►
From YouTube: GitHub Satellite India 2021 - DevOps Day 1
Description
A community connected by code. March 26-27, India
Join us virtually for two days dedicated to celebrating India's developer community. Expect announcements from GitHub leaders, hands-on workshops, and inspiring performances by artists who code.
Increase efficiency, automate workflows, and create secure software all at once.
https://githubsatellite.com
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
C
C
So
thank
you
for
being
here
with
us
today.
I'm
excited
to
announce
three
new
programs
to
support
current
and
future
developers
here
in
india,
but
before
we
get
to
that,
I
just
want
to
take
a
moment
to
reflect
back
over
the
course
of
the
last
year
and
celebrate
the
growth,
energy
and
passion
of
the
developer
community
in
india.
C
C
On
election
day.
Thousands
of
india's
best
tech
minds
came
together
to
create
a
technology
solution
to
solve
this
problem
on
github
and
we're
so
proud
of
the
work
that
is
still
being
done
to
support
this
important
effort.
It's
been
an
incredible
year
and
that's
thanks
to
all
of
you
and
the
passion,
innovation
and
creativity
that
you
bring
to
the
github
platform
every
single
day.
So,
let's
take
a
quick
look.
At
the
last
year
in
review.
C
In
the
last
year
alone,
more
than
1.8
million
developers
have
joined
github.
The
developer
community
in
india
now
totals
5.8
million
developers
strong
together,
you've
created
7.3
million
repositories
in
the
last
year.
That's
81
more
than
the
year
before
think
of
the
potential
of
all
of
these
new
projects.
C
The
number
of
contributions
commits
issues,
gifts,
prs
team
discussions
increased
by
75
percent
in
india
and
that's
compared
to
about
40
percent
of
the
rest
of
the
world
in
public
open
source
repositories.
Specifically,
the
number
of
contributors
increased
by
80
percent
over
the
previous
year
and
most
strikingly,
a
million
developers
in
india
created
their
first
repository
on
github
this
year,
that's
equivalent
to
a
developer
in
india,
creating
their
first
repo
on
github
every
30
seconds
throughout
the
year,
a
million
developers
creating
their
first
repo
wow.
C
All
of
these
numbers
mean
that
india
is
the
fastest
growing
country
in
the
world
in
terms
of
developers
contributing
to
open
source.
This
is
incredible
and
we're
grateful
that
so
many
of
you
put
your
trust
in
github.
After
all,
as
we
say
at
github,
the
open
source
community
is
incredibly
interconnected
in
the
coming
years.
C
C
D
D
D
C
C
Sheikha
mishra
is
from
lucknow
india
she's
a
maintainer
for
magento,
which
is
an
open
source
e-commerce
framework
that
serves
as
the
foundation
for
more
than
a
hundred
thousand
online
stores.
What
I
love
about
chica
is
she
really
embraces
the
spirit
of
open
source?
She
considers
every
aspect
of
her
role
as
a
maintainer
down
to
the
simplest
comment
on
an
issue
to
be
a
responsibility
and
an
opportunity
to
be
inclusive,
to
support
and
recognize
the
contributions
of
others
and
to
receive
that
support
and
recognition
in
return.
C
Chica
and
the
countless
other
developers
like
her
in
india
who
are
embracing
these
qualities
are
actually
lowering
the
barrier
of
entry
for
new
developers
to
open
source.
This
is
going
to
be
a
huge
contributor
to
the
growth
of
open
source
in
india
and
by
the
way
sheik
is
presenting
on
a
panel
shortly
after
this
keynote.
So
I
hope
you'll
join
and
listen
to
what
she
has
to
say.
C
An
individual
developer
has
the
potential
to
have
an
exponential
impact
on
the
community
and
on
tech
innovation.
Overall,
last
year
we
launched
the
github
stars
program
as
a
way
to
recognize,
highlight
and
elevate
the
work
of
contributors
who
go
above
and
beyond,
to
build
and
contribute
to
healthy
and
thriving
open
source
communities.
C
C
All
of
them
are
passionate
about
collaboration
and
growing
the
open
source
community
and
produce
great
content
to
share
their
knowledge
with
others.
We're
looking
forward
to
adding
more
developers
in
india
to
the
github
stars
program
so
that
we
can
all
benefit
from
their
experience
and
their
perspective
stories
like
shika's
niche,
karshas,
santosh's
and
benitez,
and
the
millions
of
other
developers
who've
found
their
passion
in
open
source
are
truly
inspiring.
C
That
benefits
us
all
and,
as
we
all
know,
many,
if
not
most
developers
do
not
get
to
work
on
open
source
as
their
primary
occupation,
but
the
open
source
work
you're
doing
is
essential
and
we
want
to
do
more
to
support
some
of
the
key
projects
being
built
by
developers
in
india
so
to
support
and
make
possible
more
great
work
by
the
open
source
community.
Here
in
india,
I
am
delighted
to
announce
the
github
india
open
source
grants
program.
C
Now,
let's
talk
more
about
what
businesses
here
in
india
are.
Building
enterprises
in
india
are
at
the
leading
edge
of
innovation
and
as
they
grow,
they
continue
to
have
greater
and
more
complex
needs.
They're.
Looking
for
more
automation,
better
integrations
and
streamline
workflows
that
empower
their
development
teams
to
do
their
best
work
as
an
integrated
part
of
the
open
source
community
github
is
proud
to
serve
the
next
generation
of
developers,
whether
they're
in
the
enterprise
or
at
up-and-coming
startups,
as
they
scale.
C
Many
of
the
largest
and
most
demanding
organizations
on
the
planet
rely
on
github
to
be
fast,
efficient,
reliable
and
secure.
We
invest
heavily
in
our
enterprise,
offering
and
in
less
than
a
year,
we've
seen
more
than
a
three
times
increase
in
adoption
of
github
enterprise
by
businesses
based
here
in
india.
C
India
has
the
largest
number
of
unicorns
outside
the
u.s
and
china,
and
these
are
companies
that
have
complex
needs.
They
have
certifications
and
regulations
to
comply
with
huge
amounts
of
data
to
protect
and
tons
of
technologies
and
systems
to
integrate.
As
a
startup
founder
myself,
I
know
how
important
that,
having
access
to
the
right
tools,
processes
and
support
can
be,
and
it's
key
to
keeping
your
business
growing
at
maximum
velocity
inmobi
is
one
of
these
fast
growing
companies
and
they've
joined
us
today
to
talk
a
little
bit
about
their
experience.
E
Hi,
I'm
rohit
chatter
teacher
in
movie
marketing
cloud.
The
first
indian
unicom
startup
in
moby
is
an
in-app
advertising
platform
for
the
digital
marketers,
who
are
looking
for
hyper
group.
The
one-stop
shop
for
my
techniques,
the
engineering
team
at
inmobi,
with
400
plus
engineers,
are
constantly
working
on
the
cutting-edge
technology
and
challenging
the
status
quo
and
constantly
innovating
at
the
heart
of
this
is
github.
E
C
Thanks
rohit,
now,
let's
hear
from
a
young
company,
that's
relying
on
github
to
provide
the
best
possible
experience
to
its
developers.
Udon
is
a
unicorn
startup.
That's
bringing
manufacturers,
traders,
retailers
and
wholesalers
together
into
one
platform
for
enterprise
commerce,
they're
using
automation.
C
F
Hi,
I'm
kaushik.
I
had
software
engineering
and
application
development
at
ran
when
a
new
engineer
comes
on
board.
He
already
is
aware
of
github,
so
from
an
onboarding
standpoint
from
understanding
a
tool
standpoint
that
has
already
been
taken
care
of,
purely
because
of
the
kind
of
reach
that
github
has
github
has
been
doing
over
the
years.
Is
it's
been
able
to
think
of
developer
workflows?
And
how
do
you
end
up
optimizing?
F
F
Github
actions
enables
us
to
plug
in
various
kinds
of
linter
tools
that
can
actually
help
in
automating.
Some
of
these.
You
know
pr
reviews,
for
example,
that
need
to
happen
and
at
some
point
in
time,
depending
upon
the
quality
of
that
code
or
to
push
into
a
build
pipeline.
Thus
optimizing
our
ci
cd
right
having
that
much
more
time
for
the
engineers
to
focus
on
the
real
problems,
while
the
ones
which
are
repetitive,
which
a
lot
of
engineers
see
as
interrupts
right
being
taken
away
from
them.
C
We
want
to
support
these
startups,
whether
they're
early
on
in
their
journey
or
are
taking
off
after
finding
product
market
fit.
Last
year,
along
with
our
investment
partners,
we
ran
a
pilot
of
a
startup
program
to
offer
github's
full
enterprise
platform
to
startups
in
india.
The
program
was
a
huge
success
with
over
200
startups
participating.
C
Those
companies
are
doing
incredible
things.
Cowis
space
is
building
a
solution
to
solve
the
geospatial
requirements
of
tech
companies.
Clear
quote,
is
creating
an
ai,
led
automation,
app
for
vehicle
inspections
and
air
meet
is
bringing
people
together,
which
is
more
important
this
year
than
ever
before.
By
providing
a
platform
for
hosting
virtual
events,
it
is
an
honor
to
be
just
a
tiny
part
in
the
grow
stories
of
these
companies,
and
we
know
that
there
are
so
many
more
exciting
startups
out
there.
C
C
The
student
population
in
india
is
incredible
in
its
size
and
depth
and
we
are
fortunate
to
be
partnering
with
so
many
great
universities
across
the
country.
In
the
last
year
alone.
We've
added
more
than
a
hundred
higher
education
institutions
to
github's
educational
program,
which
is
supported
by
74
campus
experts
during
our
launch
last
year,
I
was
able
to
have
lunch
with
a
few
of
these
folks
and
I
was
blown
away
by
the
energy
and
the
passion
and
the
dedication
they
have
to
supporting
others
in
learning
to
use,
github
and
participating
in
the
open
source
community.
G
C
Thanks
to
you
both
for
that,
I
find
your
energy
and
commitment
to
supporting
others
so
inspiring,
and
thanks
to
you
and
many
others,
we've
seen
a
whopping
142
growth
in
the
number
of
students
participating
in
the
campus
program
over
the
last
year.
That
has
brought
us
to
over
a
hundred
thousand
students
in
india.
With
the
campus
program.
Students
across
many
of
india's
higher
education
institutions
have
access
to
github's
full
products.
We
throughout
their
time
as
students.
C
The
student
ecosystem
is
incredibly
important
to
the
continued
growth
and
pace
of
innovation
in
india
and
the
more
that
we
can
do
to
equip
the
developers,
innovators
and
solution
builders
of
tomorrow,
the
brighter
our
future
will
look
related
to
this.
If
you're,
a
student
and
you're
not
already
familiar
with
the
github
student
developer,
pack
be
sure
to
check
it
out,
it
offers
over
14
million
rupees
worth
of
access
to
free
software
and
services
to
student
developers.
C
This
builds
on
top
of
github's
campus
program
by
offering
participating
students
with
a
unique
opportunity
to
engage
with
companies
in
india
and
get
hands-on
development
experience
outside
of
the
classroom.
The
program
offers
a
three-month
paid
externship
to
work
on
open
source
projects
in
partnership
with
tech
companies.
C
C
The
github
accelerate
program
to
help
support
a
thousand
startups
in
india
in
the
next
year,
with
a
complete
devsecops
platform
for
their
development
teams
and
the
github
india
externship
program
to
provide
relevant
work
experience
to
student
developers
with
programs
like
these
and
the
incredible
creativity,
energy
and
passion
of
all
of
you.
We're
confident
that
we've
only
scratched
the
surface
of
the
growth
potential
in
the
developer
community.
Here
in
india,
in
fact,
by
the
third
anniversary
of
github
india
in
february
2023,
we
believe
more
than
10
million
developers
in
india
will
be
calling
github
home.
C
C
Thank
you
for
joining
me
today,
as
we
kick
off
our
first
github
satellite
in
india.
I'm
looking
forward
to
hearing
from
many
of
you
over
the
next
couple
of
days
and
continuing
to
find
energy
and
inspiration
in
your
contributions
to
open
source
and
global
technology
as
a
whole,
and
I
cannot
wait
until
I
can
come
back
and
meet
with
you
in
person
until
then
enjoy
satellite
and
keep
on
shipping.
