GitHub Universe 2022: Day Two Recap

GitHub Universe 2022: Day Two Recap

Aniket Pal

GitHub's flagship event, GitHub Universe 2022, has just closed its virtual doors after 2 days packed of information, announcements, and releases. The team has built over 100 new features in just 365 days which were showcased in Universe. The loudest buzz in Day One was around Copilot expansion, which GitHub called "Copilot for Business". Universe not only consisted of feature announcements but also showcased multiple matrices proving the need and impact the software has created and creating.

Octoverse Report of 2022

GitHub released their first Octoverse report 10 years ago, celebrating 2.8 Million users. In 2012, most internet businesses were using OSS to run their web servers, even Red Hat achieved $1 Billion dollar valuation.

Today the world has changed, and we believe standing at 2012, even GitHub's CEO couldn't have predicted the numbers. 94 Million developers use GitHub, 90%+ of Fortune 100 Companies are using the tool, with over 413 Million open source contributions in 2022 and more than 50% of first time contributors worked on commercially backed projects.

The matrix also showed how HCL is the fastest growing language on GitHub and how 30% of Fortune 100 companies have Open Source Program Offices. The statistics, announcements, demos were pretty intriguing. Incase you missed Day Two or you are someone who likes to read, don't worry we got you covered 🥷🏻.

The Pre-Show 🐣

Day Two started off with Anjuan Simmons, Christina Warren and Damian Bardy from GitHub in the Pre-Show. With Anjuan and Christina taking us through, from stage where as Damian giving a tour of the registration desk and demoing all the techniches from the floor. The two hosts also mentioned about rubber ducking concept and how GitHub is using rubber ducks to promote collaborative programming.

The garden stage also had Thomas the CEO of GitHub. He shared his excitement about the start of in-person events and mentioned how conversing with customers, users, team mates gave him feedback and motivated him to build for tomorrow. He shared how OpenSource was when he was growing up. The efforts to learn a simple topic took him to libraries, made him read books and then next morning going to computer clubs whereas now with the power of internet and OpenSource in action everything became more visual and easy. Thomas also mentioned how GitHub deployed GitHub 400 times a day counting to around 80,000 deploys in the last year.

Anjuan and Christina with Thomas, CEO GitHub

Securing GitHub in Cloud ⛅️

Be it GitHub Enterprise Cloud or deploying Enterprise Server into the cloud GitHub is building the tool to unlock cloud migration. The tool follows 3 basic fundamentals - Centralising access control, adopting least privilege everywhere for users and integrators, and detecting threats in real time.

First principle makes sure right people have access to right thing from right places. Making sure is done via centralising access control. Giving and revoking access automatically without changing multiple systems, one single sign in from everywhere, keeping private code private and access from anywhere. Migrating from servers are made easy with IAM access over GitHub's enterprise accounts. Several companies have created Enterprise accounts and have migrated to GitHub's Cloud.

Maya Ross from GitHub on Best practices for securing GitHub in the cloud

Right people have the right access to the right places is the ultimate aim GitHub is looking forward to. GitHub's IP Allow list feature enables server managers to select the IP Addresses where in users can do get and post requests. GitHub is making 2FA mandatory for all contributors an attempt to secure the whole software ecosystem safeguarded from social engineering. Allowing SSO became easy this year with one click to connect the servers.

Maya Ross from GitHub showcasing 2FA mandate, SSO, Allow list

Giving right people right access is a feature we all needed. For example, giving the DevOps team the ability to write branch protection policies. GitHub enabled custom repository roles. PATs can now be set an expiration time for both organisation or to a specific repository making the environment further secured.

Maya Ross Speaking on how PATs work, allow deny methods and revoking permissions

Teammates now requesting to get access now gets us pinged in the dashboard, where in we can either approve or deny their request. Similarly, we also get the option to revoke certain permissions incase we feel members have more access than required. GitHub also provided us unlimited time to retain audit logs which would help us understand where things went wrong. IP address tracking enabled security to next level. Maya also demoed how OOID is becoming the best way to integrate other cloud service providers with GitHub.  

GitHub Code Search 🔎

Developers don't just write code they also read it. As developers we are often asked questions about function's signature, service meshes or about how the API works. Most of the time, we go for an internet Search and get the answers but often there are questions whose answer is not mentioned in any forum. The clue stays hidden in the code itself.

Colin Merkel from GitHub talking about GitHub Code Search

In 2021, over 100k developers joined the waitlist and explored the Code Search feature. According to a user GitHub Code Search turned 10 minutes grep search into a 2 seconds UI search.

