in an experimental phase, so iterating on model and prompt improvements is invaluable to advancing generative AI tools.

  • Before the release of GPT-3, GitHub’s answer to general purpose code generation was, “No, it’s too difficult, the current models just can’t do it.” That answer changed when the research and development team, GitHub Next, was able to experiment with GPT-3. The team built a prototype of an AI-powered chatbot, and when the team put the chatbot in the IDE, the static question-and-answer modality dropped in favor of an interactive one—and the development of GitHub Copilot began.
  • GitHub ML experts are constantly experimenting and conducting A/B tests to master the delicate art of prompt engineering. Since launching the AI pair programmer as a technical preview in 2021, they’ve made headway in improving GitHub Copilot’s contextual understanding with developments like neighboring tabs and a Fill-In-the-Middle (FIM) paradigm. They’re also experimenting with retrieval algorithms that could consider your entire codebase to generate customized suggestions.


The call for sessions deadline for GitHub Universe is now extended!

Submit a session proposal for GitHub Universe by end of day Tuesday, June 13. Selected speakers will receive:

  • A complimentary pass to both days, November 8-9, of GitHub Universe?
  • An opportunity to share thought leadership with GitHub’s global community of 100 million developers
  • Access to a professional speaker coach
  • A speaker honorarium of up to $750 depending on your involvement with the session
  • Covered flights (excluding business or first class) and hotel

Speaking at GitHub Universe is a great experience, but don’t take our word for it. Here’s what Rizel Scarlett, developer advocate at GitHub, had to say about last year’s event:

A quote from Rizèl, "Participating in GitHub Universe was transformative and empowering. I deeply appreciated the support GitHub offered by providing a dedicated speaker coach. The energy from the audience fueled my motivation, making the entire experience unforgettable."
A quote from Rizèl

If you’re also looking for a transformative experience and to share your learnings with GitHub’s global community of developers, apply to be a speaker at #GitHubUniverse.


Okay, back to automation. ?? Automation is also playing an innovative role in software development by advancing security and low-code deployments:

  • Low-code tools allow people, not only developers, to deploy applications without having a large amount of coding knowledge. A suite of low-code tools, like Microsoft Power Platform, allows developers and non-developers alike to build custom applications and solutions with less effort—and organizations to solve problems and deliver those applications with greater ease. Here’s your guide to automating a Power Platform deployment with GitHub Actions.?

Automation is also helping to relieve developers from alert fatigue. It’s better to be safe than sorry, but a high volume of false positive security alerts can overwhelm and distract developers from legitimate vulnerabilities.

Remember when we wrote, “We automate the tasks that are necessary but don’t need to be sustained with manual effort—at least, for the most part”? Let’s explain what we mean by “for the most part.”?

No alt text provided for this image

  • A ReDoS is a denial-of-service (DOS) vulnerability in which a regex runs exceptionally slowly on some inputs. While code scanning detects ReDoS vulnerabilities automatically, fixing them requires some human intervention and isn’t always easy. But our security researcher Kevin Backhouse provides a well-written tutorial (the next-best-thing to an automated process) that details four steps to fix a ReDoS bug.?


???? ??Looking to upskill, increase industry knowledge, and expand your network? Check out our upcoming virtual events.

  • Get featured in Branching Out ? Have you used GitHub’s automation tools to create something amazing? Send an email to [email protected] for a chance to get spotlighted in a future edition.
  • Subscribe to The GitHub Insider monthly newsletter ??Discover tips and tricks you can do on GitHub that you never knew were possible. Sign up now
  • Enjoyed this newsletter? ?? Share it with a friend.?



Push upstream to main

回复
Alex Viera

?? Desarrollador Junior Backend |??? Git & GitHub |?????? Estudiante de Programación | ?? Java

1 年

Incredible how automation is changing security and low-code deployments! ??

回复

Attention is all you need But Comprehension is not included yet. ??

回复

要查看或添加评论,请登录

社区洞察

其他会员也浏览了