J
I
I'm
calling
in
from
the
city
of
pearls
hyderabad
a
special
swagatam
to
all
of
you
joining
from
here
mohit.
You
are
in
delhi,
I'm
in
hyderabad.
Why
not
give
everyone
a
tour
of
india
and
celebrate
the
developer
community?
What
say
awesome
so
coming
to
myself,
I'm
director
of
product
for
github
education.
Yes,
you
heard
about
all
the
awesome
works
that
we
do
in
the
keynote.
I
I
You
know
what
today
is
also
more
special
to
me,
because
I
was
part
of
the
first
celebration
in
bangalore
where,
on
valentine's
day,
we
celebrated
and
started
the
love
of
indian
developer
folks-
and
this
is
also
me
goofing
up
in
universe
with
daniel,
so
it's
been
so
much
fun
and
what
a
keynote?
Oh,
my
god,
such
amazing
announcements.
What
are
your
thoughts
there.
J
Second,
we
are
extending
the
github
accelerate
program
via
more
accelerators
incubators
and
vcs
and
will
be
extending
the
program
to
up
to
1000
startups,
and
my
personal
favorite
is
github
externship
program
which
will
bring
the
future
software
developers
the
growing
student
community
a
lot
more
closer
to
companies
who
are
betting
on
open
source
software
and
building
innovative
solutions.
Wow.
J
There
was
just
a
lot
of
lot
of
announcements
for
everybody
out
there
in
the
software
development
ecosystem
and
I'm
so
excited
to
see
all
of
that,
and
we
want
to
hear
from
you
on
what
you
feel
about
all
the
announcements
that
that
were
made.
What
are
you
looking
forward
to
today?
So
share
all
your
comments
with
us
at
our
handle
get
up
india
with
hashtag
github
satellite,
and
if
you
want
to
hit
us
up
directly,
you
can
reach
myself
and
divya
at
divya,
vashnavi
and
mohita.
87.
I
Actually
mohit,
I
see
already
a
lot
of
excitement
happening
on
twitter.
Khushboo
verma
is
really
excited
about
re
memorizing.
The
last
year
celebration,
anand
natarajan
about
all
the
focus
that
is
coming
in
india,
so
folks
keep
that
going
and
we
are
all
ears
and
listening
to
you,
okay.
So
let's
come
to
the
event.
This
is
a
live
broadcast
two
days
of
content,
four
hours
a
day
and
workshops
to
learn
it
all
with
action.
I
You
are
on
the
devops
channel,
your
favorite
channel,
where
we'll
obviously
be
talking
about
all
about
devops,
join
karan
and
anisha
on
the
oss
channel
as
they
covered
the
state
of
open
source.
If
you're
watching
this
on
github
satellite.com,
you
can
change
the
channels
from
the
top
nav
bar,
but
remember
to
unmute
when
you
move
channels
mohit.
What
are
the
other
ways?
People
can
interact
and
learn.
J
I
And
like
moed
said,
there's
always
more
for
folks
who
want
more
so
remember
to
also
engage
with
us
in
discussions.
Github
subject
matter
experts
as
well
as
all
the
speakers
who
join
us
today
will
be
on
discussions
connecting
with
you,
and
it's
also
a
time
when
you
can
connect
with
each
other
and
build
your
community
mohit,
and
I
will
also
take
questions
from
there
and
bring
it
to
discussions.
So,
let's
get
the
ball
rolling
and
what's
the
first
session
about.
J
It's
your
favorite
divya,
it's
github
actions,
we're
gonna,
learn
a
lot
about
all
the
new
features
and,
what's
more
coming
up
in
github
actions
from
none
other
than
chris
patterson
product
manager
at
github
and
something
very
interesting
about
chris
is
you
name
a
coding
language
and
he
has
got
his
hands
on
it
right.
Currently,
he
is
working
on
enabling
software
developers
at
github
to
automate
their
workflows
through
github
actions.
K
Session,
thank
you
so
much
deviant
mohit
for
that
very
kind
introduction.
As
I
say,
my
name
is
chris
patterson.
K
I
am
a
staff
program
manager
here
at
github
and
today
I
am
coming
with
you
coming
to
you
from
kerry
north
carolina
in
the
united
states
and
we're
going
to
give
kind
of
a
tour
of
some
of
the
new
things
that
we
have
been
working
on
with
github
actions
over
the
past
several
months,
but
before
we
do
that,
I
do
want
to
give
a
big
shout
out
to
a
bunch
of
my
colleagues
in
india
who
I
have
worked
with
for
almost
15
years.
K
I'm
incredibly
excited
that
github
is
now
in
india
and
that
I'm
able
to
work
with
the
developer
community
there.
More
than
all
we
have
here's
some
photos
of
me
during
several
of
my
trips
to
india.
Hyderabad
has
been
the
primary
location,
so
I've
got
gokanda
and
I've
even
driven
in
india.
One
of
my
colleagues
loaned
me
his
car,
and
that
was
a
quite
an
exciting
experience.
K
But
enough
about
me:
let's
go
on
to
talk
more
about
actions,
so
today
I
want
to
cover
four
different
areas
that
we
have
been
working
on
in
github
actions
to
help
improve
things
and
for
a
number
of
different
places.
So
we're
talking
about
continuous
delivery.
K
We
shipped
a
bunch
of
new
features
about
continuous
delivery
at
universe.
We've
made
some
enhancements
since
then
have
really
been
working
to
take
the
feedback
from
the
community
and
improve
those
things.
K
We've
been
working
very
hard
on
making
actions
more
secure,
and
this
is
a
big
focus
of
mine
personally
actually,
and
if
you
think
about
things
like
the
recent
solarwinds
issues,
where
you
know,
ci
can
absolutely
be
a
potential
place.
Where
security
can
you
know
you
can
create
security
holes
in
your
software
development
infrastructure,
github
actions
being
secure
is
incredibly
important.
K
We
have
hundreds
of
thousands
of
repos
that
rely
on
actions
every
day
and
we
need
to
make
sure
we
can
scale
to
reach
to
to
provide
all
of
the
necessary
resources
so
a
little
bit
about
actions
and
how
it's
grown.
Github
actions
is
just
a
bit
over
a
year
old.
At
this
point
and
from
a
perspective
of
the
community
embracing
it,
it's
just
been
absolutely
incredible.
In
the
marketplace,
there's
about
seven
thousand
or
a
little
more
than
seven
thousand
available
different
actions.
K
You
can
use
in
your
github
actions
workflows
and
if
I
look
across
github.com
it
only
not
at
all
of
the
actions
that
are
used,
kind
of
on
a
monthly
basis,
it's
really
closer
to
about
15
000,
different
actions
used
in
workflows,
and
so
it
means
there's
a
lot
of
people
who
are
using
them
just
within
their
own
organizations
and
that's
incredible
to
see
from
a
scale
perspective.
K
You
know
the
growth
is
just
skyrocketing,
we're
now
just
in
the
github.com
cloud
this.
This
only
includes
the
runners
that
we
host
more
than
125
million
jobs
a
month
and
growing
at
an
astounding
rate,
and
all
of
that
in
the
community
has
really
brought
us
to
be
the
number
one
ci
platform
on
github
in
just
over
a
year,
and
it's
incredible
and
we're
incredibly
honored
to
have
you
guys
as
part
of
that
now
github
enterprise
server
actions
is
generally
available
on
github
enterprise
server.
Three,
you.
L
K
Up
your
enterprise
server,
you
can
configure
actions,
you
can
run
workflows.
You
can
use
actions
in
your
workflows
locally
in
your
server
as
well
as
through
github
connect.
You
can
take
advantage
of
that
incredible
actions
community
that
I
just
talked
about.
So
we've
really
enabled
github
enterprise
server
to
reach
out
and
take
advantage
of
the
cloud.
K
Now
the
next
thing
I
want
to
talk
about
is
continuous
delivery.
So
when
we
started
down
this
journey,
everybody
said
well,
I
you
know.
Github
actions
is
an
automation
platform.
I
can
do
continuous
delivery
with
it
today
and,
of
course
you
can,
but
the
thing
that
we
wanted
to
do
is
make
sure
that
you
could
do
continuous
delivery
in
a
way
that
was
more
secure.
That
could
be
better
that
had
some
of
the
core
capabilities
that
people
expect
things
like.
K
You
know,
manual,
approvals
and
other
kinds
of
rules,
and
so,
as
part
of
the
conversation
today,
I
want
to
talk
about
sort
of
five-ish
new
capabilities.
Some
we've
talked
a
little
bit
about
at
universe.
Some
are
new
since
then
that
we
are
bringing
in
the
overall
space
around
continuous
delivery,
devops
security
for
github
actions,
so
the
first
one
was
just
the
simple.
I
want
to
be
able
to
visualize
and
see
what's
going
on
in
my
workflows-
and
this
is
a
feature
we
did
ship
at
universe.
K
So
we've
enhanced
it
quite
a
bit
since
then
to
improve
the
performance
and
add
a
few
little
more
tweaks
to
it,
to
make
it
better,
but
it's
great
to
be
able
to
see
how
your
workflow
is
progressing,
particularly
if
you
have
a
complex
deployment
pipeline
or
a
large
matrix
to
help
understand.
What's
left,
what's
going
on,
it's
just
a
great
addition
to
the
overall
experience.
K
The
second
area
to
talk
about
is
the
environment
protection
rules.
Whenever
you've
got
a
continuous
delivery,
workflow,
that's
deployed
into
say,
a
production
environment.
It
can
be
important
for
a
lot
of
organizations
to
make
sure
there's
two
sets
of
eyes
who
are
approving
these
things.
So
there's
the
developer
that
approved
the
source
code,
and
then
there
is
some
other
person,
a
release,
manager,
engineer
somebody
who
says
it's:
okay
to
deploy
to
production
with
the
environment
protection
rules.
We
we
started
out
with
just
two
and
we've
actually
added
one
since
then,
and
over
time.
K
We
plan
to
make
this
an
extensibility
point
to
enable
you
to
plug
in
your
own
systems,
to
allow
you
to
control
when
things
deploy
the
main
protection
rules.
Are
this
required?
Reviewers
rule
that
basically
says
that
somebody
within
a
team
or
an
individual
has
to
approve
a
job
before
it
goes
through
and
then
we'll
talk
a
little
bit
more
through
the
demo
about
exactly
what
happens
at
that
point
secrets.
K
Github
actions
has
had
secrets
since
it
first
launched,
but
those
secrets
were
bound
to
the
repository
in
the
repository
only,
and
that
meant
that
any
workflow
in
that
repository
could
just
reference
the
secret
and
get
that
value,
and
obviously
that
works
fine
for
a
number
of
scenarios,
but
in
something
like
a
production
deployment.
It's
just
not
sufficient.
K
So
we
wanted
the
ability
to
scope
these
secrets
to
an
environment,
so
we
introduced
environment,
specific
secrets
and
those
work
by
making
sure
that
whenever
github
actions,
workflow
runs
and
references
an
environment,
the
protection
rules
have
to
pass
before
that
job
starts
and
before
it
gets
access
to
the
secrets.
And
so
you
could
have
a
secret
called
deploy
key,
that
is
scoped
to
say,
the
repository
that
the
development
environment
can
use
and
then
another
secret,
that's
the
same
name.
K
With
github,
you
might
know,
there's
this
thing
called
the
deployments
api
and
that
really
shows
you
a
list
of
the
activity
of
deployments
to
different
environments
and
can
tell
you
exactly
which
commit
has
been
deployed
to
a
particular
environment
and
so,
as
part
of
our
goal,
to
really
build
actions
and
build
it
deeply
integrated
into
github.
We,
instead
of
creating
something
new
to
track
your
deployments.
Actions
just
plugs
right
into
this,
and
this
is
also
nice,
because
it's
another
place.
K
That's
extensible
in
github
for
even
third
parties
and
we'll
look
at
how
actions
plugs
into
the
deployment
api
to
give
you
that
strong
element
of
history
and
finally,
security
features.
This
is
a
actually
a
preview
of
a
feature
that
hasn't
quite
shipped
yet,
but
will
be
shipping
soon.
We've
done
a
bunch
of
work
in
github
actions
to
improve
security.
We've
done
some
blog
posts.
We've
done
a
bunch
of
documentation.
K
We've
made
some
changes
to
the
way
we
process
environment
variables
and
things
and
they're
continuing
to
work
with
the
security
security
community,
both
at
github
and
out
in
other
security
researchers
to
find
and
fix
any
issues.