GitHub brought in 3 vital features into Code Search feature, firstly extending its use case to almost everyone and secondly building the most powerful code searching tool ever. The new Search Interface allows developers to construct new search queries, moreover code search engine that brings relevant results in matter of seconds. Finally, a redesigned Code View which integrates searching navigating and reading, allowing developers to traverse easily and get answers.

Colin Merkel showing how search works

Suppose, we are looking for the script where we have written a function to retrive data from KDB database. As of now, we are do not remember exactly which file or directory has it, we just start searching randomly and create an havoc out nowhere. I know that happens a lot to me :) GitHub built this amazing search bar wherein we need to type the keywords and get the result. Say, we are searching in our organisation's codebase named Mergify and we search for function definition for ResolveQueues. Querying owner:Mergify ResolveQueues gets us the result now we saved a lot of time and can focus on building the feature which we were building actually.

How GitHub builds GitHub 👨‍💻

Undoubtedly the most exciting talk of the universe, not only for attendees but even CEO showed high enthusiasm for the event. Mike Hanley Chief Security Officer and SVP of Engineering mentioned how GitHub uses GitHub to build GitHub.

Mike Hanley from GitHub talking on how Github build Github

Mike mentioned over the last year GitHub deployed around 80k times across all the services that power GitHub. GitHub even had over 1.9 Million commits across internal repos in the last year. Due to the ease of the product and scale GitHub processes on an average around 4.3 Billion API requests per day, that is around 50k requests per second.

According to Mike, GitHub focuses on 3 parameters while building. Productivity, Collaboration and Security with the numbers mentioned about it is quite clear on the high collaborative productivity GitHub employees must have and shipping products makes sense when the product is secure.

Productivity 🦿

GitHub uses CodeSpaces internally to write code. CodeSpaces not only gets project spun in seconds but also makes sure every member has the same setup and gets equal machine capabilities to build on. The 18 GB GitHub file takes around 45 minutes to compile while working on a Mac with M1 chip, whereas it takes just 1 minute to compile in CodeSpaces. GitHub uses CoPilot internally to check its productivity GitHub divided 2 teams one used CoPilot and another did not. For the same task it was proven, the team which did use CoPilot was able to finish talk 55% faster. Moreover, developers using CoPilot on a day to day basis claimed to have more satisfaction of their jobs, since they were able to write code which were not written before and needs human skills rather than writing the same code multiple times.

April Leonard showcasing the use of CodeSpaces and Copilot

With the DevContainer setup users just need to specify the base image, number of hosts required to spin up and the configs. Every developer gets the same experience of using high end CPUs and GPUs.

Collaboration 🤝

GitHub has remote first and highly distributed team. Issues and Tasklist comes into play here, it helps team by not using any additional tools and link things on the platform they are building on. To stay in flow and not making developers find a needle in the hay stack, Gitub has an amazing Code Search and View policy. Code Search and View lets users get the required script in just matter of seconds not only increasing productivity but empowering the collaborative flow in the development cycle. GitHub's monolith was written 15 years ago, there are lot of employees who joined the company way later it helps them find things easily in just a matter of seconds with the improved search and view modules.

Omer Bensaadon from GitHub demoing how collaboration works in GitHub

Omer explained how his team uses board views and tables to get the kanban working and the development in sync. Although we enjoy a good checklist, there are times when we simply need to delve a little deeper. The new Tasklists UI enables you to rapidly break down work into smaller tasks and convert them to GitHub Issues with a single click. It also displays assignees and labels that resemble meta-data.

Tasklists are deeply integrated with GitHub Projects, and we can use new fields like “tracked by” and “tracks” to get a birds-eye view across our parent and child issues. And, under the hood, it’s all just Markdown.

Ultimately, a good collaboration tool has been the key reason for development in GitHub in terms of trust and transparency.

Security 🛡️

Mike being the Chief Security Officer was extremely excited while sharing how Github builds secure systems from GitHub. 20% of the security breaches today occur due to exposed credentials. GitHub's tool which doesn't let you push directly if you have any credentials leaked is a step towards building a secure ecosystem. Mike believes development team and security team should work hand in hand. Collaborating would help ships product faster else it may slow it down while moving fast.

GitHub uses Vito Security keys for logging in, a hardware key which employees use everytime, even for logging in into their system. Mike believes the piece of hardware is the best possible security measure till date. Securing accounts of not only employees matter to GitHub even accounts of significant contributors getting hacked can totally change the OpenSource ecosystem. GitHub currently has 20% users having 2FA till date, while they are planning to mandate the rule to every contributor who wants to contribute in OpenSource.

