►
From YouTube: GitHub Africa Meetup -The Best of Universe
Description
GitHub is excited to invite you to join us for “The Best of Universe”!
GitHub Universe is GitHub's annual 3 day conference. This year we held it virtually, and The Best of Universe will take you through more than a dozen of our 40 amazing sessions. These include:
- The latest Features launched in GitHub Enterprise Server
- CodeSpaces
- Actions
- CodeQL
- Security Practices
- How GitHub works to pay down technical debt on GitHub itself
- Development tips from several of our partners
We will wrap with a zoom event where you’ll be able to network and connect with GitHub representatives. Please join us on Tuesday, January 12th at 16:00 WAT!
A
A
A
Hi
everyone
good
good
morning
from
from
california
good
afternoon
good
evening,
welcome
to
another
edition
of
our
african
meetup.
My
name
is
martins
and
today
we
will
be
going
through
some
of
the
the
best
of
gear
of
universe.
2020.,
like
I
said,
my
name
is
marcus.
A
I'm
an
account
executive
here
at
github,
and
so
today
me
and
my
team
at
the
back
at
the
back
end,
we'll
be
going
showing
you
through
some
of
the
the
best
clips
that
we
had
through
our
december
conference,
so
the
first,
the
first,
the
first
clip
that
we'll
be
showing
you
it's
the
our
keynote
from
our
c
ceo
nat
friedman
and
over
the
course
of
of
today's
meeting.
You
will
see
a
bunch
of
products
highlights
that
we
launched
during
our
universe
event.
A
So
please
stay
tuned,
and
let
me
know
where
you
where
you
guys
are
watching
from
what
are
you
from
kenya,
south
africa?
Just
let
me
know
in
the
chat
where
you
guys
are
watching
from
so
let's,
let's
get
started
without
much.
I
do
let's
aj.
Are
you
ready?
Let's
see
the
keynote
from
nat
friedman.
B
Good
morning
welcome
to
github
universe.
Today
we
are
going
to
walk
you
through
how
we
use
github
at
github
and
along
the
way,
show
you
some
of
the
really
cool
new
features
we've
been
building,
let's
check
it
out.
I
start
my
morning
with
the
github
mobile
app.
I
check
out
my
notifications
and
I
catch
up
with
my
favorite
communities.
B
B
C
With
github
mobile,
not
only
do
I
get
push
notifications
for
things
like
comments,
but
I
can
keep
working
on
any
of
my
repositories,
no
matter
where
I
am,
let's
jump
to
nao's
pull
request
and
take
a
look
with
ui
changes
like
this.
Sometimes
it's
hard
to
know
if
everything's
working
just
by
looking
at
the
diff.
B
Tens
of
millions
of
developers
use
github,
but
so
do
hundreds
of
thousands
of
companies,
including
some
of
the
biggest
in
the
world.
For
those
users,
we've
been
hard
at
work,
adding
all
the
new
features
you
saw
today
to
github
enterprise
server,
so
you
get
all
the
power
of
the
best
teams
in
the
world
running
on
your
company's
network.
That
includes
github
actions,
packages,
code
scanning
and
support
for
the
native
github
mobile
apps.
All
of
this
is
available
in
a
major
new
release.
We
call
github
enterprise
server
3.0.
A
All
right
hope
you
enjoyed
that,
so
that
was
our
c.
A
ceo
nat
friedman
talking
through
his
keynote,
so
the
next,
the
next
topic
we'll
be
talking
through,
is
accelerating
software
development
with
github
enterprise.
So
basically
he
like
he
was
you
were
hearing
not
talking
about
just
now.
We
released
github
enterprise
2.0.
A
So
in
addition,
within
that
release,
we
we
we
had
updates
on
github
packages,
get
of
actions,
code
scanning
secret
scanning.
We
we
also
released
our
ios
mobile
and
android
apps,
so
I'll
be
let's,
let's
dive
in
into
the
next
section.
It's
accelerating
software
development
with
github
enterprise.
D
D
Our
enterprise
server
includes
github
actions,
packages,
advanced
security
code
scanning
and
secret
scanning,
and
also
comes
with
support
for
our
ios
and
android
apps.
As
I
mentioned,
one
of
the
big
things
that
we've
been
working
on
this
year
is
to
add
gear
events
to
the
enterprise
cloud
audit
log,
and
I'm
just
going
to
show
you
briefly
how
that
works.
D
D
I
can
query
both
git
and
github
events
at
the
same
time,
if
you
want
to
or
just
one
or
the
other,
you
can
also
export
those
get
events
just
here
and
you'll
get
hub
events
next
year,
we'll
be
adding
those
get
events
to
this
ui
as
well
just
want
to
touch
briefly
on
some
branch
protection
rules
and
how
we're
extending
them.
D
You
might
have
seen
a
little
bit
of
this
in
the
keynote
if
you
manage
to
watch
it
so
here
I
have
a
couple
of
branch
protection
rules
set
up,
which
means
that
any
code
changes
need
to
be
reviewed.
First
of
all,
by
a
third
party
and
then
by
my
code
owners.
Normally
often
a
security
or
expert
team
before
they're
merged
in
github
has
also
recently
expanded
the
same
concept
to
environment
protection
rules.
So
if
you're
using
github
actions
for
your
ci
cd
flows,
you
can
put
in
checks
on
environment
deployments.
D
D
We
can
see
a
pull
request
that
has
been
merged
in
and
then
deployed
through
my
environments
and,
as
per
my
rule,
it
has
been
approved
by
me.
This
is
one
of
the
biggest
things
that
we've
shipped
in
the
last
few
months
and
in
this
fame
we're
now
announcing
a
new
change
to
how
we
release
enterprise
server.
D
We
will
start
every
feature:
release
with
a
release:
candidate,
build
that's
a
build,
that's
gone
through
full
github
testing,
but
one
that
we're
putting
out
there
for
you
to
pick
up
test,
try
bash
around
and
give
us
feedback
on,
and
when
we're
happy,
based
on
your
feedback
that
it
is
very
stable
release
we'll
ga
it.
I
think
this
is
going
to
make
a
big
difference
to
the
overall
reliability
of
the
product,
and
I'm
excited
for
this
change.
So
github
has
really
built
the
community
standard
for
automation
with
github
actions.
D
Now
our
security
capabilities
have
grown
massively
over
the
last
year.
Advanced
security
offers
both
code
scanning
and
secret
scanning,
which
are
automated
security
scanning
tools
and,
in
addition
to
that,
our
dependency
alerts.
Automated
security
fixes
in
the
advisory
database
and
making
sure
that
both
private
and
open
source
repos
are
staying.
Secure.
A
Right,
I
hope
you
had
you.
You
had
a
good
time
with
that
section,
so
my
favorite
part
of
that
section
is
really
bringing
date
of
actions
to
the
server
bringing
git
of
actions
to
github
enterprise
server.
That
has
been
in
the
works
for
a
long
time,
so
I'm
really
excited
that
has
finally
come
to
github
enterprise
server,
okay,
so
the
next.
The
next
clip
is
I'll,
get
up
code
spaces
launch
get
up
code
spaces
basically
lets
you
write,
write
your
code
on
on
on
github
right
in
the
browser.
A
So
I'm
really
excited
about
this,
like
I've
been
talking
about
a
lot
of
I've
been
talking
to
a
lot
of
engineers
that
are
pretty
excited
about
get
up
code
spaces.
So,
ideally,
the
whole
point
is
to
make
sure
that
you
have
a
full
fledged
id
in
the
browser.