One
of
the
core
tenets
of
security
obviously
is
leased
access
and
by
default,
when
github
action
shipped
it
had
this
secret
called
github
token,
which
is
really
just
a
github
apps
token,
and
it
had
pretty
broad
permissions
within
the
repo.
K
It
could
read
and
write
source
code
read
and
write
issues,
pull
requests
etc,
and
it
works
well
in
a
lot
of
cases.
But
you
know
because
github
actions
is
such
so
much
of
an
automation
platform,
there's
lots
of
different
kinds
of
things.
People
do
like
this
example
of
a
cleanup
pr
or
I've
got
a
workflow
that
just
looks
at
issue
comments
and
does
some
processing
in
those
cases.
I
don't
need
those
broad
permissions.
K
I
can't
write
the
source
and
having
the
ability
to
control
that,
with
give
you
least,
access
we
think
is
going
to
be
very
valuable
and
just
continue
to
help
improve
the
security
of
github
actions
in
the
future.
K
So
I'm
going
to
switch
over
to
a
repo
here,
which
is
a
popular
github
repos
by
language.
It's
a
pretty
simple
application
that
basically
just
looks
at
all
the
github
repos
and
lets
you
sort
them
by
language,
and
in
this
particular
case
I've
got
a
couple
of
different
workflows,
set
up
to
do
some
different
things
for
me.
So
to
get
started,
I'm
going
to
go,
add
a
new
feature
or
a
new
language
simply
go
into
my
code.
Pull
this
up.
K
So
really
simple:
add
ruby,
go
down,
we'll
create
a
branch
for
it
call
it
chris
pat
patch
three:
that's
fine,
adding
ruby
and
propose
this
change,
get
presented
with
our
normal
pull
request,
dialog,
create
that
pull
request
and
wait
for
actions
to
kick
off
and
then
in
a
couple
of
seconds
here
we
should
see
actions,
jobs,
kicking
off
to
start
working
through
the
various
workflows.
K
So
in
this
case
I've
got
a
couple
of
different
workflows.
I've
got
my
deploy
and
we
can
see
it's
triggered
off
a
pull
request
when
it's
targeting
main
it
is
triggered
off
or
triggered
off
a
push
for
maine,
and
it
does
a
couple
of
different
things.
So
I've
got
a
build
job
here.
Checks
out
sets
up
node
using
our
caching
capability.
K
It
caches
the
node
modules,
which
should
speed
things
up
and
then
uses
a
couple
of
different
other
actions
which
are
really
great,
so
we
had
our
basic
script
one,
but
the
ones
I
want
to
call
attention
to
here
are
these
docker
login
and
the
docker
of
the
setup,
build
x,
docker,
login
and
then
the
docker
build
and
push
action.
These
are
built
by
docker
in
concert
with
with
github.
K
C
K
So
we
see
this
other
action
that
is
from
azure
another
one
of
our
partners
and
it
knows
how
to
deploy
to
azure
web
apps
and
what
it
does
is.
It
takes
the
container
in
this
case
that
I
built
deploys
to
azure
web
apps
and
outputs.
The
url
and
lets
me
bind
it
directly
in
here
and
we'll
show
how
that
pulls
together,
some
core
traceability.
K
So
we
go
back
and
take
a
look
at
our
actions.
Workflow.
We
should
see
that
it's
moving
along,
so
we
can
see
that
deployed,
review
is
started
and
as
one
of
these
nice
features
in
the
visualization,
I
can
see
the
progress
it's
made,
but
I
can
also
see
right
here
in
my
actions
view
the
url
it
goes
to
and
even
further,
if
I
happen
to
come
into
the
pull
request.
First,
I
get
this
nice
view
right
here
in
the
pull
request.
K
K
So
what
I'm
going
to
do
is
go
in
and
merge
this
pull
request
and
confirm
the
merge
and
let
that
code
go
and
it's
going
to
start
my
next
workflow.
So
if
everything
worked
out
well,
we
see
that
our
merge,
pull
request
is
kicked
off
and
it's
going
to
start
the
next
build
job.
So,
let's
go
take
a
look
and
see
how
this
workflow
is
going
to
complete,
and
actually
we
can
see
in
this
case
two
different
workflows
picked
off.
I
clicked
off
this
this
cleanup
pr.
So
in
this
case
I've
got
a
job.
K
Advantage
of
that
new
capability,
we
talked
about
for
limiting
permissions.
So
in
this
case
my
cleanup
pr
workflow
goes
and
deletes
that
and
deletes
that
deployment
of
my
application
that
I
made
for
the
pull
request,
and
so
I'm
not
wasting
money
right
cloud
resources
cost
money.
I
want
to
make
sure
there
they
go,
but
in
this
case
I
only
need
read
of
the
source
code.
I
actually
don't
need
any
other
permission,
so
I.
K
To
lock
down
the
permissions
for
this
particular
workflow
and
make
sure
that
it
just
it,
it
only
does
exactly
what
it
needs
to
do
that
way.
If,
for
whatever
reason,
I
I've
done
something
not
quite
right
or
there's
some
other
issue,
I
am
protecting
myself
now
in
the
workflow
that
does
the
deployment.
K
If
I
go
look
at
the
next
set
of
jobs,
so
I
had
deployed
a
review.
We
see,
I
also
have
deployed
a
staging
in
this
case.
This
one
only
runs
if
the
ref
is
on
main,
and
this
gets
important
for
some
of
the
environment
protection
rules
that
we'll
take
a
look
at
here
in
a
second.
So
in
this
case
I'm
going
to
deploy
the
staging
it's
very
similar
to
the
other
job
and
then,
after
that
it
deploys
to
saging.
K
If
everything
looks
good,
it's
going
to
go
under
production,
but
of
course
I
don't
want
things
to
just
immediately
go
to
production
right.
I
want
to
have
some
sort
of
approval
or
step
in
there
to
make
sure
things
aren't
just
moving
along.
So
to
do
that
in
my
settings.
I
have
this
new
section
called
environments,
and
we
see
here
that
I've
got
review
lab
staging
and
production.
K
In
fact,
we've
got
a
couple
of
different
settings,
so
I
can
say
all
branches,
I
could
say
only
protected
branches
or
in
this
case
my
selected
branch,
and
you
also
see
I
have
my
azure
subscription
secret
and
this
is
a
the
same
name
but
a
different
secret
from
the
one
in
my
repository
and
my
workflow
only
gets
access
to
this
secret
when
it
runs
against
this
this
environment
and
it
can
only
run
against
the
environment
after
the
rules
have
passed.
K
K
Notifications
are
incredibly
important
at
github
and
you
know
whether
it's
a
pull
request,
review
or
or
anything
else
being
able
to
get
that
notification
when
and
where
you
need
it,
particularly
in
the
web,
in
email
or
in
the
incredible
github
mobile
app.
So
you
can
unblock
your
team
is
important.
K
Another
feature
that
we're
launching
very
soon
in
concert
with
the
mobile
team
is
the
ability
to
have
these
review
notifications
on
the
mobile
app
you'll
see
more
about
that
soon.
But
again,
this
is
a
kind
of
a
quick
sneak.
Peek,
of
course,
it'll
be
there
for
ios
and
android
go
back
and
take
a
look
here.
K
K
All
right
how
many
there
let's
go
back
and
look
all
right
so
now
we're
deployed
to
production.
So
we
see
here
it's
popped
up,
it's
stopped,
so
the
workflow
is
paused.
It's
no
longer
running
on
a
runner.
It's
simply
waiting
for
somebody
to
come
along
improvement
and
says
me,
chris
pax.
I
triggered
this
workflow
as
request
review
to
play
to
production.
I
can,
of
course,
click
review
deployments
here
and
if
company
look
at
notifications,
I
can
see
right
here
that
I
see
this
nice
notification.
K
K
Proven
deploy
and
this
job
will
pick
up
and
deploy
my
application
to
the
production
version
of
my
website
and
keep
on
going.
So
that's
a
quick
tour
of
some
of
the
new
capabilities
we
have
in
github
actions.
In
fact,
I've
got
one
more
little
thing.
I
want
to
show
you
so
there
there's
always
a
case
where
a
particular
environment.
K
Typically
production
wants
to
make
sure
that
only
one
thing
can
deploy
to
it
at
a
time
and
so
we're
introducing
a
new
capability
that
will
ship
in
a
few
weeks
that's
being
tested
right
here,
which
will
allow
me
to
serialize
those
deployments
so
keep
an
eye
out
for
that
it
should
be
really
interesting.
I've
got
some
great
content
coming
to
to
really
help.
You
again
drive
those
continuous
delivery,
workflows
and
just
use
github
actions
to
its
fullest.
K
I
Awesome
so
the
first
question
craze
that
we
see
here
is
we've
talked
about
continuous
development
and
that
being
in
the
beta,
can
you
speak
more
about
that
and
share
like
when?
Would
that
be
generally
available?.
K
Absolutely
so
all
the
features
I
showed
you
today,
minus
the
I
think
the
mobile
app
hasn't
quite
shipped
and
that
serialization
feature
that
we're
looking
at
have
shipped
to
github.com
and
are
available.
K
We
chose
to
make
the
features
that
we
shipped
at
universa
beta,
because
we
wanted
to
have
some
time
to
get
some
feedback,
and
we
also
knew
that
we
weren't
quite
done
with
the
core
set
of
features
that
we
wanted
to
have
available
for
our
customers
and,
finally,
from
just
an
engineering
health
perspective,
we
wanted
to
make
sure
that
we
could
monitor
them.
We
could
support
them.
K
We
knew
it
was
happening
all
of
the
things
that
you
you
know
you
have
to
do
when
you
run
a
service,
so
we
think
we're
about
a
month
away
from
calling
them
ga
a
couple
of
small
things
left
to
ship,
a
few
more
small
bugs
to
fix
and
sometime
during
the
month
of
april.
We
think
we'll
call
these
ga
and
then
make
them
and
they're
already
widely
available
at
everybody.
It's
completely
open
beta,
but
that
general
availability
also
unlocks
it.
K
So
we
can
ship
them
in
the
next
version
of
github
enterprise
server,
so
github
enterprise
server.
There's,
I
think,
an
update
three
one
is
coming
soon
and
then
there'll
be
another
one
after
that,
so
it
won't
be
in
the
3-1
version,
but
we
want
to
make
sure
all
these
hit
the
the
3.2
that
comes
after
that.
J
Awesome,
that's
very
insightful.
Chris
also
mentioned
that
github
action
is
ga
on
the
enterprise
server.
Why
is
it
important.
K
So,
as
we
heard
in
the
keynote
from
erica
github,
enterprise
server
is
just
a
very
important
part
of
the
overall
github
product
family,
and
we
have
lots
of
customers
for
a
wide
variety
of
reasons
that
need
to
use
it
and
not
having
every
single
feature.
That's
available
on
github.com
is
is
just
not
acceptable
right.
They
want
to
have
all
of
the
power
of
github
but
run
in
their
own
data.
Centers
github
actions
was
one
of
the
largest
features
that
just
wasn't
there
yet,
and
it
took
us
a
long
time.
K
It
took
almost
a
full
year
of
very
dedicated
development
from
a
good
percentage
of
the
team
in
order
to
take
github
actions
and
bring
it
to
get
up
enterprise
server.
There
was
a
significant
amount
of
effort
to
do
that,
and
now
that
it's
there
a
lot
of
customers
very
large
customers
who
have
been
asking
for
it
are
happy
and
starting
to
adopt,
and
again
it's
all
about
making
sure
that
github
enterprise
server
sells
the
full
vision
and
the
full
value
that
people
expect
from
github.com.
I
K
Sure,
as
I
mentioned
in
the
demo,
one
of
the
key
things
is
to
make
sure
that
our
one,
a
key
security
tenant,
is
least
access
right
and
all
things
you
do.
You
want
to
make
sure
that
you
give
people
the
least
access
possible
or
you
give
a
process,
especially
automation.
That's
a
that's
a
really
ripe
area
for
attack
and,
as
we
started,
github
actions
just
for
a
variety
of
reasons.
We
we
built
it
where
we
actually
did
narrow
the
permissions
from
a
standard,
github
app.
K
So
typically,
when
you
have
a
standard,
github
app,
you
give
it
a
list
of
repos.
