How GitHub is accelerating innovation and enabling secure software development.

Disruption! Its happening everywhere. Most of the companies that were in the Fortune 500 list in the year 2000 has ceased to exist and have been replaced by more innovative companies. Examples include Amazon who has revolutionized the retail business, and Netflix whose direct to home streaming model decimated the video rental business of companies like Blockbuster. And technology was at the center of all these disruptions.

And these disruptions didn't happen magically. These companies experimented with new technologies and methodologies and weren't scared to go back to square one if things went south. They, then, built a culture and processes around successful and swift innovation and adopted a DevOps tool-chain that matched those ambitions. That enabled them to leverage open source, learn/adapt fast and eventually, ship fast.

There are three very overpowering trends that are dominating the industry, at present

1. Developers are in short supply. The demand far, outstrips the supply.
2. An overwhelming majority (around 99%) of code-bases include open source code. In fact, any code-base with over a thousand lines of code include open source.
3. Most companies (approximately over 90%) have struggled to implement and optimize DevOps.

The GitHub platform was built with these in mind. It was built after consultation with and a proper evaluation of the needs of millions of developers, a plethora of open source communities, countless enterprise customers and their partner ecology. The end result was the most secure, diligently hardened, extremely scalable, and by far, the most reliable platform for modern software development. It was eventually acquired by Microsoft in an extremely strategic and fruitful move. Microsoft via GitHub supports all sorts of developers ranging from the individual enthusiast with free private and public repositories at GitHub.com, to the hordes of developers at the Government level via GitHub Enterprise which is available on-premises, and in the public cloud, and soon to be launched private cloud. At the latest count, there are nearly 30M private repos and over 100M public repos. Now, that is a lot of code!

GitHub is the go-to platform for swift modernization. GitHub has four pillars on top of which your ability to innovate rests.

• Automation - You can automate workflows from your code-base to any cloud.
• Security - Assimilate your private code with open source code, securely and whilst remaining compliant with any regulations.
• Collaboration - Ingratiate the ethos, culture and principles of open source into your organization.
• Recruit/Retain talent - Retain existing and entice outside talent by providing them with an ecosystem that they know, appreciate and love.

Software development has been aptly classified as the world's largest team sport where small to large teams collaborate on coding, across life-cycles and tool-sets. GitHub has incorporated the collective wisdom of millions of users where the input of one benefits many.

Automation

GitHub is considered ubiquitously the home of the World's code. It is elastic, community supported, constantly refreshed, supports all OS and has the largest ecosystem. And you can deploy to any cloud, on-premises platforms, Kubernetes clusters, containers, Serverless, PaaS and pretty much anything you can imagine. It is the premier all-in-one solution in the world with coding, collaboration, packaging and CI/CD, all available under one umbrella. It has great interoperability with Microsoft's own Azure DevOps. You can plan and track your work using Boards and also monitor your deployed code. One can assimilate their organizational security processes and policies with various teams, life-cycles and repos. It has the largest DevOps ecosystem in it's marketplace and is very well integrated with any cloud. It supports any programming languages and any packaging format.

GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline.?Along with Azure DevOps, AWS suite of DevOps tools (CodeBuild, CodeStar, CodeDeploy etc.), GCP DevOps tools like CloudBuild, most of the cloud service providers have their own set of DevOps tools. And all of them are equipped to work with GitHub.

Security

It has been noticed with certainty that 80-90% of the software created by the most innovative teams are procured from open source repositories. This is good in the sense that the time and energy spent on reinventing-the-wheel kind of repetitive coding can be utilized to innovate and create uniquely different and useful software. This means that you are letting your software supply chain have a dependency on the work of unknown coders and are letting them commit their code into your production code-base.

This creates a severe dilemma, in the sense, that an innocent mistake or a malicious actor can seriously affect your software. Security breaches are becoming very expensive and with serious damage being inflicted upon the victims. With a real dearth of professionals who can prevent such breaches from happening, it is making sense that security is shifting left.

In this philosophy, security concerns are addressed early in the development cycle. This is done using the following community powered tools like

• Dependency Insights - This tool provides a visibility into all the open source, inner source and commercial components of the software thus providing a resolution for compliance, security and inventory requirements.
• CodeQL - Considered as the worlds most advanced code analysis tool.
• Vulnerability management - This tool searches for, finds and remediates vulnerability in all pieces of code, tokens and even, environments.

GitHub creates automated updates that enables you to swiftly merge and deploy remediating changes to the code-base and also provides code scanning. Using these features, secure code is created by an effective collaboration of security teams and developers.

Collaboration

The largest software development teams in the world like those of Apple (iOS 13), Salesforce (Sales Cloud), IBM and many others, have leveraged GitHub. Microsoft have used the user data and GitHub’s dependency graphs to ascertain how teams on GitHub collaborate and then fine-tuned collaboration tools around developer comfort and team velocity. With instantaneous data available on millions of developers, they have been able to understand the changing needs for collaboration and the team dynamics and using that, they then made appropriate changes to their products to match. There are many community powered collaboration tools/strategies available in GitHub.

• InnerSource - Teams use InnerSource to increase visibility, strengthen collaboration, and break down silos mainly to implement open source practices and culture inside an organization.
• Mobile - a fully-native GitHub experience on iOS and Android. Enables you to communicate with your team, triage issues, and even merge code, right from your mobile device, anywhere.
• Codespaces - This is?an instant, cloud-based development environment that uses a container to provide you with common languages, tools, libraries and utilities for software development.

And many more....

Recruit/Retain Talent

The most important resource nowadays are developers, as demand far outstrips supply. GitHub has become the most diversified developer society that enables us to discern the latest trends in software development and that in turn, determines the skill-set required in the industry. The personal repository of a developer has sort of become the new resume and many of the top companies do a thorough evaluation of a candidate's personal code base in GitHub, to ascertain the skill level of the developer.

The demand for developers has shot through the roof because non-software/tech companies are also using software for enablement and are using the same for disruption. Rapid change in technology, architectural styles and the resultant language choices are leading to a skills shortage. To adapt to such conditions companies are adopting remote teams, freelancers and temporary workers as well.

GitHub is being used by both professional and student developers. Over 2 million students use the platform to learn coding and countless schools use GitHub Education to impart much needed and much in-demand coding skills. GitHub also has a free Learning Lab that?helps you learn how to use GitHub, teaches you to communicate more efficiently with Markdown, how to handle merge conflicts, and more.

Conclusion

GitHub is the indispensable and essential aid to your digital transformation journey. Not only are the world's most innovative and disruptive companies viz. airbnb, Spotify, Pinterest and many more, are using GitHub to store their code (source and binaries) but also are using community developed DevOps tools to like GitHub Actions (CI/CD tool) and GitHub Packages (repository) to automate. GitHub has help accelerate innovation and has created a culture of secure software development that is going to drive our march into the future.