So
that's
the
goal
of
getting
code
spaces.
So,
let's
dive
right
in.
A
E
Hi
everyone,
I'm
bailey,
I'm
here
with
matthew
and
we're
both
product
managers
on
github
code
spaces.
Earlier
there
we
announced
github
code
spaces
at
satellite
and
the
excitement
from
the
community
was
overwhelming,
to
say
the
least.
It
was
amazing
just
how
excited
the
community
was
to
be
able
to
have
a
cloud
dev
environment,
so
you
can
go
from
a
repo
on
github.com
to
a
running
code
space
within
seconds
without
any
setup
or
configuration.
E
E
E
The
goal
for
most
of
us
is
to
write
great
code
that
ships
value
to
our
customers,
the
open
source
community
ourselves.
Whoever
that
audience
is
the
goal
is
not
to
spend
your
time
doing:
local
dev,
environment
management,
although
it
can
consume
a
lot
of
your
time,
and
it
may
not
be
your
job.
Your
company
might
have
a
person
or
a
team
where
this
is
such
a
problem,
that
it's
become
their
job.
E
F
The
way
we
get
to
code
spaces
is
right
from
this
page.
We
can
go
to
the
code
button
and
right
inside
this
drop
down.
We
can
open
this
project
inside
of
a
codespace,
so
let's
go
ahead
and
do
that
and
talk
about
what's
happening
and
what
that
offers
us
for
this
project.
So
I've
created
this
code
space.
I
was
using
it
pretty
recently
and
I'm
going
to
jump
in
and
just
resume
an
existing
code
space.
F
So
you'll
see
we
connect
here
and
we
land
in
what
fields
and
really
is
vs
code
and
it's
vs
code
in
the
browser
and
for
me
personally,
this
feels
a
lot
like
home
and
the
reason
is
because
I
use
the
github
dark
theme
and
this
is
using
the
github
dark
theme.
But
if
I
had
another
theme
I
could
have
that
set
up
and
synced
across
my
code
spaces
as
well.
F
You
can
see,
I
have
my
custom
bash
prompt
here
and
my
dot
files
are
synced
over
automatically.
So
I
really
have
everything
that
makes
this
feel
like
I'm
developing
locally
you'll
even
see.
There
are
some
extensions
that
aren't
standard
here
that
don't
come
automatically
out
of
the
box,
so
I'm
also
able
to
bring
in
the
extensions
that
I'm
used
to
that.
I
like
to
work
with
and
use
them
all
inside
of
the
browser
for
this
code
space.
I
have
an
editor.
I
have
an
editor
in
the
cloud.
F
F
F
So
what's
going
to
happen
here
is
we're
going
to
connect
to
a
forwarded
port
from
this
code
space
and
it's
going
to
load
our
app
so
you'll
see.
I
have
this
app
called
haikus
for
mona
and
we
have
some
of
those
octa-cats
that
martin
was
just
talking
about,
and
I
have
little
haikus
that
we've
written
about
some
of
these
octa-cats,
and
this
is
really
cool.
I'm
running
a
node
app.
It
has
a
postgres
database
backing
it.
F
It's
not
super
complex,
but
I'm
able
to
get
the
full
app
running
with
a
container
for
my
web
service
and
with
a
container
for
my
database.
I
can
interact
with
it.
I
can
do
everything
I
would
do
to
build
this
app
locally
and
that
port
is
just
forwarded
on
securely
to
me,
but
we
also
again
have
vs
code
here,
so
we
can
do
more
than
just
run
our
app.
We
can
debug
our
app.
F
So
let's
go
ahead
and
run
this
app
with
our
debugger
attached.
So
you'll
see
we
have
the
app
our
port.
3000
is
forwarded
again
and
what
we're
going
to
do
here
is:
let's
just
set
a
breakpoint,
so
I'm
going
to
create
a
little
bit
more
space
here
and,
as
I
said,
this
is
a
pretty
basic
node
express
app
and
we
have
some
endpoints
that
are
defined
here
and
we
have
this
endpoint
for
for
the
heart
experience,
so
I
can
go
ahead
and
heart,
something
and
like
it
and
the
counter
goes
up.
F
We
hit
our
breakpoint,
so
we
can
jump
over
here.
We
can
actually
look
at
the
stack.
We
can
look
at
the
request
that
came
in
here.
We
can
step
through
this
function.
This
is
super
powerful.
I'm
able
to
you
know,
run
a
full
debugger
of
my
app
in
the
browser,
but
I
also
like
to
spend
a
lot
of
my
time
using
vs
code
locally,
and
I
want
to
go
from
vs
code
and
connect
to
my
code
space,
and
I
can
do
just
that.
F
So
what's
going
to
happen
here
is
this
is
going
to
take
a
second
it's
going
to
set
up
our
connection
and
then
we're
going
to
have
our
entire
code
space
in
just
the
state
that
it
was
right
because
we're
connected
to
that
remote
machine.
So
you
can
see
my
changes
are
here
and
I
can
go
ahead
and
if
we
want
to
make
our
commits
from
here,
updates
for
live
demo
can
go
ahead
and
make
our
changes.
F
F
So
if
I
go
back
to
the
web,
we
can
see
this
full
end
to
end.
I'm
going
to
use
the
command
line
with
this
nifty
little
trick
to
go
back
to
the
repo
and
you'll
see
updates
for
live
demo.
Here's
our
commit
you'll
see
that
it
kicked
off
github
actions.
So
it's
now
running
my
tests
and
we
did
all
of
this
from
the
code
space.
A
All
right
did
you
how?
How
did
you
how
how
how
did
that
look
to
you?
Have
you
tried
github
code
spaces
already,
do
you
know
you
can
actually
go
get
access
right
now.
So,
if
you
haven't
tried,
get
up
code
spaces
at
all,
go
to
github.com
features,
slash
code
spaces
and
you
can
sign
up
for
daily
access.
So
my
my
I
love
codespaces
developers
are
pretty
excited
about.
A
It
so
definitely
go
check
it
out
and
sign
up
for
it,
and
let
me
know
in
the
comment
section
if
you've
tried
cut
spaces
before
all
right,
so
the
next,
the
next
clip
it's
about
git
of
actions,
continuous
delivery
with
github
actions,
chris
patterson,
one
of
our
senior
engineer
leaders
here
we
go
take
you
through
git
of
actions
and
you
will
see
integrated
activity,
log
visually
tracking
progress
of
complex
workflow.
So
let's
dive
dive
in
again.
G
Github
actions
has
grown
massively
right
now
we
run
about
75
million
jobs
at
the
slide,
says
73,
but
I
looked
this
morning's
about
75
million
different
jobs
a
month
across
a
wide
variety
of
workloads.
Ci
is
probably
the
most
common
thing
that
people
absolutely
absolutely
automate,
but
the
amazing
growth
has
really
come.
I
think,
due
to
the
community
and
if
we
look
across
sort
of
all
of
the
different
ci's
that
happen
on
github.
G
We
definitely
believe
actions
is
by
far
the
the
number
one
we
we
we
seem
to
do
the
most,
at
least
from
what
we
can
see.
We
actually
see
closer
to
10
000
different
actions
used
across
different
organizations,
and
we
think
that's
pretty
incredible,
because
that
means
people
are
are
both
using
the
community,
but
also
taking
advantage
of
of
using
actions
within
their
own
organizations.
G
What
we
implemented
was
protected
environments
and
the
idea
here
is:
we
wanted
to
prevent
unauthorized
deployments
and
in
order
to
to
think
about
how
that
might
work
with
with
github
actions.