You
say
this
has
some
set
of
permissions
to
this
set
of
repos
well
with
github
actions
we
at
least
narrowed
that
to
a
single
repo.
Now
within
that
repo,
you
still
had
fairly
broad
permissions,
because
we
wanted
people
to
be
able
to
automate
all
kinds
of
things.
You
know
they
want
to
automate
ci,
but
they
also
automate
issue
bots,
and
we
see
amazing
variety
of
different
things.
K
So
the
github
apps
token
could
read,
write
source
can
read,
write
issues,
read,
write,
prs
et
cetera.
You
can
go
look
at
the
documentation
and
see
all
of
the
capabilities
it
has,
but,
of
course
any
given
workflow
any
given
workflow
doesn't
necessarily
need
to
be
able
to
do
all
those
things,
and
we
have
had
requests
from
this
in
the
community
and
certainly
as
we
wanted
to
get
there.
K
It
just
took
us
a
while,
but
as
part
of
this
push
that
we've
been
really
working
on
this
past
couple
of
months,
we
thought
it
was
the
right
time
to
go
and
implement
this
new
feature,
and
so
what
it
lets
you
do
is
that
permissions
lock
basically
lets
you
customize
the
permissions
of
the
github
token
that
are
generated
for
every
specific
run,
and
you
can
actually
do
it
at
two
levels.
K
You
can
say
the
whole
workflow
has
a
token
of
this
set
of
permissions
or
you
can
say
just
a
job
and
why
that's
important
is,
I
could
do
something
like
say,
have
a
dependable
workflow,
and
maybe
it
can
the
first
job
that
actually
pulls
the
untrusted
source
from
the
pull
request
open
by
dependable,
has
just
read:
source
option
like
it
only
can
only
read
source,
or
maybe
it
can
resource
and
write
issues
or
something
like
that,
and
so
I
can
run
that
potentially
untrusted
workload
in
a
very
narrow
set
of
permissions
and
then,
if
that
passes,
I
can
then
have
a
second
job
that
maybe
merges
the
pr
or
does
something
else
that
requires
higher
permissions.
K
J
Wow,
that's
that's
very,
very
insightful.
Chris
we're
getting
a
lot
of
questions
and
we'll
take
just
one
last
here.
Any
idea
by
when
private
repos
would
get
environments
in
actions.
K
So
private
repos
have
environments
with
actions
today,
but
they're
only
part
of
the
enterprise
sku.
So
you
have
to
have
an
enterprise
plan
to
use
environments
with
private
repos.
It's
something
that
we're
taking.
You
know.
We
certainly
have
seen
the
feedback
from
the
community
that
people
wanted
in
team.
It
is
something
that
we
are
discussing,
but
today
we
we
sort
of
because
the
environments,
protection
rules
and
things
like
that
are
very
compliance.
Oriented
et
cetera.
K
We
sort
of
group
them
with
the
other
sets
of
features
that
tend
to
be
in
that
enterprise
plan.
J
Great
great
and
this
question
was
from
the
pain
thanks
a
lot
chris
and
for
our
audience.
Let
me
share
with
you
that
chris
is
not
going
anywhere.
He
is
with
you
all
for
the
next
30
minutes
at
github
discussions.
So
post
all
your
queries
get
all
his
all
your
answers
from
him
and
he's
joining
you
at
his
midnight
so
take
as
much
as
possible
from
him
bye,
bye,
chris,
we'll
let
you
go
and
enjoy
your
time
with
our
viewers
at
getup
discussions.
I
We
want
to
hear
everything
about
you
as
well
share
your
favorite
head
gears
and
hashtag
github
satellite,
so
coming
to
the
next
session.
It's
all
about
shifting
left
in
security.
I
We
know
and
we've
kind
of
put
it
in
practice
as
well
shifting
left
when
it
comes
to
testing,
and
let's
start
thinking
about
that
with
respect
to
security
as
well
so
shift
left
and
security
and
secure
development
shared
by
nicholas
means,
director
of
engineering
at
github
he's
joining
us
from
austin.
Thank
you
nicholas
for
being
there
at
your
midnight,
phyllis
loves
nothing
more
than
a
story
of
engineering
triumph,
obviously
at
github
and
when
he's
not
stuck
with
wikipedia
reading
loop,
he
spends
his
day
focused
making
the
software
supply
chain
safer
and
growing.
M
Hey
good
morning,
everyone,
it
is
an
absolute
pleasure
to
be
with
you
this
morning
at
github,
satellite
india,
like
divya,
said
my
name
is
nicholas
means
I'm
director
of
engineering
for
supply
chain
security
at
github.
I'm
joining
you
this
morning
from
austin
texas
in
the
united
states,
where
it's
about
30
minutes
past
midnight,
so
I'm
doing
my
best
to
bring
that
late
night
energy
for
y'all.
M
I
I
hate
to
be
this
obvious,
but
a
talk
about
software
security
in
2021
almost
has
to
start
by
talking
about
solar
gate.
The
breach
of
secure
systems
worldwide
through
a
supply
chain
attack
malicious
actors,
inserted
code
into
a
legitimate
solarwinds
library
and
used
as
a
backdoor
into
systems
around
the
world,
as
the
vulnerable
library
was
installed
via
software
update.
M
M
M
M
So
if
you're
not
doing
something
to
find
those
security,
vulnerabilities
and
mitigate
them,
you're
putting
your
users
at
risk,
and
it
turns
out
that
developers
introduce
security
vulnerabilities
at
a
fairly
consistent
rate
relative
to
the
number
of
lines
of
code
we
create
now
to
be
clear.
This
doesn't
mean
that
you're
a
bad
developer.
M
It
just
shows
that
creating
secure
software
is
hard.
I
mean
think
about
it.
To
create
perfectly
secure
software.
You
have
to
be
right,
100
of
the
time
to
introduce
a
vulnerability.
You
only
have
to
be
wrong
once
multiply
these
odds
across
an
entire
software
development
team,
and
you
start
to
see
the
scope
of
the
problem.
M
So
what
do
we
do?
Well
again,
from
the
state
of
the
octoverse
report,
we
have
some
good
evidence
that
teams
that
adopt
devsecops
practices
significantly
reduce
the
amount
of
time
it
takes
them
to
remediate
security
vulnerabilities
in
their
code
base,
specifically,
teams
that
run
security
scans
as
part
of
their
everyday
development
practices
find
and
fix
vulnerabilities
faster.
M
Now,
if
we
operate
with
the
assumption
that
we're
going
to
introduce
security
vulnerabilities
into
our
code,
because
they're
almost
impossible
to
avoid,
then
this
metric
mean
time
to
remediate
becomes
the
one
that
we
care
about.
If
we're
going
to
inadvertently
introduce
vulnerabilities,
then
the
important
thing
is
finding
and
fixing
them
quickly.
M
M
Well,
let's
take
a
look
at
a
fairly
typical
feature:
development
timeline
for
a
software
team.
You
kick
off
a
feature
with
some
planning
and
some
design
work.
You
build
it.
You
test
it
and
then,
if
you
have
a
security
team,
look
at
your
feature
at
all.
It
happens
right
before
launch
after
the
feature
is
already
built
and
when
it's
extremely
expensive
to
make
a
change,
because
it's
so
expensive
to
make
a
change,
only
the
biggest
problems
get
fixed
before
launch,
which
means,
inevitably,
you
find
vulnerabilities
after
your
feature
has
already
been
deployed.
M
So
what's
different
when
we
shift
left
well.
First,
you
need
to
give
your
development
teams
tools
to
help
them
spot
security
problems
early
in
the
development
process,
github
has
focused
on
building
security
tools,
to
empower
developers
to
discover
issues
early
in
the
development
process
and
I'll
talk
more
about
how
you
can
leverage
those
tools
in
just
a
moment.
M
Now
I
mentioned
earlier
that
github
is
focused
on
building
tooling
around
empowering
developers
to
fix
security
issues
early
in
the
development
process.
So
let's
talk
a
bit
about
those
tools
now
github
advanced
security
is
our
suite
of
developer-focused
security
tools.
These
tools
are
all
designed
to
help.
You
write
more
secure
code
by
identifying
security
issues
earlier
in
the
development
process
within
advanced
security.
We
have
three
main
product
feature
areas.
M
The
first
is
secure.
Dependencies
features
focused
on
helping
you
understand
what
dependencies
you're
using
and
how
you're
using
them.
These
are:
classic
software
composition,
analysis
tools,
but
with
a
developer-focused
bent,
second,
is
secure
code.
These
features
are
focused
on
helping.
You
ensure
the
code
that
your
team
writes
is
secure
through
static
analysis
scanning
and
finally,
secure
secrets.
M
M
First,
let's
talk
about
dependable
now,
there's
a
couple
of
different
things
that
dependable
can
do
for
you.
First,
it
can
help
you
spot
and
remediate
dependencies
with
security
vulnerabilities
when
a
vulnerability
is
published
for
the
version
of
a
dependency
you
use
in
your
code
base.
Dependabot
will
let
you
know.
M
This
keeps
you
from
being
exposed
to
a
vulnerability
discovered
in
an
older
version
of
a
dependency
or
worse,
getting
stuck
in
a
situation
where
it's
difficult
to
migrate
off
of
an
old
version
of
a
dependency
because
you're
so
many
versions
behind
now.
The
key
thing
that
I
can
tell
you
about
dependable
is
that
repositories
that
have
depend
about
security
updates,
enabled
fixed
vulnerabilities
on
average
1.4
times
faster
than
repositories
that
aren't
using
dependable.
M
So
if
you're
focused
on
mean
time
to
resolution
for
security
vulnerabilities,
this
is
one
of
the
key
ways
you
can
address
that
metric
next
dependency
review
is
a
relatively
new
feature
to
help
you
understand
what
dependency
changes
are
being
made
in
a
pull
request
for
each
dependency.
You
use,
you
can
see
how
old
the
version
you're
using
is
how
widely
used
that
dependency
is
and
what
license
it
was
released
under.
But
the
critical
feature
is
that
dependency
review
will
flag
any
vulnerable
dependencies
for
you.
M
You
can
see
in
this
screenshot.
The
dependency
review
has
flagged
a
critical
security
vulnerability
in
the
json
web
token
package.
By
reviewing
this
at
pr
time,
you
can
make
sure
that
it
never
gets
deployed
to
production
in
the
first
place
and,
finally,
the
github
dependency
graph
is
the
secret
sauce
of
our
dependency
security
features.
M
M
Okay,
so
we've
covered
code
that
other
people
are
writing
and
that
you're,
including
in
your
code
base,
let's
shift
gears
a
little
bit
and
talk
about
making
the
code
that
your
team
is
producing
more
secure
with
our
secure
code
features.
These
are
tools
to
help
you
spot
potential
security
problems
in
the
new
code.
You
and
your
team
produce
again
I'm
going
to
talk
about
a
few
features
within
secure
code.
M
Next
codeql
is
github's
advanced
semantic
code
analysis
engine,
it's
focused
on
helping
you
find
security
vulnerabilities
in
the
code.
Your
team
produces
displaying
the
results
in
code
scanning
and
finally,
support
for
third-party
analyzers,
which
let
you
extend
the
built-in
analysis
of
codeql,
with
the
results
of
any
standards,
compliant
static
analysis
tool.
M
So,
first,
let's
talk
about
code
scanning
code
scanning
is
a
rich
user
interface
that
allows
you
to
review
and
understand
the
results
from
security
scans
right
in
the
pr
flow.
It
brings
you
the
information
at
code,
review
time
when
you're
primed
to
act
on
it.
When
the
code
is
still
fresh
in
your
mind
in
this
screenshot,
you
can
see
a
codeql
result
indicating
a
potential
denial
of
service
attack
because
of
missing
rate
limiting.
M
M
M
M
M
M
M
When
we
find
one,
we
notify
the
service
that
issued
that
credential
that
we
found
it
disclosed
publicly
so
that
they
can
remediate
it
according
to
their
standard
procedures
for
accidentally
disclosed
tokens.
This
usually
takes
the
form
of
their
revoking
the
token
and
letting
you
know
that
it
needs
to
be
rotated
and
replaced
with
a
new
token.
M
Next
secret
scanning
for
private
repositories,
when
you
enable
this
for
a
repository,
github
scans,
the
full
history
of
that
repository
to
find
any
secrets
and
old
commits
so
that
you
can
get
clean
if
any
new
ones
are
committed
so
that
you
can
stay
clean
now.