Xavier from GitHub Security Lab demoed the security aspects GitHub looks into

GitHub bakes security in everything from research, resources and security products in GitHub advance securities. GitHub primarily uses Dependabot and CodeScanning with CodeQL. His talk majorly consisted on how CodeQL works and the changes it brings in.

Vodafone's transition with GitHub ⚙️

Vodafone is a leading telecommunication company in Europe and Africa, lead by the purpose to connect better future. Vodafone develops a range of leading products and sources covering mobile and IoT connectivity as well as TV solutions to help build digital solutions for the future. Vodafone's IoT service has become the largest IoT service connecting 150Million devices, their fintech solutions are used by over 50 Million customers in just Africa. Vodafone is on a transition from a tradition mobile and broadband provider to becoming a real tech company. Digital connectivity for Vodafone is increasing massively at a rate of 50% every year.

Ahmed El Sayed from Vodafone speaking on Vodafone's transition with GitHub

With the increasing market Vodafone realised the need for reform, the urge to build in-house applications. Invest heavily on their productivity through code re-use and automation. To achieve the first call, Vodafone promised itself to have 50% of Vodafone's technology talent to be engineers by 2025. Vodafone currently has 9000 software developers which they plan to increase by 16,000 in next 2 years.

With Vodafone's start of using GitHub they managed to bring all engineering team to one platform, with 150+ capabilities and 80% reduction in duplicated capabilities available globally. Building Mono-Repo for Vodafone on GitHub has given engineers receive full visibility on micro-services built by colleagues to promote conversation and collaboration. Mono-Repo consolidates work streams into a single global product rather than multiple local projects. Shifting to GitHub increased 70% percent productivity for the team. 40% of Web Engineering team saved time due to the automation GitHub has in-house.

10 Years of the Octoverse 🤖

Octoverse report is generated every year to get the numbers on what exactly is happening on GitHub and general OpenSource ecosystem. The first GitHub commit was made 15 years ago and 2022 marked the 10th Birthday to the octoverse Report. When GitHub started off in 2007, there were roughly 12 Million developers in the world, but now GitHub itself is a home for over 94 Million.

In 2007, developers were mostly from either USA or Western Europe with time and progress of the free master tool - GitHub, India itself has 9.72 Million developers on GitHub with 2.5 Million who joined GitHub in 2022 itself. The demography for developers has changed over years and is still changing. GitHub not only empowered students but also got a lot of OpenSource startups from India. According to Martin, India is supposed to take over OpenSource by 2025.

Martin Woodward Developer Relations at GitHub showing the report

The languages which programmers are using has changed over time. Currently, HCL tops the chart in terms of growth in 2022. JavaScript consistently managed to top the chart over the years while previously C and C++ topped the chart while currently they rank 9th and 6th respectively.

The Octoverse report also showed how large tech companies are building the largest tech communities. The largest Open Source Projects by contributors in 2022 stands Microsoft's VSCode, Google's Flutter, Vercel's NextJS and more. Although companies have dedicated employees working on the particular tool, but the external contribution which they get from community is approximately 10 fold then the internal community. Over 30% of Fortune 100 companies have dedicated Open Source Offices on Premise. It has also being devised 227 Million PR's were merged in 2022 with over 31 Million Issues resolved and 413 Million contributions to Open Source in 2022.

Concluding GitHub Universe 2022 ✨

GitHub organised Universe offline mode after around 2 long years. Team shared about 100 features which were developed in 1 year. CodeSpaces and Co-Pilot for enterprise level is a game changer for the entire software development lifecycle. The "Hey GitHub!" feature which enables to code without typing will motivate people with disabilities to code. With the security changes GitHub brought in it proved, the team is not only concerned for their security but also is looking forward to build a secure OpenSource Ecosystem. The mandating of 2FA for all contributors, credential leakage stop and the shifting left architecture promises the world for a new and secure ecosystem.

With the world believing on OpenSource we team Mergify believes GitHub would bring in change that would change the software development ecosystem forever in subsequent years. The Octoverse Report showed GitHub's impact and also promised the increasing trust and happiness index which the product has created over the period of time.  

By the way, do you know about Mergify? Organisations using GitHub primarily are using Mergify to get repetitive things done. It is completely free for OpenSource projects and have proven to skyrocket developer productivity. If you have still not tried Mergify and don't know about how Merge Queues can create a loss of over 1 Billion USD, learn about from here. The best part about the gear is: It is completely integrable to GitHub 💪

Follow us on our socials to get latest technical crunches, every time we post 🥷🏻