In
fact,
you've
seen
this
this
on
the
roadmap.
If
you
looked
at
our
public
roadmap,
we
have
something
called
manual
approvals.
G
So
this
is
configured
on
your
repo
settings
outside
of
the
workflow
and
when
you
try
to
deploy
to
a
given
environment,
if
a
set
of
reviewers
is
required,
the
system
will
pause
that
job
before
it
ever
goes
to
a
runner
and
send
out
a
series
of
notifications
and
require
a
person
in
this
list
or
or
somebody
in
a
team
to
come
and
say
it's
okay.
For
that
job.
G
To
continue
to
deploy
to
that
environment,
we
heard
from
a
lot
of
people
that
you
know
they
want
to
be
able
to
track
what
is
currently
in
a
particular
environment
whether
that
environment
is
production
or
if
that
environment
is
a
staging
or
whatever
starting
to
build.
This
new
activity
log
here
is
is
part
of
our
goal
to
to
really
move
in
that
direction,
and
this
is
kind
of
where
this
kind
of
four-ish
new
capabilities
comes
in,
because
this
deployments
view
actually
exists
in
github.
G
We
wanted
to
give
you
a
much
better
way
to
visually
track,
how
your
workflows
are
progressing.
You
know,
as
you
have
these
more
complex
workflows,
particularly
ones
that
do
sort
of
pipeline
style
deployments
to
different
environments
or
maybe
have
rich
matrices
or
other
concepts
having
the
ability
to
see
where
those
go
and
sort
of
track
their
progress.
G
At
this
very
visual
level,
we
think,
improves
just
the
overall
usability
of
actions,
the
usability
of
more
complex
workflows
and
the
ability
to
debug
potential
issues,
and
we've
also
started
to
do
some
other
work
to
integrate
in
other
places.
I
think
you
saw
in
the
keynote
nat
had
a
really
neat
little
vignette
at
the
end
where
he
launched
dark
mode,
and
you
saw
sort
of
a
sneak
preview
of
some
work,
we're
doing
with
the
mobile
app.
G
We've
also
done
a
lot
of
work
with
the
team
who
works
on
the
slack
integration
to
integrate
those
there
and
you'll
start
to
see
these
roll
out
again,
and
we
we
think
that,
as
we
use
all
of
these
endpoints
for
github,
we
can
really
help
drive
that
culture
of
of
rapid
deployment
and
unblocking
your
team
from
where
you
are
exactly
how
you
need
to.
We
think
that
all
those
things
together
really
do
add
up
to
the
ability
to
do
very,
very
rich,
continuous
delivery
workflows
with
github
actions.
G
A
All
right
how
how
was
that?
Let
me
know
if
you've
used
github
actions
before
if
you've
tried
out
before.
So.
Basically,
you
just
saw
how
we
do
you.
You
can
do
continuous
integration
with
github
actions.
So
now
my
other
colleague,
brian
doogie,
b,
doogie,
is
going
to
show
you
how
to
actually
use
github
actions
how
to
gain
traction
with
github
actions.
So,
let's
dive
in.
H
I
think
what
a
lot
of
people
kind
of
think
of
github
actions,
as
is
ci,
and
I
even
saw
this
in
twitter
github
universe-
check
out
the
twitter
feed
there.
Someone
brought
up
with
the
continuous
delivery
features
like
what.
What
is
what
does
that
mean
for
containers
integration?
H
I
think
they're
sort
of
conflating
everything
into
one
which
is
fine,
because
that's
what
github
actions
is
and
if
you
zoom
back
a
bit,
it's
all
about
workflow
automation,
automation
that
automating
yourself
to
get
back
to
the
code,
and
I
bring
this
up
because,
when
jason
warner
stood
on
stage
a
couple
years
ago,
at
github
universe,
he
he
presented
actions
as
a
feature
for
developers
to
get
back
to
what
they
want
to
do.
H
So,
if
you're
constantly
doing
all
this
tedious
checking
in
like
hitting
up
slack
telling
your
your
co-workers
to
review
your
prs
like
you
could
automate
all
that
stuff
and
the
beauty
of
this
is
that
github
actions
basically
gets
you
back
to
what
you
want
to
do,
which
is
right
code.
H
Actually
he
has
this
lighthou
lighthouse
action
and
the
one
thing
that
I
do
for
my
deployments
is:
I
deployed
to
netlify
and
the
reason
why
I
chose
this
is
that
every
time
there's
a
netify
deploy
preview
on
my
project,
which
is
opensource,
I
actually
get
an
entire
preview
directly
linked
inside
of
my
pull
request,
which
is
beautiful,
because
I've
been
using
this
other
action,
I
built
called
loglify,
which
also
brings
my
previews
into
the
deployment
logs.
H
First
and
foremost,
I
don't
have
an
example
about
this
in
cd,
yet
because
it
again
they
just
launched
yesterday.
But
what
I
like
about
this
is
that
I
get
lighthouse
scores
every
time
I
open
a
pr.
So
if
I
have
a
pr
from
someone
else,
because
I
just
open
source
project
anybody
else
in
the
community,
I
actually
can
find
out
if
I
have
like
a
degradation
of
my
lighthouse
score
or
performance
or
accessibility
right
there
in
line
with
the
pr
and
when
I
talk
about
sort
of
identifying
repetitive
tasks.
H
H
So
that
way,
not
only
in
my
actual
logs,
but
also
in
the
pr
comments,
and
it's
all
powered
from
this
one
action
which
is
beautiful
and
like
you're,
probably
thinking
you
know,
white
house
is
already
embedded
in
chrome
like
you
just
open
up
the
chrome
tab
and
like
this
know
what
you're
doing
and
check
that
before
you
merge
in
pr
and
the
thing
is,
I
won't
do
that.
I
won't
do
that
for
anybody's
prs.
H
I
want
this
to
be
automated
and
get
myself
back
to
writing
my
own
code,
and
I
have
to
do
that
for
every
time
my
pr's
open
up
on
my
project.
So
I
bring
this
up
shout
out
to
the
artifacts
too,
as
well
like
actually
having
the
report
in
line
inside
my
logs
as
well.
It's
just
a
beautiful
experience.
A
How
was
that?
Did
you
enjoy
that?
So
the
the
core
thing
about
git
of
action
is
not
just
ci
cd,
you,
you
can
automate
repetitive
tasks,
so
like
brown
was
saying,
yeah
there's
a
lot
of
actions
already
been
built
already
been
built
by
developers
on
github
over
6
000
actions
now
so
definitely
go
in
there
and-
and
you
know,
pick
and
choose
what
you
want
to
use.
So
the
the
the
next
thing
you
know,
continuing
the
on
the
product
features
team
is
talking
about
github
discussions.
I
I'm
really
excited
about
talking
about
building
your
community
with
github
discussions
which,
as
of
tuesday,
is
available
for
all
repos
and
public
beta,
and
so
thousands
of
you
have
turned
it
on
since
then.
I
want
to
quickly
talk
about
the
open
source
ecosystem
and
why
github
discussions
exist
in
the
first
place.
I
I
Someone
will
open
up
a
pull
request,
it'll
get
merged
and
boom,
it's
slated
for
a
new
release
and
it
goes
out
into
the
world
and
people
use
the
new
thing
so
already
there's
something
missing,
and
that
is
where
the
conversation
lives
and
that's
because
it
usually
lives
over
here
outside
of
the
cycle,
products,
ignite
ideas
and
facilitate
conversations,
and
that
conversation
ends
up
in
chat,
applications,
forums,
social
news
and
basically
sometimes
github.
