Source – zdnet.com
At its GitHub Universe conference this week, GitHub is announcing a series of automated coding features, demonstrating how machine learning and data science can be applied to software development.
The new tools will leverage the intelligence aggregated on the online code sharing and development platform over its nearly 10 years in existence, helping developers track dependencies, keep code secure and discover new projects.
The new features are “just the start of a longterm roadmap,” Jason Warner, SVP of technology at GitHub, told ZDNet. As the development of AI and machine learning accelerates, GitHub wants to start an open conversation, he said, about “what it’s possible to do if we point that right back to software.”
“We understand that GitHub is uniquely positioned in the world to have this conversation in a lot of different ways, and we want to take that position incredibly seriously,” he said. “Developers are the most creative, powerful force in the global economy, and that will only increase in the future. Our mission is to enable them.”
First, GitHub is introducing the new dependency graph, which gives developers insight into the projects their code depends on, as well as projects that depend on their code. It can provide insight such as whether the software is up to date, its security vulnerabilities, its license and whether it’s still supported by a community. It currently supports Ruby and JavaScript, with Python support to follow.
GitHub will soon roll out security alerts. The dependency graph will track when dependencies are associated with public security vulnerabilities and will alert developers. In some cases, it will suggest a known security fix from the GitHub community. GitHub says the security alerts should be the first in a collection of new security tools.
“People are using dependencies more than ever, we see these numbers growing,” Miju Han, GitHub’s engineering manager for data science, told ZDNet. “What that means for open source is that people downstream are dependent on code our developers write as well.”
Tracking dependencies is often a necessary task for companies facing compliance requirements, but it can be a tedious, manual process. Many open source projects don’t have the bandwidth to do it, while larger organizations have specific security teams to handle it. The dependency graph was designed with both in mind.
GitHub is also rolling out a new “discover repositories” feed on its dashboard, giving developers recommendations of projects to explore from the more than 25 million active repositories on the platform. The recommendations are tailored to a developer’s interests based on the people they follow, repositories they star and what’s popular on GitHub. GitHub has also redesigned the Explore experience to connect developers with curated collections, topics, and resources from GitHub contributors.
“We’re hoping the newsfeed is the start of truly understanding the contribution funnel,” Han said. “That’s important because we know maintainers need more help on their projects. It’s no secret being an open source maintainer is really hard.”
Ultimately, GitHub wants to free up developers to think creatively and do their best work.
“What we’re seeing today is the world coming online and writing software,” Han said. “It’s happening very fast, especially in Asia. Writing software, however, is really hard, and there hasn’t been a huge amount of innovation, arguably in the last 20 years. What we want to do is further democratize software while at the same time leveraging the collective intelligence that we have to make sure people are doing development right — we want to scale quality and as quantity is organically happening all over the world.”