These
are
credentials
that
have
been
disclosed
privately
inside
of
your
organization,
so
instead
of
reporting
them
to
partner
service
providers
for
revocation,
we
report
them
to
you
so
that
you
can
decide
what
to
do
about
them.
M
M
It's
our
new
org
level,
security
overview
and
it's
launching
in
beta
for
github
enterprise
cloud
customers.
Security
overview
does
exactly
what
the
name
says.
It
gives
you
an
overview
of
security,
feature
enablement
and
alert
counts
across
secure
dependencies,
secure
code
and
secure
secrets,
as
well
as
a
risk
determination
based
on
the
number
of
unresolved
alerts.
M
On
the
other
hand,
you
can
see
that
this
organization
has
an
awful
lot
of
dependable
alerts
that
they
need
to
pay.
Attention
to
this
view
is
incredibly
powerful
in
helping
you
understand
your
overall
security
posture
at
a
glance
and
if
you
fold
it
back
up,
you
can
see
a
per
repo
risk
level
and
alert
counts
for
each
of
code
scanning
secret
scanning
and
depend-abot.
M
What
should
you
do
next?
Well,
if
you
want
to
shift
left,
you
need
to
make
sure
that
everyone
on
your
team
has
the
tools
and
the
information
to
spot
potential
security
issues
before
they
become
a
problem.
You
need
to
involve
your
security
team
early
in
the
development
life
cycle
to
design
secure
features
from
the
start.
M
If
you'd
like
to
learn
more
about
the
security
tools
that
github
offers,
please
visit,
github.com
features
security.
All
right.
That's
all
I've
got
this
evening.
Thank
you
so
much
for
being
here,
for
my
talk,
I'll,
definitely
be
in
the
discussion
later
to
answer
any
questions
you
might
have,
but
please
stick
around
for
a
few
minutes
here
for
q,
a
with
our
hosts
first
again.
Thank
you.
So
much
for
being
here.
I
J
M
Yeah,
absolutely
we
have
a
phenomenal
application
security
team
here
at
github.
They
very
much
have
that
pragmatic
consultative
mindset
that
I
was
I
was
talking
about
in
the
talk
to
the
point
that
engineers
at
github
are
eager
to
consult
with
them
early
in
a
project.
M
It's
very
much
they're
seeking
to
come
alongside
and
provide
pragmatic
recommendations
to
address
things
that
are
part
of
the
the
threat
model
of
that
feature,
rather
than
resolve
everything
possible
a
good
example.
My
group
recently
commit
completed
a
hack
week
and
there
were
a
couple
of
projects
coming
out
of
that
hack
week.
That
engineers
I
mean
these
are.
M
These
are
small
features
that
we
were
able
to
complete
in
the
span
of
a
week,
but
still
engineers
on
the
team
reached
out
to
our
application
security
team
for
consultation
on
them
to
make
sure
that
we
were
considering
all
the
angles
that
we
needed
to
be
so
it's
it's.
This
rich
consultative
relationship,
not
the
gacha
culture
that
I've
seen
sometimes
in
previous
companies,
I've
worked
at
and
if,
if
security
team
creates
that
kind
of
environment,
it
makes
engineers
really
eager
to
engage
with
them
and
seek
their
help.
I
M
Well,
I
think
I
think
it's
all
tied
in
with
how
we
build
software
now
you
know,
if
you
think
about
how
software
was
built
20
years
ago
code
reuse
was
mostly
an
academic
pursuit.
It
wasn't
really
a
practical
thing
that
anybody
did
now
we've
kind
of
gotten
to
this
place,
where
we
use
software
all
the
time
by
bringing
open
source
dependencies
into
our
projects,
and
when
we
do
that,
we're
inviting
people
that
we
don't
know
under
our
code
base
by
way
of
the
libraries
that
they
maintain.
M
So
we've
gotten
really
good
at
reusing
code.
It's
almost
become
second
nature
to
us
now
and
we
rarely
invent
things
from
scratch,
but
we've
really
not
started
or
just
starting
to
wrestle
with
how
to
do
that
safely.
You
know
we're
trying
to
figure
out.
How
can
you
invite
other
people
into
your
code
base
but
make
sure
that
the
code
that
you're
bringing
in
is
safe,
because
you
know
if
you're
bringing
in
a
library
that's
got
40
000
lines
of
code,
it's
pretty
impractical
to
go
and
read
all
of
that
code.
M
There
has
to
be
some
component
of
trust
built
in.
At
the
same
time,
we're
kind
of
far
far
enough
along
the
adoption
path
of
open
source.
Now,
there's
enough
companies
using
it
there's
enough
rich
targets
using
open
source
software
that
it
makes
a
pretty
rich
attack
surface
so
we're
starting
to
see
the
pace
of
those
attacks
pick
up
and
this
is
going
to
be.
You
know,
we're
we're
seeing
it
in
the
news
a
lot
now.
I
expect
that
to
continue.
I
don't
I
don't
think
supply
chain
attacks
are
going
to
go
away
anytime
soon,.
J
Now
that's
very
insightful,
especially
the
shift
that
you
explained
on
reuse
of
code
in
the
enterprise
setup
as
well.
Thanks
for
that,
we
got
next
one
question
here:
can
you
talk
a
little
more
about
how
github's
tool
help
make
you
less
vulnerable
to
these
kind
of
attacks
that
we
just
discussed.
M
I
Totally
makes
sense.
The
next
question
is
a
little
personal
you've
been
in
the
business
of
supply
securing
supply
chain
for
a
long
time.
What
is
your
favorite
feature
or
like
the
the
best
one
that
you
love.
M
Oh,
that's
a
good
one!
You're
right,
I
have
been
working
in
the
space
at
github
for
a
while
and-
and
I
don't
know
I
have-
I
have
a
real
fondness
for
just
vulnerable
dependency
alerts
because
it's
where
we
started
it
was
the
first
security
feature
that
we
wrote
for
security
product
feature
that
we
rolled
out
the
emails
that
we
sent
you
to
tell
you
that
you
had
a
vulnerable
dependency
in
your
repository
we've
iterated
over
those
alerts
a
lot
over
the
last
couple
of
years.
M
It
used
to
be
that
you
would
get
one
email
for
every
repository
that
you
had
a
vulnerable
dependency
in
and
now
we're
to
the
point
that
we
roll
that
up
to
when
there's
a
vulnerability
published,
we
send
you
one
email
about
that
vulnerability
that
contains
all
of
the
repositories
that
have
that
vulnerability
in
it.
So
we've
tried
to
reduce
the
noise.
We've
tried
to
make
those
alerts
more
useful,
but
it's
still
it's
still
sort
of
the
meat
and
potatoes
of
keeping
your
application
secure.
J
That's
great,
that's
great,
to
know
nick
and
beside
this.
Obviously,
security
is
your
favorite,
but
what
about
your
favorite
feature
in
github
outside
of
security?
Tell
us
about
that
as
well.
M
Outside
of
security,
you
know
I
really
love
what
we're
doing
with
github
code
spaces.
I've
really
enjoyed
getting
to
play
with
that
feature,
and
I
am
super
excited
for
us
to
be
able
to
roll
that
out
to
a
wider
audience,
because
it's
going
to
be
such
a
cool
thing
when
we
do.
I
Yes,
it's
gonna
be
an
industry-wide
game
changer.
Thank
you
nicholas
again
for
joining
us.
So
late
at
your
night
and
answering
all
the
questions.
Folks
remember
nicholas
is
continually
gonna
be
staying
with
us.
He
will
be
at
discussions.
So
send
all
your
good
questions
to
him.
Then
thank
you
again,
nicholas
bye,
yep.
J
Yup
and
as
we.
J
Hello,
all
we
are
in
the
devops
channel
but,
as
we
told
you
earlier,
there
is
another
open
source
channel
as
well,
where
there
is
a
lot
of
good
action
going
on.
We
got
current
and
anisha
who
are
who
are
talking
a
lot
of
interesting
stuff
that
you
would
want
to
pop
in
and
look
out
for.
Don't
worry,
you
won't
miss
anything
here.
All
sessions
will
be
available
on
demand
later
and
we
are
loving
your
comments
on
twitter.
Keep
it
rolling
at
github,
india,
hashtag,
getup
satellite.
J
J
And
he's
a
software
engineer
at
bind,
he
also
spends
his
time
contributing
to
other
open
source
projects
like
service
mesh
interface
tracing
and
a
lot
lot
more
and
recently
he
has
been
very
interested
in
rust.
I'm
excited
about
that
now,
right
apart
from
work,
he
enjoys
a
good
relaxing
evening
run
followed
by
a
nice
book
podcast
before
bedtime,
truly
a
multitasker.
I'm
all
waiting
to
now
hear
from
tyrone
remember
to
engage
with
arun
on
github
discussions
as
well,
so
terun
take
it
away.
N
N
My
name
is
taran
portlavade,
I'm
one
of
the
maintainers
of
the
lingerie
project,
which
is
a
cnc
of
integrated
services
project.
So
currently
I
work
at
buoyant
who
are
one
of
the
main
sponsors
of
the
linkedin
project.
Previously
I
was
at
previously
I
was
an
intern
with
cnc
working
on
linkedin.
Before
that
I
did
my
google
summer,
of
course,
with
linkedin.
So
as
you
can
see,
there
is
a
pattern
here
and
you
could
you
could
safely
assume
that
I
know
some
stuff.
N
I
know
some
stuff
here
on
github,
so
I
primarily
write
golang
with
some
rust
here
and
there
you
can
find
me
at
turn.xyz.
N
Now,
let's
get
into
the
dock
so
so
before
we
see
how
linkard
it
transforms
its
own
code
into
running
software.
First,
we'll
see.
Why
is
it
important
to
have
automated
testing
building
and
deployment
for
any
project
right?
It
could
be
open
source
or
not.
It
is
important
because
it
increases
developer.
Velocity
developer
velocity
is
a
very
important
business
metric
because
it
helps
you
ship
faster,
make
your
customers
happy.
N
C
N
It
also
removes
the
failure
point
between
writing
code
and
deployment
right
because
because,
if
you
have
manual
steps,
obviously,
as
you
know,
man
it
could
go
something
in
the
process
could
play
could
break
something
in
the
pipeline
group
would
break
etc.
But
if
you
have
an
automated
one
that
you
that
you
that
you
that
have
written
with
clear
corner
cases
being
covered,
it's
much
more
safer
and
easier
to
have
a
pipeline
like
that.
N
Obviously
you
would
not
want
to
release.
You
would
not
want
to
manually
go
through
the
process
of
doing
a
release
right
every
time,
it's
the
same
old
process
and
and
if
you,
and
especially,
if
you're
doing
it
frequently
if
you're
going
to
release
stuff
frequently,
which
I
assume
a
lot
of
people
do
right
now,
it.
C
N
N
N
Stickers
for
geographies,
and
so
are
the
users
right.
So
it's
important
that
you're
not
depending
on
a
single
person
to
do
a
release
process
right,
obviously
open
those
projects
or
any
other
or
any
other
project,
would
always
prefer
standardize
the
process
over
individual
magic
right,
because
the
process
is
always
a
better
one
than
relying
on
a
single
person
or
an
individual
or
an
individual
right.
N
Obviously
it
will
also
it
will
also
very
much
reduce
the
burden
on
maintenance,
because
maintainers
have
to
do
an
all-around
job
of
having
seeing
the
issues,
making
a
road
map
talking
to
the
users
and
stuff,
obviously,
and
also
writing
code.
So
so
it
is
important
that
if
there
is
any
manual
process
that
can
be
automated,
it
should
be
opera.
It
should
be
automated
in
in
open
those
projects
so
so
that
you
can
reduce
burden
on
maintainers
right
now,
let's
before
seeing
it
before
diving
into
the
linkedin
project,
so
the
csd
of
linkedin
project.
N
N
And
we
are
part
of
the
we
are
part
of
the
cloud
native
computing
foundation,
which
also
has
projects
like
kubernetes,
prometheus,
etcetera,
so
so
liquidity.
So
what
is
a
service
mission
is
essentially
two
things:
the
control
plane
and
the
data
plane.
The
control
plane
is
like
the
brain
of
the
service
mesh
and
the
data
plane
is
your
applications
to
which
the
proxy
is
injected.
