We are glad to have you here with us. As the pulse of the open-source community, GitHub is full of new projects, groundbreaking features, and daily collaborative efforts.
Welcome to the first edition of OctoInsider: The GitHub Community Digest
Hello dear readers!
We are glad to have you here with us. As the pulse of the open-source community, GitHub is full of new projects, groundbreaking features, and daily collaborative efforts.
Our newsletter aims to bring you the most exciting news, updates, and stories from the GitHub community to your inbox. It does not matter if you just get started with GitHub or are already an expert in the field; there is something here for everyone.
We want to thank you for subscribing to this newsletter, and we hope that each edition will provide you with valuable insights, learnings, tips, and inspiration.
So stay tuned for the latest trends, fascinating projects, and impactful contributions from across the globe. Let us dive into the world of GitHub together!
What is happening at GitHub
The GitHub Copilot family is growing! There is now a new offering available in the form of GitHub Copilot Enterprise. We already had GitHub Copilot for individual use and GitHub Copilot Business available. With GitHub Copilot Enterprise we got some extra features on top of business:
Conversations tailored to your organization’s repositories
Access to knowledge from top open source repositories
Pull request diff analysis: chat with the PR and have Copilot explain what the code is about
Copilot chat is also available directly in the browser on thegithub.comwebsite
And coming soon for this new offering:
Fine-tuned models (add knowledge from your repos to your Copilot index)
In the beginning of the year, GitHub released their first set of four different Certification Exams. These are tailored for you to show that you are an expert in the defined areas of using GitHub:
GitHub Foundations
GitHub Actions
GitHub Advanced Security
GitHub Administration
At Xebia we have the first trainings available for Foundations and Actions:
GitHub Foundations
In GitHub Foundations you will learn all about the basics of being a GitHub user, across all the different tools in the GitHub, so from Git to Codespaces, and from Advanced Security to Copilot. This training is an excellent starting point to learn the foundation of GitHub.
GitHub Actions
With GitHub Actions you will learn everything there is to know about using GitHub Actions on your repos: from normal Continuous Integration and Deployment (CI/CD) to generic workflows to automate everything around your repository, such as welcoming new community members.
Compared to Azure DevOps, the issue or task management side in GitHub was considered weak. No templates, no complicated forms and customalizations, no hierarchical layers...it looked like Azure Devops boards was miles ahead.
I personally do like the simplicity of GitHub issues. Just two fields (title and description), markdown support and some meta data like labels and milestones; it was all I needed. But if you do want some more advanced planning and maintenance, then you need to look into GitHub Projects.
GitHub wrote an interesting piece on how they use Projects to manage their work, worth a read and see if you can do without the Azure DevOps boards.
We have seen an interesting new attack vector happening with GitHub repositories, where an attacker creates a repository with a remarkably similar name to the original repo, adds an attack to it (e.g. malware), and then trying to get developers to use the new repo by naming this repo in comments on e.g. forums.
This type of attack is called naming-confusion and has been misused on other ecosystems as well, like npm and PyPi. For a developer it is extremely hard to tell the difference between the following two names:
WhatsappBOT
Whats-App-BOT
Most of the malicious repos have been quickly removed by GitHub. However, this becomes then a cat-and-mouse game who can run the create/deletion the fastest. There is no tangible way to deal with these types of attack, except for being very diligent in the repos that you use and clone from. Check for example the number of contributors, releases, issues, pull requests, and the Insights tab on the repo to gauge if this is a proper repo with a thriving community. The malicious repos are very new and will have small numbers of interactions.
More info about this type of attack in the blogpost linked below.
You could already use Copilot inside the JetBrains tools like Rider, but you missed the chat functionality for Copilot which you do have in Visual Studio Code. So I was pleased to see that this was available as a private beta some months ago and have been using it since.
The normal integration allows you to tab for suggestions, but with the chat option you can now directly instruct Copilot to make changes. Like explaining code, enhancing or refactoring it, creating tests for etc.
This functionality is now general available, so when you have GitHub Copilot, you can now also use the JetBrains tools to chat with the model.
Thanks for reading this edition of the OctoInsider newsletter! If you didn't already, subscribe here to get the next edition straight into your inbox. If you have interesting news for us, let us know! We are always looking for things that are happening on the GitHub ecosystem.
Rob Bos
Rob Bos is a passionate software engineer and open-source enthusiast with a strong focus on GitHub-related projects. With a background in computer science, he has contributed significantly to various repositories and demonstrated expertise in several programming languages.
Michiel van Oudheusden
Michiel van Oudheusden is a seasoned Microsoft .NET developer, consultant, architect, and manager. His passion lies in web applications, cloud systems, and backend development. With a strong focus on Agile methodologies, he has successfully coached Scrum teams and managed product and technology teams.