Issues
want
to
keep
q
a
and
conversation
separate
from
github
issues,
but
we
also
don't
want
those
to
be
completely
detached
either.
I
I
Now.
If
you
have
issues
that
should
be
discussions,
you
can
cover
those
individually
convert
them
in
or
in
bulk.
So
if
you
wanted
to
do
it
in
bulk,
you
can
go
here
to
the
label
section
here.
We
selected
the
question
label,
obviously
probably
the
best
one,
for
that
is
a
q,
a
category
and
there
you
go.
I
All
you
have
to
do
is
click
that
button
and
you're
going
to
convert
those
from
your
issues
over
to
your
discussions,
and
you
can
see
that
over
on
your
discussions,
page
every
repository
comes
with
a
default
set
of
four
categories:
general
ideas,
q,
a
and
show
and
tell
but
these
can
be
modified.
I
think
the
most
important
thing
about
categories
is
that
you
get
to
set
the
tone
here
to
help
the
community
know
what
to
expect
and
where
to
go.
Let's
get
directly
into
the
mechanics
of
marking
an
answer.
I
So
anyone
with
triage
plus
access
or
the
author
can
do
this,
and
this
is
kind
of
what
it
looks
like
when
you
find
an
answer
to
a
question.
You
can
click
on
the
check
box
and
a
great
box
will
appear
and
you
can
see
who
marked
the
answer
and
it'll
be
recorded,
so
you
can
even
see
who
marked
it
right
underneath
now
we
have
all
the
tools
that
we
need
to
manage
existing
discussions.
Let's
talk
really
briefly
about
some
enhancements.
We
have
to
improve
the
community's
interactions
and
first
things.
I
First,
you
can
see
right
here,
there's
a
leaderboard
on
the
right
hand,
side
and
it
shows
people
with
the
most
answered
discussions.
Finally,
I
wanted
to
briefly
talk
to
you
about
what
you
can
do
with
triager
write,
maintainer
and
admin
permissions
and
as
far
as
discussions
go,
people
with
write
maintain
admin.
Access
can
basically
do
the
same
thing
with
two
exceptions.
So
people
with
maintain
and
admin
access
can
enable
discussions
all
together
from
the
settings
page
and
also
they're,
the
only
ones
who
can
create
and
edit
categories,
but
otherwise
they
have
the
same
permissions.
I
And
that's
basically
it
that's
what
you
have
so
we
talked
about
getting
started
categories.
New
discussions,
marking
answers
how
you
can
use
the
information,
the
site
to
provide
recognition
and
how
to
moderate
and
keep
the
community
healthy.
So
here's
an
example
here
where
snowpack
has
used
the
a
pin
discussion
as
their
change
log,
and
so
it's
kind
of
pinned
at
the
top.
A
All
right
thanks
thanks
for
for
that,
so
the
next
we've
been
talking
about
a
lot
of
topics
of
product
features
on
github.com
and
guild
of
enterprise,
so
we
want
to
transition
now
to
security,
how
we're
thinking
about
security
at
github
and
how
you
should
think
about
security
on
your
own
projects
too.
So
to
kick
yourself
on
that
is
erica.
Brescia
erica
is
our
chief
operating
officer
here
at
gita,
so
let's
get
in
into
get
up
enterprise
and.
J
Security
github
is
where
the
world
builds
software
over
50
million
developers,
trust
github
to
collaborate,
test,
build
and
deploy
code,
including
over
70
percent
of
the
fortune
50..
In
fact,
in
the
last
year,
over
60
million
new
repo's
were
added,
and
over
1.9
billion
contributions
were
made.
Those
are
some
seriously
big
numbers.
The
stability
and
resilience
of
our
global
platform
is
critical
to
providing
developers
with
a
platform
they
can
count
on.
Github
enterprise
is
built
on
the
same
principles
as
github.com
and
as
a
result
benefits
from
the
years.
J
We've
spent
optimizing
the
platform
to
be
trusted
reliable
and
resilient
from
day.
One
we've
focused
on
building
great
products
and
experiences
for
the
developers
who
spend
their
days
or
their
nights
on
github
from
pull
requests
to
code
spaces
actions
to
code
ql
and
everything
in
between
our
vision
is
to
build
the
home
for
all
developers,
whether
they're
working
on
a
fun
side,
project
or
building
mission,
critical
software
for
a
fortune
500.
J
A
All
right
so,
let's
say
you've
committed
a
secret,
a
secret
in
your
code
before
so.
How
do
you
deal
with
that?
So
in
our
next
section,
our
senior
prayer
manager,
sasha
rosenberg,
will
talk
to
you
through
how
we
are
dealing
with
our
github
and
specifically
how
we're
dealing
with
secrets
managing
secret
scanning
here
at
get
up.
So
let's
dive
in
and
see.
K
We're
going
to
talk
about
this
state
of
security
today,
so
my
favorite
analogy
for
this
is
imagine
that
you
just
built
your
most
amazing
favorite
mansion
and
you
have
just
installed
all
the
most
expensive
furniture
and
all
the
most
expensive
appliances,
and
you
just
forgot
to
install
doors.
So
this
is
sort
of
how
we
treat
security
today
we
just
kind
of
say:
okay,
we
have
time
for
this.
We're
just
gonna
first,
deliver
on
all
the
features
and
then
we're
gonna,
basically
add
some
locks
on
the
doors
and
some
doors
to
our
invention.
K
Right
because
features
is
what's
important.
If
we
look
at
the
chart
of
how
we
deliver
code,
then
we
actually
see
that
the
more
lines
of
code
we
write
the
more
security
threats
we
actually
introduce,
and
so
we
don't
learn
from
our
mistakes.
We
just
basically
continue
committing
bugs
and
moving
on
and
just
like
committing
secrets,
committing
security
vulnerabilities
into
our
main
code
base,
and
despite
that,
as
developers,
we
often
treat
it
this
way.
So
we
just
basically
say:
okay,
it
works
in
dev.
K
So
it's
security
problem
now
right,
so
I
have
developed
my
code.
I
committed
all
my
stuff,
and
now
I
can
just
get
and
ship
it
to
security,
and
then
security
is
going
to
fix
it
all
for
me,
but
we
know
that
that's
not
possible
because
there's
so
many
more
developers
than
security
professionals.
K
Basically,
we
have
about
45
million
estimated
developers
and
only
70
000
estimated
security
researchers
in
the
world.
So
today
I'm
going
to
basically
talk
about
how
github
can
help
you
fix
your
security
issues
for
you.
So
we
have
a
large
number
of
features
in
github,
advanced
security
that
can
help
you
integrate
security
into
your
developer
experience.
So
it's
not
extraneous
to
what
you
do,
but
rather
it's
shifted
all
the
way
left
and
integrated
into
your
development
life
cycle.
K
So
basically
we
help
you
secure
multiple
parts
of
your
code,
so
we
help
you
secure
the
supply
chain,
the
code,
the
development
life
cycle
and,
of
course,
your
platform.
But
today
I'm
going
to
talk
specifically
about
the
code
part,
so
we
can
see
that
almost
50
of
all
the
breaches
in
the
world
actually
include
stolen
credentials
and
yet
we're
pretty
bad
about
not
committing
these
credentials
or
these
secrets
into
source
controllers
report
stories.
And
this
where
secret
scanning
actually
comes
in.
K
So
we
have
different
sort
of
different
oriented
features
for
public
and
private
repo.