As
you
can
see
in
the
figure
here,
all
your
applications
will
have
proxy
as
part
of
their
manifest.
N
All
your
two
and
three
traffic
from
your
application
will
always
go
through
the
proxy
because
of
that
the
proxy
can
give
you
benefits
like
automated
mtls.
You
don't
have
to
configure
anything.
It
will
also
give
you
traffic
shaping
canada
deployments
and
all
these
things
right
so
so,
obviously
the
assumption
is
that
the
requirements
of
a
project
like
this
is
that
it
should
accommodate
docker.
N
N
Everything
is
done
on
github
and
it
would
be
really
nice
to
have
a
variable
integration
between
the
ci
and
the
github
right
like
to
like
to
be
able
to
see
the
checks
in
the
pr,
in
the
pr
view
to
be
able
to
see
to
be
able
to
to
be
able
to
trigger
work
for
tickers
based
on
the
events
etc.
N
Obviously,
it
should
also
have
a
simpler
authentication
on
the
authorization
model
right,
because
open
those
projects
are
already
a
lot
of
work,
and
if
you
want
to
focus
on
things
like
authorization
are
back
for
external
services,
it's
it's
too
much
work
as
as
you
might
expect.
Obviously,
it
would
also
be
very
nice
to
have
a
pipeline
ecosystem
right
to
you
to
use
commonly
needed
workflow
logics
like
for
example.
N
If
you
want
to
do
a
docker
push
as
part
of
your
pipeline,
you
would
not
want
to
go
and
build
the
whole
an
install
script
that
installs
docker
and
everything
right
you
want
it.
You
want
a
module
that
you
can
directly
use
and
run
so
it's
important
that
there's
an
ecosystem
out
there.
Obviously
it
should
also
build
on
the
same
mantra
of
everything
than
in
the
open
right,
because
it's
an
open
source
project.
Everyone
should
be
able
to
see
what's
happening
in
this
year.
N
They
should
be
able
to
understand
stuff
etcetera,
as
obviously
as
you
would
might
expect.
Github
actions
fills
all
the
fills
all
the
requirements,
so
github
actions
is
a
ci
cd,
cicd
csd
project
on
github
that
allows
you
to
build
test,
deploy,
apply
code
right
from
github.
The
other
awesome
part
is
that
it's
free
for
open
those
projects.
This
means
that
open
those
projects
slightly
incurred,
you
don't
have
to
worry
about
the
payment
or
the
ownership
of
the
ca,
etc.
N
On
github
actions,
which
allows
you
to
have
a
configurable,
automated
process
made
up
of
multiple
jobs.
Each
workflow
has
a
trigger
on
which
you
would
want
to
run
this
on
which
you
would
want
to
run
the
run,
the
jobs
right.
So
so
it's
it's
like
a
unit
of
works,
yeah
you
unit
of
ca.
So
in
line
30
we
have
the
following
workflows:
we
have
integration
tests,
we
have
release,
we
have
static
checks
and
we
have
unit
tests
now
before
diving
into
these
workflows.
N
On
linkedin
the
static
checks
the
unit
is
on,
the
integration
test,
workflows
are
run,
are
run
by
github
automatically,
and
you
would.
You
would
directly
see
the
update
on
the
pr
itself
and
there
is
the
release
workflow
right,
for
example,
if
you,
because
linked
is
a
project-
and
you
obviously
want
to
do
releases
of
their
of
the
latest
development,
etcetera
right.
So.
N
N
Is
only
invoked
for
tag
pushers,
so
this
means
that
we
get
the
whole
release
process
by
permissions
to
be
able
to
push
attack.
So
it
means
that
if
you
are
a
maintainer
of
the
project,
you
get
these
permissions
and
then
can
then
release
and
all
the
github
actions
thing
is
the
same
you're.
Not
it's
not
another
thing
that
you
have
to
worry
about.
It's
not
another
thing
that
you
would
have
to
configure,
etc.
N
N
Easily
check
if
the
goal
line
code
is
automatically
is
linked
correctly
or
formatted
correctly,
because
you
don't
want
to
obviously
follow
some
standards
on
the
code.
There
is
also
some
readme
that
we
generate
directly
from
code,
so
so
we
check
if
the
readme
is
updated
and
has
all
the
latest
changes,
etc.
We
also
have
some
linters
etc.
So
on
the
right
you
can
see,
you
can
see
the
workflow.js,
you
know
of
the
static
tricks.
N
As
you
can
see,
it
is
invoked
for
all
pull
requests
and
some
and
pushes
and-
and
these
jobs
are
divided
here
here
in
the
workflow
manifest
next
we'll
see
here
it
is
so
we
have
unit,
is
written
in,
go
and
javascript
for
each
pupil
request.
We
run
this
unit
test.
As
you
can
see.
It
follows
the
same.
It
follows
the
same:
workflow
ml
as
a
previous
static
checks.
N
N
To
test
a
project
like
a
user
right
like
essentially
performing
some
actions
and
seeing
and
seeing
if
it
is
correctly
working
or
not
right,
so
for
for
that
to
happen,
we
do
need
the
images
of
the
whole
counter
plate
components
right
there,
the
whole
components
in
linkedin
that
are
present
in
linkedin.
So
so
we
do
a
docker
build
of
all
these
images
of
all
the
images
that
the
linkedin
project
uses,
and
then
we
do
integration
tests.
We
use
those
images
and
run
integration
tests.
We
have
all
kinds
of
integration
just
based
on
a
feature,
etc.
N
N
Cli
test
for
windows,
just
to
say,
go
so
just
to
see
if
the
binary
is
working
on
windows
or
not
so
now,
we'll
dive
into
docker
builds
right.
Linkedin
involves
multiple
components
right,
as
you
saw
earlier
recently,
there
are
a
lot
of
docker
images
and
some
of
them
get
individual
docker
files.
Now
these
files
are
across
folders
right,
so
you
would
not
want
to
manually
run
individual
docker
build
on
each
of
the
files.
So
obviously
our
solution
is
to
have
bash
scripts
that
allows
you
to
run.
N
Docker
builds
for
all
the
images
every
time,
so
we
do.
If
you
do
docker.
If
you
run
this
docker
build
script,
it
builds
all
the
images
the
images
yeah
as
you
might
expect,
so
the
the
other
thing
is
that
the
other
important
thing
that
that
I
think
you
should
anyone
should
really
take
of
it
is
to
always
cashy
builds.
So
so
because
we
have
a
lot
of
darker
images,
and
these
are
heavy
heavy
for
sure
this
means
that
that's
the
build
process.
N
You
know
it
takes
quite
a
time,
so
it's
important
that
all
the
all
the
all
the
build
images
are
cached
across
across
branches.
So
there
is,
there
is
an
extension
on
github
actions
called
github
action,
cache
which
is
used
to
speed
up
builds
by
cap
by
caching
layers
across
the
repository.
So
this
means
that
even
external
pr's,
etc
will
also
get
the
same
first
class
experience
of
a
fast
docker
bit,
which
is
awesome
and
github
action.
C
N
N
Another
neat
hack
that
we
also
use
is
that
all
docker
images
are
published
as
pr
artifacts.
What
is
that
so
like
so?
Let's
dive
into
that
so
every
time,
every
time
they
there
is
a
github
action.
Github
action
allows
you
to
publish
a
artifact
file
that
you
can
that
you
can
publish
into
the
pr
which
means
that
users
can
download
the
artifact
etc.
It
could
be
your
binaries.
It
could
be
anything.
N
So
what
you
could
does
is
that
every
time
we
build
all
these
images,
we
package
them
into
a
zip
file
and
we
upload
that
as
an
artifact
on
github.
So
this
means
that
if
you're,
if
you're
not
able
to
run
all
the
docker,
build
right
because
of
accessibility
reasons
or
sometimes
even
for
me-
I
don't
I
don't
enjoy
doing
the
docker
builds
all
the
time.
So
so
I
would
just
run
the
script
bin
install
beer
and
go
expand.
N
N
So
the
obvious
question
that
we
get
a
lot
of
time
is
that
how
do
you
run
integration
to
say
on
a
on
a
kubernetes
cluster
right,
because
because
it
is
obviously
as
you
might
expect,
so
what
we
do
is
that
in
linkedin
we
use
k3d
and
kind
as
the
go
and
go
as
the
default
kubernetes
distributions
to
run
integration
test.
So
so
this
means
that,
because
k3d
and
kind
are
ultra
lightweight,
etc.
This
means
that
you
can
run
them
on
a
ci
or
on
a
very
small
machine,
etc.
N
All
our
integration
tests
right,
the
ones
we
saw
in
the
slide,
never
depend
on
a
specific
kubernetes
distribution.
They
are
pretty
common
integration,
so
this
means
that
you
can
transfer
about
the
underlying,
indicates
your
distribution
and
use
the
cloud
provider
etc.
So
so
it
is
pretty
easy
to
swap
a
runtime
and.
E
N
Helper
script,
that
makes
it
further
easier.
So
so,
as
I
mentioned,
all
our
kubernetes,
so
all
our
integration
tests
are
written
in
google
and
are
invoked
from
dash.
Why
is
that?
So?
Because
you
would
want
to
write
integration
tests
in
a
flexible
manner.
You
would
want
to.
You
would
want
to
write.
You
would
want
to
you'd
want
to
make
it
debugging
easy
right,
then
integration,
displays,
etc.
N
So
it's
important
that
there's
a
powerful
language
right,
so
we
use
this
golang
for
that
and
we
are
and
we
abstract
those
units
on
bash
because
now,
if
you
use,
I
mean
you
know
if
you
use
google
and
if
you're,
and
if
the
user
has
to
directly
talk
to
go
to
run
it
as
it
means
that
it
is
pretty
complicated,
the
user
facing
stuff
is
pretty
complicated.
So
we
have
bash
scripts
that
abstract
away
that
logic
and
have
same
defaults
that
you
can
override.
N
So
whenever
you're
done
bin
test
run,
it
runs
all
the
integration
press
and
shows
you
the
output.
So
there
is
an
example:
here
we
have
the
we
have
the
testing
go
line
and
then
we
have
the
script.
Wrapping
that
test,
so
whenever
you
do
run
deep
test
it,
it
runs
that
on
its
own
also
the
bas,
the
cm
scripts
are
run
by
the
ci
too.
So
this
means
that
you
get
a
consistent
experience
locally
on
the
scene.
So
whenever
there
is
a
there
is
a
failure
in
this
year
you
can.
N
N
So
there
is
a
bin
test
script
to
which
you
pass
the
name
of
the
integration
that
integration
test
that
you
would
want
to
run
and
then
you
pass
the
whole
binary
url.
It
runs
those
integration
tests
using
this
version
of
the
link
id
and
and
you
should
be
able
to
see
the
output
etc.
N
Also
follows
the
same:
pull
request
trigger
with
push
also,
and
there
are
all
these
jobs
that
are
present
now.
Let's
talk
about
the
release
clause
right,
which
is
like
the
most
exciting
part,
so
in
lingudin
we
don't
do
manually
releases,
so
it
is
automated
every
time
you
do
every
time
we
every
time
one
of
the
maintenance
do
a
git
push
all
the
all.
This
workflow
is
done
automatically
and
the
and
the
artifacts
are
published.
The
end
charts
are
published,
the
images
are
pushed
into
daw
into
into
a
registry,
etc.
N
N
N
N
Obviously,
the
binaries
are
published
into
github
releases
and
and
chocolatey
for
windows.
Film
charts
are
published
into
a
gcp
bucket.
We
are
also
waiting
for
github
packages
to
support
element
charts
so
that
we
can
spa.
We
can
publish
those
health
charts
into
into
github
package
registry,
which,
which
would
be
really
awesome.
The
website
is
also
updated
about
the
release.
The
only
leftover
thing
that
is
done
by
the
internet
is
to
send
out
release
announcements
so
which
is
pretty
cool
if
you
think
about
it.
A
N
Into
github
packages,
github
applications
is
a
relatively
new
offering
that
allows
you
to
publish
dependencies
like
npm
dependencies,
etcetera
and
then.
E
N
N
The
github
container
registry,
we
don't
need
to
manage
external
registry
secrets,
oss
or
projects
like
us,
don't
have
to
worry
about
paying
and
managing
the
ownership
right.
It
also
supports
multi-architects
or
docker
images
too,
which
is
awesome
for
linkedin.
