As the curtains rose at the GitHub Universe developer conference today in San Francisco, open-source code repository GitHub announced an array of new products designed to embrace collective work by developers and enhance security.

Newly added by the company, GitHub Actions and GitHub Connect will affect developer workflows with code execution on the platform and provide increased connectivity between teams. Additionally, new tools such as the GitHub Security Advisory, Security Vulnerability Alerts for Java and .NET and the Token Scanner for Public Repos will help automate security.

According to the 2018 Octoverse report, also released today by GitHub, the platform is host to more than 31 million developers and houses more than 96 million repositories using in excess of 500 terabytes of data. Some 2.1 million organizations are using the platform, up 44 percent from last year.

The first new product is GitHub Actions, which gives developers the opportunity to execute and test code directly on GitHub’s servers. With Actions, developers will be able to build, share and execute code inside containers directly on the platform with only a few simple steps.

Image: GitHub

“By applying open-source principles to workflow automation, GitHub Actions empowers you to pair the tools and integrations you use with your own custom actions or those shared by the GitHub community, no matter what languages or platforms you use,” said Jason Warner, GitHub’s senior vice president of technology.

It will be possible to automate any task that a project requires. For example, if a build needs to package a container module, send a Short Message Service alert or deploy production-ready code to the cloud, it’s possible to create a GitHub Action job that can execute this. GitHub Actions is currently in limited beta and is available for signups.

To unite developer experience across all repositories, users will have GitHub Connect with Unified Business Identity, Unified Search and Unified Contributions. Between these services, developers will gain a greater ability to share and access data between different silos, allowing easier connectivity to public data and communities.

“Developers should have the same, seamless experience, no matter where their companies deploy GitHub,” Warner said. “GitHub Connect begins to break down organizational barriers, unify the experience across deployment types, and bring the power of the world’s largest open-source community to developers at work.”

Unified Business Identity is available for GitHub’s Business Cloud service, which allows administrators to easily manage user accounts that exist across separate Business Cloud installations. That way the same employee, who might have accounts on separate cloud installs, can be managed in one place. This allows businesses to improve billing, licensing, permissions and policies using a single back end interface.

Unified Search and Contributions, available for GitHub Enterprise, makes available to developers the ability to search both public repositories on GitHub.com and private repositories in Business Cloud installations without needing to leave GitHub Enterprise.

That makes looking through code easier, faster and requires less context switching, which is when a user must change between apps in order to get different tasks done. For developers, it also means that their code is more readily available to colleagues and it’s simpler to track down and use.

Since security can be complex, GitHub announced the Security Advisory API, an application programming interface that allows developers to integrate public service security advisories directly into their applications.

To power GitHub’s security features, the platform aggregates and validates security vulnerabilities across millions of projects. Should one pop up, the API provides quick access to the information. This information can then be integrated into the tools and services the developers and researchers use.

Extremely complex code sets depend heavily on other projects, libraries and code, with GitHub Vulnerability Alert for .NET and Java, developers who use these languages will get a heads-up if any dependent code has a security exploit. These two languages have been added in addition to existing support for JavaScript, Ruby and Python.

Image: GitHub

Finally, GitHub Token Scanning for public repositories will help prevent embarrassing leaks of security and cryptographic tokens, which can happen when a developer accidentally commits code that has a hard-coded cryptographic key.

With the Token Scanning service, GitHub will stay constantly vigilant to submitted code, check it against known token formats, and then alert the provider if something looks like it might be a cryptographic key or security token. The commit will then be held for validation by the provider and the account owner contacted to issue a new token.

Image: GitHub