So
I'm
going
to
start
with
public
repos
for
public
reapers.
We
actually
have
secret
scanning
for
a
number
of
years
already
and
we
are
doing
it
at
massive
scale.
We're
scanning
about
150
million
pushes
a
week.
K
So,
basically,
we
then
send
the
matches
to
a
partner,
verify
endpoint,
and
then
the
partner
can
verify
if
it's
a
real
secret
or
if
it's
not
and
then,
depending
on
what
the
partner
wants
to
do
with
this.
Sometimes
they
revoke
the
secret,
and
sometimes
they
also
email,
the
user
right.
So
basically,
we
have
this
process
in
which
I
completely
transparent
to
the
user.
In
some
cases,
your
secret
actually
got
gets
revoked
by
the
partner,
and
so
your
secret
is
no
longer
in
the
repository.
K
So
if
you
say
committed
an
aws
secret
into
your
repository,
then,
instead
of
someone
stealing
your
credentials,
we're
actually
probably
going
to
revoke
it.
For
you.
A
All
right,
how
was
that
I,
I
know
developers
like
to
build
really
cool
stuff,
so
I
really
loved
the
analogy
that
sasha
gave
how
you
build
a
beautiful
mansion
and
you
forget
to
put
in
doors.
So
please
don't
don't
forget
to
put
indoors
in
your
code,
so
the
next.
The
next
topic
is
by
bass
and
xavier.
L
So
github
code
scanning
earlier
this
year,
we
announced
it
and
code
scanning
does
exactly
what
it
says
on
the
tin.
It
scans
your
code
for
security,
vulnerabilities
and
any
alerts
we
find
in
pull
requests
or
automatically
flagged
up
to
you
so
that
you
can
fix
them
before
you
merge
the
code
changes
into
your
main
branch
that
particular
code
patterns
could
be,
for
example,
a
server
side,
template
injection
vulnerability
when
you
run
codeql,
whether
that's
in
code
scanning
or
on
your
own
local
machine.
L
The
first
thing
it
will
do
is
it
extracts
all
of
the
source
code
that
you
have
into
a
special
relational
database
in
a
way
it's
similar
to
a
mysql
or
a
postcards
database.
It's
a
very
special
one,
though
special
purpose
built
read-only
one.
We
call
it
a
ql
database
and
just
like
with
my
sql
and
with
postgres,
you
can
run
queries
against
that
database
and
in
fact
the
kql
query
looks
a
bit
like
a
sql
query.
L
But
it's
a
lot
more
powerful
I'll
show
you
one
in
in
the
live
demo
that
I've
got
now
a
code.
Qr
query
is
a
way
to
sort
of
interrogate
and
explore
your
source
code.
A
very
simple
query
might,
for
example,
look
for
a
variable
called
password
that
you
then
write
to
a
plain
text:
log
file,
more
advanced
security
analysis,
more
advanced
queries
do
very
intricate
flow
analysis.
They
track
where
user
control
data
enters
your
application.
L
L
Now,
in
a
way,
every
query
captures
the
security
knowledge
of
a
security
researcher,
and
by
codifying
that
knowledge,
that
we
can
apply
it
at
a
massive
scale.
So,
for
example,
we
run
kql
against
hundreds
of
thousands
of
repositories,
and
every
single
query
result
that
we
get
is
a
is
an
alert
in
code
scanning.
A
All
right
so
secret
scanning
code
scanning,
that's
part
of
our
advanced
security
product,
and
do
you
know
that
all
of
that
is
available
free
for
open
source
work?
So
if
you,
if
you're
working
on
the
project,
you
can
definitely
turn
on
secret
scanning
and
code
scanning
and
and
code
ql
for
your
projects
right.
So,
let's
dive
deeper
now
into
security
as
a
feature,
so
our
one
of
our
our
customers
here
tamofisha,
would
go
through
how
they
are
using
code
security
and
advanced
security
at
their
company.
M
We're
going
to
be
going
through
a
few
different
ideas
in
this
concept,
in
terms
of
why
companies
might
not
think
of
security
as
a
feature,
of
course,
what
they
do
think
of
as
a
feature
first
and
then
going
into
what
happens
when
they
don't,
but
also,
of
course,
some
of
the
good
things
that
can
come
from
thinking
of
security
like
a
feature
going
ahead
and
then
how
you
can
implement
that
within
your
tool
chain
or
your
process,
some
further
learning
and
we'll
take
it
from
there.
M
So
let's
go
ahead
and
dive
right
in
what
makes
something
a
feature
right,
that's
something
that
is
is
often
discussed
in
concerning
the
project,
management
or
product
management
team,
the
dev
teams,
they
always
say.
M
Well,
that's
not
really
a
feature
security's,
not
a
feature,
and
that's
because
of
course
features
are
things
that
customers
ask
you
for
right,
they're,
the
things
that
people
want
to
see
the
things
that
people
will
complain
about
if
they
don't
have
it
in
your
application,
and
so
therefore
they'll
tell
you
about
it,
then
of
course
there's
resources
in
terms
of
people,
time
or
money.
M
M
So
why
isn't
security
considered
a
feature,
and
this
is
kind
of
an
interesting
topic,
because
one
of
the
things
that
I'll
often
ask
dev
teams
after
they've
done
some
security
review
of
their
applications
is
they'll
say:
do
you
have
a
banking
app
on
your
phone
now
that
doesn't
always
translate
depending
on
where
you
are
in
the
world,
some
cash
heavy
cultures?
Don't
really
use
banking
applications
might
do
e-commerce,
but
alaska
dev.
Are
you
using
some
some
sort
of
financial
transaction
application
on
your
phone
and
the
answer
is
almost
universally?
Yes.
M
Well,
one
of
the
questions
that
you
should
be
asking
is:
would
you
use
it
if
it
had
the
vulnerabilities
that
your
application
has
and
that's
when
you
know
security
is
a
feature
because
it's
not
something
that
people
were
asking
you
for,
but
it
was
something
that
you
and
the
people
using
your
applications
are
expecting
in
a
lot
of
ways.
M
I
like
to
say
this
is
kind
of
like
the
faucet
that
you
go
to
or
the
sink
that
you
may
go
to
and
when
you
turn
that
left
knob,
you
expect
the
water
to
be
hot.
That's
universally
true,
you
didn't
have
to
ask
anyone
for
it
and
you
didn't
have
to
tell
the
plumber
to
install
it
that
way.
It's
just
the
way
that
that
operates,
and
so
in
a
lot
of
ways.
M
M
It
ends
up
being
state
actors,
as
opposed
to
cheeky
kids
on
the
internet,
for
an
example,
and
so
that
way,
your
application
will
be
a
little
bit
more
robust
and,
quite
frankly,
you're
out
running
a
majority
of
the
bears.
Of
course,
it
also
differentiates
your
project
or
your
product
if
you
think
about
apple,
for
example,
they're
almost
universally
known
for
a
lot
of
the
security
and
privacy
implementations
that
they've
put
in
place.
We
can
also
look
at
examples
within
the
software
development
landscape,
such
as
react
versus
angularjs
back
in
the
day
angularjs.
M
I've
taught
a
couple
trainings
that
have
shown
exactly
how
this
works,
and
thankfully
google
has
addressed
that
with
later
versions
of
angular,
such
as
by
removing
the
sandbox
in
the
original
angularjs,
because
people
were
using
it
wrong
and
in
this
way,
if
we
think
of
security
as
a
feature
from
the
get-go,
we
can
actually
write
on
secure
frameworks
and
languages
like
rust,
to
eliminate
a
vast
majority
of
the
vulnerabilities
that
enter
our
landscape.