If
the
migration
to
github
container
registry
from
gcr
we
were
on,
we
were
on
google,
we
were
on
google
container
to
go
register
before
was.
N
C
N
N
Because,
as
we
saw
in
integration
tests,
all
our
integration
tests
are
ran
across
say
are
paralyzed
and
rack
are
ran
across
individual
kubernetes
clusters.
So
this
means
that
all
all
are
running
parallel
and
you
can
see
the
output
much
faster,
also
also.
O
N
C
N
Artifact,
like
we
saw
right,
we
we
were
publishing
the
images
as
a
zip
file
that
you
can
use
locally.
So
so,
if
you
can,
if
you
can
try
to
do
that,
it
doesn't
have
to
be
when
it
offer
images,
it
could
be
some
binaries,
etc.
It
makes
it
it
improves
it.
It
improves
the
accessibility
by
a
lot,
because
not
everyone
can
run
the
say
the
whole
document
process.
So
there.
N
Annotations
thing
which
allows
you
so
whenever
the
ci
fails
right,
it's
hard
to
debug,
because
it's
a
black
box
running
on
the
internet,
etc.
So
there
is
an
extension
called
github
annotations
which
allows
you
to
write
these
error
managers
in
a
much
better,
much
more
friendlier
way.
So
whenever
an
issue
occurs
in
the
ci,
you
can
automatically
see
that
happens,
see
that
that
happens,
see
that
failure
in
the
codex
server,
which
is
pretty
cool,
also
embrace
your
package
industry.
It
just
works
and
goes
well
with
most
business
products,
one
other.
N
So
so,
obviously
you,
your
integration
test
would
have
some
expectation
on
some.
Some
external
tools
should
be
present,
like
helen
kind,
linked,
lint,
etc.
So.
N
For
each
external
tool,
the
that
will
depend
on
we
have
and
we
have
a
script.
We
have
these
scripts
in
the
in
the
bin
folder.
So,
for
example,
if
you
say
this
is
the
script
for
k3d.
So
what
the
script
is
doing
is
that
whenever
you
look
bin,
slash
bin,
slash
k3,
it
automatically
download
the
binary.
If
there
isn't
one
and.
N
Has
no
expectations
on
what
your,
what
the
node
should
contain,
etcetera?
If,
if
the
binary
is
not
there,
the
go,
the
script
will
automatically
get.
That
goes
to
get
that
binary
and
run
it
for
you,
which
is
pretty
cool,
yep
yep.
A
N
I
H
N
N
Like,
for
example,
for
packages,
I
think
we
adopted
it
on
the
same
day
that
was
g8,
so
so
every
time
we
adopted,
our
jobs
became
much
easier.
So
without
doing
anything
right
now
we
just
replace
some
other
some
external
stuff
with
github
and
it
works
like
awesome.
So
we
have
been
pretty
happy
with
github
and
I
don't
think
we
can
find
a
better
place
for
lingerie.
J
Wow,
so
glad
to
hear
that
such
a
sweet
comment.
Okay,
I
got
next
question
for
you
so
important
things
that
you
would
recommend
to
run
complex
humanities,
workflow
on
github
actions.
N
A
lot
of
logics
like
you,
don't
actually
need
them
so
so
kind
and
creative
they
remove
those
stuff
and
make
sure
that
you
get
a
lightweight
distribution
of
kubernetes,
that
you
can
run
on
the
ci,
etc.
So
always
use
a
thing
like
that,
and
especially
for
for
complex,
builds
right
for
complex
integration
best.
It
means
that
it
means
that
you're
running
you're,
running.
N
E
I
Yeah,
the
marketplace
is
like
really
thriving
and
the
amount
of
community
contributions
we
see
there
is
is
mind-boggling.
The
other
question
that
we
have
is
with
respect
to
like
the
future
roadmap
that
github
has
in
terms
of
the
new
github
features
like
what
are
you.
N
C
N
N
Github
package
industries
there
and
there
is
there-
is
help
support
being
worked
on
so
like
every
other
improvement
is
like
a
direct
benefit
for
projects
like
this
right.
You
should
just
be
able
to
see
what's
happening
and
just
integration
integrate
that
you
don't
have
to
build
stuff
etcetera,
so
so
innovation.
N
N
J
Great
great,
all,
whatever
you
said,
is
music
to
my
ears
and
up
next
is
a
question
which
is
on
how
we
introduced
you
right
so
from
evening
runs
to
a
book
or
a
podcast
before
bedtime.
Tell
us
more
about
what
more
do
you
do
in
your
extra
time
and
how
do
you
package
all
of
that,
while
also
contributing
a
lot
of
open
source
projects
very
excited
to
know
this
yep.
N
So
one
one
important
privilege
that
I
have
is
that
I
get
to
work
on
open
source
and
go
go
as
my
day
job.
So
so
I'm
getting
paid
to
do
open
those
which
is
pretty
cool,
and
I
think-
and
I
think
it's
really
awesome,
and
because
because
my
work
is
based
on
oss
and
go
so.
N
N
Really
important
thing
for
people
like
this,
and
I.
C
Also
see
that
ecosystem.
N
F
N
Across
the
world
one
so
I'm
so
coming
across
to
my
hobbies,
because
I
get
I
mean
because
I
work
from.
C
N
Etc,
it's
much
easier
for
me
to
have
hobbies
etc,
because
I
don't
have
to
commute
etc.
No,
so
I
try
to
because.
A
J
Wow
love
your
spirit
and
more
power
to
you,
keep
doing
what
you're
doing.
We
love
all
the
work
and
exciting
energy
that
you
bring
to
the
ecosystem
and
note
audience
that
tarun
is
going
to
hang
around
with
us
in
github
discussions,
and
you
know
a
lot
about
him
now
to
ask
questions
from
all
across
the
areas
that
he
touched
so
by
their
own
huge
shout
out
to
you.
You're
gonna
be
hanging
out
with
our
audience
for
next
30
minutes.
Thank
you!
So
much
for
that
yep.
This
was
fun.
I
I
J
J
We
have
vishal
biani
in
the
house
for
this
session,
he's
the
cto
of
infra
cloud
technologies,
a
huge
shout
out
to
vishal
he's
a
contributor
to
fission,
of
course,
fast
and
simple
serverless
functions
for
communities
and
is
also
the
organic
kubernetes
and
cncf
meetup
huge
shout
out
for
that,
and
he
loves
good
books.
He
loves
running
and
he
especially
loves
high
altitude
mountains.
L
Hi
everyone,
my
name,
is
vishal
biani,
I'm
cton
forward.
In
fact,
cloud
technologies,
I'm
also
a
fashion
maintainer
and
I'm
pretty
active
organizer
of
kubernetes
pooling
so
we'd
love
to
connect
you
there
cool.
So
today
we
are
going
to
talk
about
building
event-driven
applications
on
kubernetes
with
fashion
now
before
when
we
go
there.
I
think
the
first
question
that
comes
to
your
mind
may
be
why
I
care
about
function
as
a
service
platform
on
top
of
kubernetes.
L
L
So
today,
if
you
look
at
developers,
they
develop
functions,
they
develop
micro
services,
they
develop
source
code,
they
also
build
docker
images.
Will
it
not
be
nice
to
have
a
consistent
way
to
deploy
and
not
worry
about
the
underlying
runtime
or
not
worry
about
what
platform
I'm
deploying
to
all
of
these
artifacts?
L
So
today
I
think
the
developer's
choice,
pretty
much
is
clear.
We
want
to
deploy
all
these
things
onto
kubernetes
in
some
form
or
fashion,
and
this
kubernetes
could
be
sitting
on
top
of
other
cloud.
One
cloud,
or
you
know
on
you
know
on
premise
bare
metal
machines,
but
as
a
developer,
I
don't
want
to
worry
about
what
is
the
underlying
platform?
I
want
to
worry
about
the
code.
I
want
to
worry
about
how
much
value
I
can
deliver.
L
The
second
factor,
I
believe,
when
we
develop
all
these
different
applications.
You
know
whether
it
is
services
or
functions,
or
you
know,
using
docker
images
or
so
forth.
I
want
to
integrate
with
them.
You
know
with
a
bunch
of
systems,
it
could
be
a
message
queue
system,
it
could
be
a
database,
it
could
be
a
monitoring
system
and
I
want
to
write
all
these
integrations
as
a
developer
without
having
to
worry
about.
How
do
I
connect
to
this?
How
do
I
make
it
work?
There
is
one
part.
L
The
second
part
is,
I
don't
want
my
workers
to
sit
idle
when
there
are
no
messages
or
no
events
happening
in
my
message.
Queue.
For
example,
I
want
the
workers
to
be
spinned
up
only
when
there
is
some
event
consume.
Those
events
once
the
consume
thing
is
done,
processing
is
done,
shut
down
the
number
of
processors
back
to
zero.
Maybe
right
so
I
think
something
like
that
will
be
really
ideal.
For
you
know
developers
apart
from
these
two
key
factors,
I
think
a
lot
of
times.
You
also
want
the
control
of
the
underlying
infrastructure.
L
L
You
also
want
a
fine-grained
scaling
control,
for
example,
being
able
to
scale
out
or
scaling
as
required,
and
you
don't
want
any
time
out
or
you
know
any
other
limits
on
to
how
do
you
run
these
functions
or
micro
services?
You.
C
L
Whether
on
cloud
on-premise
with
a
similar
experience-
and
I
think
one
key
point
you
might
have
noticed
in
all
of
these-
is
a
developer
productivity,
how
do
we
make
sure
as
a
developer,
we
are
productive?
We
are
able
to
deploy
things,
build
things
fast
without
having
to
worry
about
the
underlying
infrastructure
and
just
scale
out.
You
know
on
on
demand.
L
Now
we
talked
about
why
fast
and
kubernetes
matters,
but
I
think
there
are
some
scenarios
where
you
shouldn't
probably
think
about
fast
and
kubernetes,
and
let
me
call
them
out
very
clearly
so,
for
example,
if
you're
doing
only
a
few
hundred
invocations,
you
know
of
a
function
per
a
day,
it
doesn't
make
sense
for
you
to
maintain
the
kubernetes
cluster,
the
rest
of
the
machinery
to
make
that
happen.
On
top
of
that,
so
anything
at
a
very
small
scale.
I
would
really
not
use
fission
or
any
fast
platform.
You
know.
L
On
top
of
kubernetes,
I
would
simply
go
with
cloud
provider,
provided
you
know
manage
like
function
services.
Also,
there
are
a
lot
of
companies
which
start
small,
let's
say
a
couple
of
engineers.
Together,
you
start
with
a
single
cloud.
You
don't
really
worry
about
multi-cloud
and
those
kind
of
things
right.
That
is
not
a
point
at
which
you
should
be
thinking
about
a
fast
platform
on
top
of
kubernetes.
L
L
I
think
fast
on
kubernetes
is
not
a
great
candidate
and-
and
I
would
rather
use
managed
services
from
cloud
providers
great
now,
having
looked
at
a
fast
and
kubernetes,
why
it
matters
and
why
you
should
worry
about
it,
and
you
know
why,
when
you
should
not
really
use
it,
let's
talk
about
fission,
so
fission
is
a
fast
platform
on
top
of
kubernetes.
It's
a
simple
and
you
know
easy
to
use
platform
for
developers.
L
You
can
write
code
or
you
can
provide
docker
images
either
ways
the
concepts
of
docker
and
kubernetes
can
be
abstracted
from
the
developers.
You
can
export
them
if
you
want,
but
you
know,
as
a
general
rule,
if
you
don't
want
to
worry
about
docker
or
kubernetes
or
building
docker
files,
all
that
is
abstracted
out
from
you.
L
We
maintain
something
called
as
a
warm
pool.
It
adds
a
latency
of
100
milliseconds,
but
it
gives
you
the
benefits
of
you
know
not
being
able
to
or
not
consuming
the
entire
infrastructure
when
there
is
no
load
on
the
infrastructure
so
to
speak,
and
there
are
a
bunch
of
other
things
right
from.
You
know
how
it
is
integrating
with
event,
sources
and
bunch
of
things
like
that,
we'll
we'll
look
at
in
a
couple
of
slides.
L
Cool,
so
let's
understand
what
fission
can
do
for
you
as
a
developer.
How
does
it
work?
What
all
it
supports?