M
And,
of
course,
once
you
go
ahead
and
invest
in
security
as
a
feature,
it
allows
you
to
save
time
and
money.
It's
that
return
on
investment
that
compounding
interest
that
allows
you
to
actually
go
ahead
and
focus
on
other
investments
and
experimentation
so
that
you
can
grab
more
market
share
and,
of
course,
differentiate
your
product
and
then
pay
down
those
other
technical
debts
that
you
might
be
encountering
and
then,
of
course,
in
terms
of
some
tools
that
you
can
use.
I
like
to
say
with
static
analysis.
Github's
advanced
securities
toolset
is
phenomenal.
M
If
you're
on
the
github
platform,
which
I
would
think
that
you
probably
are,
if
you're
watching
this
and
then,
of
course,
osp's
dependency
check
tool.
If
you
need
another
thing
to
go
ahead
and
look
into
the
environment
and
make
sure
that
things
are
working
appropriately
and
the
libraries
you're
using
are
fresh
and
secure.
A
All
right,
thank
you
for
that
top
chat
on
security.
So
so
now
we
we've
had
a
lot
about
security,
secret
scanning
code
ql
and
how
you
can
incorporate
security
as
a
you
know,
you
know
as
a
way
of
thinking
and
and
making
it
a
feature
of
all
your
development.
So
our
senior
product
manager
here
at
github
would
go
through,
give
you
a
roundup
of
the
advanced
security
product
and
how
you
can
get
started
and
continue
to
use
it
going
forward.
So
aj,
let's
get.
N
It
here
at
github
we're
really
focused
on
understanding
security
from
the
developer's
point
of
view,
because
empowering
developers
to
build
secure
code
is
one
of
the
best
ways
to
move
the
needle
on
your
security
story.
Now,
there's
a
ton
of
great
data
in
the
state
of
the
octoverse
report
this
year,
but
one
of
the
things
that
I
like
to
point
out
is
how
developers
introduce
security
vulnerabilities
at
a
relatively
constant
rate
with
every
line
of
code.
That's
written
and
that's
not
me
criticizing
developers.
N
I
don't
write
the
code
and
I
know
just
how
hard
it
is.
This
should
really
underscore
that
writing
secure
software
is
really
hard.
It
doesn't
matter
how
smart
your
team
is.
It
doesn't
matter.
You
know
how.
Well
you
hire,
there's
a
reason
that
mitre
has
so
many
different
cwe
buckets
it's
because
as
humans
we
tend
to
introduce
the
same
kinds
of
problems
over
and
over
again,
around
83
percent
of
applications
have
at
least
one
security
vulnerability
in
them.
N
Organizations
that
adopt
devsecops
practices
run
and
run
security
scans
daily,
reduce
their
mean
time
to
remediate
security
problems
by
around
72
versus
organizations.
That
run.
You
know
just
a
few
times
a
year,
so
that's
why
we
at
github
have
been
hard
at
work,
with
a
collection
of
security
solutions
that
we
call
github
advanced
security
within
github,
advanced
security.
We've
got
three
major
product
areas.
N
N
Finally,
secure
secrets:
we
know
credential
leaks,
are
a
huge
problem
both
for
security
and
reliability.
Reasons
I
mean
have
you
ever
tried
to
roll
keys
on
an
app
where
someone
hard-coded
credentials
into
the
source
code
instead
of
putting
them
into
the
key
vault?
It's
not
going
to
be
a
good
day.
You're
going
to
cause
an
outage
and
everyone's
going
to
be
unhappy,
so,
let's
drill
in
dependency
review
is
a
brand
new
capability
that
we
unveil
unveiled
here
today.
N
N
That's
why
we've
made
it
really
easy
to
view
results
in
code
scanning
super
easy
by
integrating
those
alerts
into
pull
requests
and
making
sure
the
developers
are
only
blocked
when
they
introduce
a
net
new
vulnerability
in
their
code.
That
way,
when
you
have
a
lot
of
security
debt,
it's
not
going
to
come
up
every
day.
It's
not
going
to
slow
you
down,
it's
still
there
and
we
hope
you'll
fix
it.
But
it's
not
in
your
way.
Codeql
is
the
semantic
analysis
engine
that
powers,
our
own
security
analysis.
N
We
actually
map
all
the
code
in
your
repository
into
a
graph
database,
and
this
is
special
because
it
allows
security
researchers
to
reason
over
that
code
and
develop
queries
can
find
really
complicated
vulnerabilities
with
really
high
precision
by
bringing
all
of
this
together
in
one
user
experience
we're
making
it
easier
than
ever
to
get
security
challenges
in
front
of
developers
before
they're,
a
problem
for
your
users
and
we're
using
that
exact,
same
infrastructure
to
help
enterprise
developers
identify
secrets
in
their
private
code
as
well.
N
This
scans
the
full
history
of
your
repositories,
and
it
provides
users
with
a
native
experience
for
triaging
secrets
that
we
find
in
your
code
as
much
as
this
is
a
security
feature.
It's
also
a
reliability
feature
we're
working
from
with
everyone
from
you
know:
big
clouds
like
aws,
azure
or
google,
through
developer
tools
like
npm,
twilio,
hashicorp
or
pollumi.
A
All
right,
so
I
hope
I
hope
that
that
made
a
lot
of
sense
and
don't
feel
overwhelmed.
All
of
this
all
of
these
videos
are
fully
available,
so
you
can
go
watch
it
at
your
own
time
at
github
universe.com,
so
at
your
own
free
time
definitely
go
check
it
out
again.
So
next
we
want
to
go
through
how
we
can
all
get
better
together
right
what
enterprises
can
learn
from
global
patterns
in
software
development.
A
So
the
next
section
we'll
talk
nicole,
fogger
and
we'll
talk
through
how
you
can
learn
from
global
patterns
in
software
development.
So,
let's.
O
We
just
released
the
state
of
october's
report
last
week.
It
was
a
birthday
present
to
myself
and
everyone
else.
We
took
a
slightly
different
approach
this
year,
so
in
addition
to
sharing
with
the
world
how
github
has
grown
and
changed,
we
also
did
some
deep
dives.
We
had
quite
a
year.
We
have
now
grown
to
over
56
million
total
developers
on
github.
O
O
Many
people
are
both
working
longer
hours
and
getting
more
done,
we
saw
contributions
to
open
source
jump
initially
40
compared
to
last
year
and
then,
when
they
settle
out,
they
settle
out
at
about
25
increase
compared
to
the
previous
year.
We
found
that
once
an
open
source
repo
starts
using
actions
on
their
pull
requests.
O
We
see
an
18
faster
time
to
merge
that
pull
request
and
an
increase
of
30
percent.
More
pull
requests,
merged,
github
released
and
announced
discussions
earlier
this
year,
so
we
took
a
look
at
the
next.js
repository
and
how
they
were
using
discussions,
and
it
was
great
to
see
and
kind
of
excited
to
see
how
this
grew
over
time,
and
what
we
found
is
that
it
really
helped
keep
this
community
more
resilient
and
more
sustainable.
O
What
some
of
our
other
analysis
found
is
that
some
of
the
best
ways
to
invite
and
encourage
and
foster
newcomers
to
stick
with
the
community
are
with
issues
the
challenge
with
issues
that
can
burn
out
maintainers.
So
the
exciting
thing
is
that
we
also
found
that
one
of
the
best
ways
to
encourage
newcomers
is
with
discussions.
O
Discussions
is
a
way
to
engage
talk
about.
What's
happening,
learn
new
norms.
Now
some
of
you
may
be
thinking
well,
what
does
this
have
to
do
with
me,
nicole,
this
enterprise
track?
This
is
great
because,
as
we
think
about
scaling
our
solutions
and
scaling
throughout
our
enterprises
think
about
things
like
centers
of
excellence
or
communities
of
practice.
This
helps
make
sure
that
our
expertise
isn't
siloed.
This
helps
us
spread
that
excellence.
O
It's
a
lot
like
inner
source
right.
We
have
so
many
things.
We
have
expertise.
We
have
process,
there's
so
many
things
that
we
could
share.
We
found
that
any
piece
of
code
or
any
repo,
has
a
59
chance
of
getting
a
security
alert
in
the
next
year
of
those
active
repositories
with
supported
package
ecosystems.
O
O
O
A
All
right,
so
the
overall
team
you've
been
hearing
this
about
security,
paying
down
technical
debts,
doing
as
much
as
possible
to
make
sure
that
you
reduce
the
vulnerability
in
the
beautiful
code
that
you're
writing.
So
our
the
next.
The
next
clip
will
talk
to
you
how
even
at
get
up
here,
we
we're
making
sure
that
we
are
free
of
vulnerabilities
and
we
have
pained
out
our
own
technical
depth
and
making
sure
that
github
is
more
secure
for
all
the
developers
all
around
the
world.
So,
let's
get
into
the.
P
P
So,
at
github
this
summer
we
basically
decided
to
have
a
project
where
we
were
going
to
pay
down
this
technical
debt
with
very
specific
outcomes
in
mind.
We
stopped
most
not
all
feature
development
to
really
focus
the
engineering
team.
P
One
was
around
both
the
outer
loop,
how
you
deploy
software,
but
also
our
observability,
both
observability
during
a
deploy
and
then
just
generally
speaking,
another
big
set
of
work
streams
was
around
the
inner
loop
and
testing.
That
is
when
someone
is
coding,
they're,
making
a
build
locally,
they're
running
tests,
all
of
those
kinds
of
things
and
then
the
final
loop
was
final
work
stream
was
specifically
around
reliability.
P
What
parts
of
the
system
do
we
need
to
make
better
and
stronger
so
that
you
know
the
site
is
always
up
always
serving
our
customers
in
all
cases,
and
so
we
organized
across
those
we
had
objective
leads,
who
kind
of
looked
at
each
one
of
these
three
and
then
underneath
them.
We
created
virtual
teams
of
work
stream,
leads
to
tackle
very
specific
problems.
Ultimately,.
Q
We
selected
these
as
some
of
the
work
streams
that
the
projects
that
we
were
going
to
work
on.
First,
we
wanted
to
look
at
how
we
could
speed
up
our
artifact
builds
and
we
need
some
more
progressive
roll-out,
stages
and
automation
around
them,
and
we
noticed
that
there
were
recurring
themes
of
deployment
problems
that
we
could
eliminate.
That
could
take
care
of
that
need
for
manual
intervention.
Q
Q
Q
Last,
let's
see
the
time
to
resolve
incidents
when
they
do
happen
is
vastly
improved,
and
I
want
to
mention
a
thing
that
I
was
super
excited
to
see
happen
here.
We
set
up
a
mirror
of
our
github
repository
so
that
we
can
build
and
deploy
github
still
when
github
isn't
available
the
thing
that
we
do
it
when
it
is
and
another
one
I'm
super
excited
about,
is
that
we're
enabling
merge
queues
for
more
of
our
repositories.
Q
We've
separated
out
how
we
bundle
up
our
home
requests
and
that's
separate
out
of
the
deployment
process
now
for
that
repository
so
yeah.
So
all
of
this,
along
with
some
simpler
confidence,
dashboards
again
that
progressive
rollout
automation
and
really,
I
believe,
just
involving
so
many
more
people
to
work
on
this
experience
and
the
outer
loop
and
the
observability
it
led
to
this
great
improvement
in
our
development
happiness
measurement
that
we
take
each
quarter
a
hundred
and
sixty
percent
y'all.
Like
that's.
Q
That's
big-
and
I
don't
want
to
like
to
call
out
another
key
observation
related
to
this,
and
that
is
the
increased
unity
across
the
engineering
organizations
right.
So
many
teams
had
opportunities
to
work
together
on
things
that
we
wouldn't
ever
get
a
chance
to
collaborate
on
normally
and
the
results
of
that
have
been
so
positive.
But
really
how
do
we
keep
this
up?
That's
what's
really
important,
so
we
have
now
what
I
like
to
call
anti-slip
measures
in
place
formally
here.
Q
We
call
it
our
fundamentals
program,
but
for
every
improvement
that
we
make,
we
set
new
benchmarks.
We
raise
that
bar.
We
monitor
them
and
tweet
to
understand.
Does
something
need
to
be
nudged
a
bit
right.
We
have
that
additional
visibility
to
make
it
a
lot
easier
to
have
these
conversations
with
product
managers
and
engineering
leaders,
and
it
makes
planning
able
to
factor
this
in
better
and
at
least
be
more
aware
of
what
we're
going
to
set
aside.
R
We
leveraged
our
products
issues,
actions
workflow
integrations.
We
focused
on
the
key
metrics
to
identify
bottlenecks
and
found
a
maintainable
and
a
reusable
solution.
We
ultimately
built
an
internal
tool
that
supports
our
developers
and,
at
the
same
time,
acts
as
a
guard
rail
for
product
qualities
and
as
for
numbers,
we
reduce
our
ci
time
to
13
minutes,
making
our
ci
workflow
three
times
faster.
Then,
as
an
added
bonus,
we
reduced
our
compute
costs
down
by
a
fourth.
R
This
was
improvement
done
just
in
one
of
the
work
streams
in
the
larger
and
in
the
larger
initiative.
There
was
a
lot
more
improvement
as
liz
talked
about,
but
we
focused
on
the
fundamentals
of
development
tracking
down
important
metrics,
deploy
frequency
change,
fail
to
rate
time
to
restore
a
service
and,
of
course,
what
I
fixed
lead
time
to
change
above
and
beyond
numbers.
R
Github
engineering
work
together
to
identify
prioritize
plan
swarm
on
the
most
important
impactful
issues
that
matter
to
us.
We
brought
together
teams
from
different
part
of
organization
to
work
on
the
fundamentals
and
what
warms
my
heart,
the
most,
is
how
we
were
able
to
focus
on
our
engineering
platform.
Cracking
down
technical
debt
making
engineering
improvements
so
that
we
could
continue
to
build
the
best
in
class
developer
products
for
you.
A
All
right
hope
you
enjoyed
that
session
about
how
we
obtained
our
technical
depth
at
github
we're
getting
towards
the
end
of
our
best
of
universe
series.
Today
we
still
have
three
sessions
to
go.
So
it's
it's.
It's
been
really
fun
and
I
hope
you've
enjoyed
your
time
with
me
today.
So
we've
gone
through
security
product
features
here
get
up
and
all
all
of
the
ci
cd
functionality
we've
launched
throughout
2020
2021
is
a
great
year.
A
We
will
continue
to
work
hard
here
to
make
sure
your
lives
are
easier,
as
developers
all
around
the
world.
You
guys
are
the
reason
why
we
exist
at
github,
so
so
over.
The
next
three
sessions
we'll
have
a
three
of
our
customers
talking
through
how
they
use
github
their
best
practices,
and
you
know
how
the
ssx
for
on
the
platform
so
aj,
please
the
next.
S
At
intuit
we
have
six
big
groups
across
multiple
continents
and
multiple
time
zones,
engineers
and
other
technologists
focus
on
delivering
solutions
declared
as
priorities
by
their
groups.
We
have
aggressive
schedules
to
deliver,
features,
fixes
and
products
to
millions
of
customers
and
speed.
Yes,
it's
a
necessity,
but
man
to
get
there.
There
are
some
challenges
we
solved
it
by
taking.
T
Inspiration
from
open
source,
we
implemented
a
solution
that
included
an
inner
source
model.
Inner
source
takes
the
principles
of
open
source
into
the
enterprise
environment
in
resource.
It's
a
great
tool
to
help
break
silos,
encourage
internal
collaboration,
accelerate
new
engineering
onboarding
and
identify
opportunities
to
even
contribute
back
to
open
source.
T
You
will
for
sure
need
leader
support
in
order
to
provide
you
know,
time
for
training
of
their
engineers,
time
for
their
engineers
to
adopt
engineer
guidelines
and
make
the
technology
changes
and,
like
I
mentioned
before,
you
need
to
create
a
set
of
unified
guidelines,
also
identified
your
model
teams.
These
teams
that
are
going
to
be
like
I
mentioned
foundational
capabilities
in
each
of
the
business
units
that
you
have
conduct
workshops
to
teach
how
to
do
in
your
source.
We
actually
have
workshops
at
each
intuit
site
and
every
chance
we
got
every
conference
every
event
there.
S
S
That
you
teach
what
inner
sources
now
you
heard
about
the
benefits
for
at
a
high
level
for
engineers.
We
also
wanted
to
let
you
know
that
many
engineers
told
us
that
by
allowing
us
allowing
engineers
to
contribute
to
other
repos,
they
were
actually
investing
in
their
craft
and
that
they
were
learning
new
skills
and,
in
addition
to
the
engineers
there
were
other
stakeholders
that
really
do
benefit
the
other
one
is
our
internal
and
external
customers,
and
our
customers
definitely
said
that
wow,
the
the
products.
S
Not
only
are
they
delightful,
but
when
there's
a
problem
you
get
that
fix
out
right
away
now
for
the
business
brazil
did
mention
the
business
earlier
for
the
business
not
only
was
their
speed
and
delivering
solutions
and
and
products
to
customers,
but
there
was
definitely
higher
engagement
from
our
engineers
or
from
product
development
teams,
and
we
believe
that
that
and
we're
starting
to
see.
You
know
some
data
on
this,
but
we
believe
that
higher
engagement
leads
to
higher
higher
retention
of
top
tech,
talent.
U
N
U
N
We
just
started
spending
more
time,
trying
to
understand
the
like
treat
them
as
users
and
understand
their
challenges
start
advocating
on
their
behalf
and
then
trying
to
provide
them
solutions
that
sort
of
meet
their
growing
needs
and
kind
of
meet
them
where
they
are
so.
This
meant
approaching
platforms
and
infrastructure
and
tooling,
with
sort
of
the
same
user-centric
or
product-based
approach
mindset
that
we
do
everything
else
so,
like
our
frontline
associates
and
our
customer-facing
experiences.
N
So
so
we
needed
tooling,
that
meant
empowering
the
engineers
supporting
self-organization
and
tooling
that
helped
foster
more
collaboration
and
communication
whenever
you're
talking
about
you
know
this
agile
journey
or
you
know
this
transformation,
I
think
one
of
the
most
important
things
is
fostering
this
culture
of
continuous
learning
and
improvement,
and
you
know,
and
when
you're
talking
about
continuous
improvement,
it's
very
difficult
to
do
that.
N
Sometimes,
if
you
don't
know
where
you
came
from
or
where
you
started
or
where
you
are,
and
so
I
think
you
know
figuring
out
what
to
measure
and
what
to
improve
is
really
important.
So
that's
been
difficult
in
it.
I
mean,
I
think
you
know
almost
forever,
but
I
think
it's
changed
a
lot
in
the
last
few
years
and
and
a
lot
of
that
has
to
do
with
the
work
that
you
know:
newport,
nicole
forsgren
and
gene
chem
and
the
others
have
done
over
the
years
with
the
devops
handbook
and
accelerate.
N
So
the
four
key
metrics
that
we
learned
about
and
accelerate
has
been
a
really
liberating
thing
for
me.
In
my
space
I
mean
a
lot
of
the
stuff
that
we
used
to
do
that.
You
know
felt
good
or
felt
like
the
right
thing
to
do.
I
mean
for
the
first
time,
in
a
long
time
like
it's,
quantifiable,
it's
tangible
and
it's
measurable,
and
that's
really
liberating.
V
My
name
is
hung
brownson
and
I'm
the
chief
architect
and
lab
manager
at
r3m's,
corporate
research
and
development
group.
I'd
like
to
share
with
you
our
journey
today
from
scientific
poster
sessions
to
get
up
global
actions,
how
we've
accelerated
our
digital
innovations
by
extending
github
into
model
hub
platform
and
using
booster
as
that
interface
with
github.
We
have
drastically
shortened
the
time
it
took
for
our
modelers
to
onboard
new
models
from
weeks
to
days.
V
We've
also
tripled
the
number
of
models
since
launch
launching
booster
with
github
this
spring.
The
results
have
been
fabulous:
we've
accelerated
our
modeling
platform
usage
and,
more
importantly,
we
accelerated.
Our
research.
Github
has
helped
3m
transform
in
a
number
of
different
ways
by
automating.
Our
three-person
folklore
still
do
poster
sessions
today,
but
we've
also
complemented
that,
with
a
github
ecosystem
and
a
collaboration
vehicle,
we've
enabled
instantaneous
collaboration
where
we
couldn't
do
that.
A
All
right,
sad
to
say
that
this
this
is
the
end
of
our
best
of
universe.
Highlights
today,
please
feel
free
to
go
check
out
all
the
sessions.
It
took
a
lot
of
work
to
congest
over
60
hours
of
content
into
like
our
one
hour.
Meetup
today,
so
definitely
go
back
and
check
out
github
universe,
dot,
com
to
see
all
the
the
full
content
at
your
at
your
time.
Anytime,
it's
convenient
for
you
so
after
after
now,
we
would
have
a
a
zoom
session.
A
If
you
have
any
questions
for
me
and
for
my
colleagues
I
will
be
on
zoom
for
about
30
minutes,
and
you
can.
You
can
ask
questions
that
you
have
about
any
of
the
sessions
that
we've
gone
through
today
and
just
to
just
to
recap.
Today
we
had
so
many
highlights.
We
we
had.
You
know
talk
about
github
actions,
get
up
discussions,
we
talked
about
github,
advanced
security,
definitely
go
back
to
any
sessions.
Today.
This
is
available
on
youtube.
A
You
can
go
check
it
out
at
any
time
you
like,
and
please
also
be
reminded
that
we
would
would
like
to
have.
You
join
us
we'd
like
to
hear
from
you
at
on
twitter.
If
you
want
to
hit
us
up
on
twitter,
just
at
mention
us
at
github
and
also
be
reminded
that
you
know
github
universe
2021,
we
just
had
github
universe
2020.
A
I
will
be
coming
up
soon,
so
stay
in
touch
to
here
here
hear
from
us
on
that,
so
we'll
be
signing
off
now
and
going
into
the
zoom
session.
So
please
join
us
and
we'll
love
to
hear
from.