You
know
what
you
can
do
with
fission,
so
the
first
thing
is:
friction
fits
on
top
of
kubernetes,
so
kubernetes
is
the
platform
you
absolutely
need
for
running
fashion.
We
also
very
heavily
use
a
project
called
cada,
it's
a
kubernetes
event,
driven
auto
scaling.
That
is
a
long
form
and
it
allows
you
to
integrate
with
a
bunch
of
you
know,
sources,
message,
queues,
databases
and
whatnot.
L
L
L
Now,
once
you've
written
a
function
or
a
micro
service
in
any
of
these
languages,
you
ideally
would
want
to
call
them
right,
so
you
can
call
them
using
http
or
you
can
call
them
using
cron
job
kind
of
parameters,
so
you
can
say
every
hour
or
every
minute
you
know
this
function
or
this
micro
service
gets
called,
but
you
can
also
call
them
using
bunch
of
event
driven.
You
know
sources,
so
you
can
use
any
of
you
know:
amazon,
kinesis
or
nats
or
azure
event
hub
or
kafka
or
radius.
L
L
You
need
absolute
details
as
to
what
is
happening
if
something
goes
wrong
and
that's
where
we
really,
you
know,
integrate
well
with
all
the
underlying
auxiliary
systems,
whether
it's
prometheus
or
elastic
or
eager
for
distributed
tracing
or
graph
enough
for
visualization,
and
you
know,
alerting
basically
cool
now
having
looked
at,
you
know
why
fast
matters
having
talked
about
what
fiction
does?
Let's
dive
into
the
code-
and
you
know
let's,
let's
get
some
stuff
running,
so
I'm
going
to
do
quick,
two
demos,
the
first
one
is
a
simple
hello
world.
L
L
L
It
follows
a
specific
syntax
when
it
comes
to
function,
but
you
know
it's
relatively
simple
in
terms
of
the
logic
good.
So
now
we
have
the
function.
We
have
the
environment
running,
let's
test
it
out,
I'm
just
gonna.
Do
fission
function,
test
and
hello
js
and,
let's
see
how
it
works.
Great
here
is
our
hello
world.
Now,
of
course,
hello
world
is
great,
but
you
know
we
need
something
more
concrete,
something
more
realistic,
so
to
speak
right,
so
I'm
gonna
do
another
small
demo.
L
L
Now,
as
soon
as
there's
a
message
in
the
kafka
topic,
I
want
another
function
to
be
invoked
called
consumer.
This
consumer
function
is
going
to
invoke
messages
or
consume
messages
from
your
topic
and
process
them.
If
it
is
able
to
successfully
process
them,
it
will
put
the
response
back
into
another
kafka
queue
called
response,
but
for
any
reason
it
is
not
able
to
process.
There
is
some
error.
There
is
some
exception.
It
is
going
to
put
that
into
another
queue
called
error.
So
you
can,
you
know
separately
process
them
later
now.
L
One
good
thing
you
know
I
want
to
call
it
here
again
is
when
you're
listening
to
kafka
messages
coming
into
kafka
topic.
I
don't
want
x
number
of
words
to
be
always
running
and
listening
to
kafka.
What
I
really
want
is
there
is
no
power
running
or
no
application
running.
Only
when
messages
arrive,
those
parts
are
horizontally,
scaled
out
and
actually
delivering
messages.
So,
let's
go,
and
you
know
see
how
this
is
going
to
work.
L
Now,
if
you
look
at
the
bottom
half
of
my
screen,
there
are
two
functions
I
have
one
is
the
consumer
function,
which
is
what
I
was
talking
about,
the
consumer
side
of
story
and
then
there's
a
producer
function
which
is
actually
going
to
produce
these
messages.
L
L
It's
also
going
to
try
three
times
before
you
know
it
decides
to
put
anything
in
the
error,
queue
and-
and
you
can
look
at
also.
Lastly,
the
content,
type
of
application
or
or
the
messages
basically
now
before
we
go-
and
you
know
actually
execute
this,
and
I
show
you
the
you
know:
processing
of
functions.
Let
me
actually
go
and
show
you
the
code
of
you
know
all
this
so
put
into
a
function.
L
Now
producer
function
called
simple
protocol.
It
uses
a
handler
method,
it's
a
go
program
by
the
way,
and
you
know
it
has
a
certain
argument
that
it
needs
all
it
is
doing,
is
connecting
to
your
kafka
message
queue
and
you
know,
processing
those
messages,
and
there
are
about
thousand
messages.
We
are
going
to
produce
and
put
into
a
kafka
queue,
and
once
it
is
done
it
is,
you
know
it
is
going
to
exit
the
function
is
going
to
exit
and
then
its
job.
L
Basically,
now,
once
the
messages
have
arrived
in
kafka
queue,
it
is
going
to
get
picked
up
by
another.
You
know
component,
which
is
going
to
call
the
consumer.js
function
and
contributing
not
a
lot.
It
is
just
picking
up
the
message
that
it
received
from
the
kafka
queue
and
it
is
printing
it
out
that
hey.
This
is
the
response
you
know,
so
to
speak.
That's
all
there
is
in
terms
of
functions.
L
L
Important
so,
as
you
can
see
right
now
in
the
default
line
space,
I
don't
have
any
parts
once
I
start
producing
messages.
What
I'm
expecting
is
there
are
a
parts
which
are
created
on
the
fly,
which
will
actually
start
consuming
messages
from
my
kafka
queue.
So
let's
put
them
on
the
watch
mode
in
the
second
window.
Now
I'm
going
to
call
my
producer
function.
L
L
L
So
right
now
we
see
only
part
one
part
and
and
we'll
see
in
a
couple
of
you
know
seconds
or
maybe
a
minute,
a
couple
more
parts
getting
spinned
up
and
consuming
all
the
messages
that
are
getting.
You
know
written
in
the
by
the
producer
in
our
in
our
case,
all
right.
So
that's
that's
a
very
quick
and
simple
demo.
L
What
we
can
do
is
we
can
we
can
let
the
auto
scaling
happen
here
and
we
can
come
back
and
watch
it
a
little
later
and
we'll
continue
for
rest
of
the
presentation
and
you
know
talk
through
other
things
right
another
example.
You
know
that
is
again
available
on
the
on
the
github
repository
of
fashion.
We
actually
use
a
six
set
of
functions.
L
One
of
them
is
a
kafka
producer,
very
similar
to
our
producer
that
we
just
saw
right
now
that
produces
messages
put
them
in
a
kafka
queue
and
then
there
are
about
you
know
six
other
functions.
One
of
them
is
the
consumer.
The
consumer
basically
picks
up
messages
from
kafka.
Does
some
messaging
of
the
data
and
put
them
into
redis?
The
other
four
functions
really
read:
redis
data
and-
and
you
know,
provide
it
as
an
api
endpoint
and
the
last
function
is
the
web
function.
L
It
basically
queries
the
api
in
points
and
show
you
all
the
you
know
nice
statistics.
Now,
I'm
not
going
to
run
this
it'll
probably
take
another
hour
for
us
to
try
it
out
and
show
entire
code
and
the
working,
but
you
can
go
and
check
it
out
on
this
repository
and
there
is
also
a
screenshot
and
a
demo
of
you
know.
This
working
in
in
you
know,
live
basically
cool,
let's
go
and
see
if
there
is
more
messages
or
more
parts
getting
you.
C
L
Produced
right,
I
think
it
is
still
consuming
about
235
odd
messages.
If
it
is,
if
it
finds
more
than
one
consumer
growth,
it
will
probably
scale
out,
but
if
it
doesn't,
it
may
not
scale
out-
and
I
don't
know
which
way
how
configured
right
now,
but
but
you
get
a
gist
of
this
once
these
thousand
messages
are
consumed.
The
part
that
is
running
kafka
is,
is
gonna,
get
shut
down,
and
you
know
it
is
gonna
get
back
to
zero
state.
L
So
that
is
a
truly
elastic
infrastructure
that
you
can
scale
out
and
scale
in
as
per
your
requirements
and
and
still
able
to
you
know,
build
event
driven
applications
which
react
when
there
is
an
event,
and
we
don't
react
when
there
is
no
events
out
of
speech
great
now.
One
thing
I
would
like
to
talk
about
is
contributing
not
just
to
vision
to
any
open
source
project,
and
I
want
to
bring
a
personal
anecdote.
You
know
from
my
journey
of
open
source,
so
I
really
started
my
career
into
the
enterprise
software.
L
I
was
a
mechanical
engineer
by
education.
So
most
of
what
I
did
was
you
know,
learning
on
the
job.
In
my
early
years
of
you
know,
software
engineering
career,
I
worked
with
enterprise
companies,
not
a
lot
of
open
source.
Of
course
I
did
use
open
source
like
java
and
other
things,
but
most
of
the
things
that
I
did
or
that
I
work
on
were
closed
source
and
you
know
driven
by
commercial
companies.
L
I
think
around
2010
11,
I
discovered
a
project
called
cloud
foundry.
It
was
a
past
platform
very
promising,
and
you
know
very
interesting,
probably
ahead
of
its
time,
and
I
discovered
the
value
of
you
know
open
source
software.
I
could
download
the
entire
stack.
I
could
rent
it
on
my
machine.
Try
it
out
fix
the
bug,
fix
the
documentation,
send
something
back
upstream,
so
I
joined
github.
You
know,
as
any
developer
would
do
back
in
the
day.
L
I
think
the
early
years
of
my
github
and
general
open
source
activity.
I
was
still
you
know
watching
from
the
sidelines.
You
know
see
what
is
happening,
maybe
look
at
a
few
projects.
Maybe
there
is
a
few
issues.
If
you
try
out
something.
Maybe
there
is
a
small
documentation.
Patch
maybe
fix
one
word
here.
One
word
there,
but
I
was
really
happy.
You
know
I
could
contribute
in
my
own
small
ways
in
my
own
tiny
ways
to
open
source
over
time.
L
You
know
I
took
small
baby
steps,
so
I
created
a
small
stack
workshop.
Basically,
I
learned
sal
stack
as
part
of
my
work.
Salt
stack
is
again,
you
know
another
open
source
configuration
management
tool
and
I
realized
there
is
not
a
single
demo
out
there
where
you
can
spin
up.
You
know
three
boxes
of
vagrant
on
your
own
machine
and
play
around.
You
know
with
salt.
The
way
you
would
do
with
a
very
realistic
kind
of
you
know
application
or
demo.
So
I
built
out
a
small
utility.
L
You
know
put
that
out
in
in
the
open
source.
I
talked
about
it
to
a
couple
of
my
colleagues,
my
friends,
and
they
were
really
happy
that
you
know
they
could
actually
clone
it
up
it
and
you
know
they
could.
They
could
actually
start
playing
with
salt.
So
that's
a
great
great
satisfaction.
You
know
from
giving
back
to
community
and
you
know
making
somebody's
learning
easy
and
around
2017
I
started
with
fishing.
I
I
didn't
know
golang.
L
You
know,
for
example,
when
I
started
with
christian,
I
learned
it
on
the
job
I
started
continuing
to
solve
features
small
documentation,
patches,
small
bugs
over
time.
You
know
I
started
converting,
bigger
and
bigger
features,
and
eventually
you
know
I'm
maintaining
the
fission
project
as
of
today.
So
I
want
to
say
you
know,
don't
don't
think
you
know
that
you
have
to
start
big.
Don't
think
that
you'll
do
everything
you
know
right
from
the
beginning,
very
big
start
small
starts
helping
in
smaller
ways.
You
can.
Eventually
you
will
reach
a
point.
L
Now,
after
expression
is
concerned,
you
can
go
to
fashion,
you
know
dot,
dot,
vision
or
io
such
docs
contributing,
and
you
know,
build
code
on
your
machine
and
see
how
it
is
working.
If
you
run
into
any
shoes,
please
join
slack,
you
ask
questions
to
you,
know
contributors
other
community
members,
they're
very,
you
know
happy
and
you
know
friendly
to
help.
Others
also
there's
another
project.
You
know
that
I'm
kind
of
practically
quite
involved
into
is
is
called
bot
cube.
It's
a
chatbot
for
kubernetes
works.
L
On
top
of
you
know,
microsoft
teams,
matter
modes,
slack
bunch
of
chat
platforms
and
again
you
know
very
nice
project
to
start
contributing,
make
small
changes
understand.
You
know,
infrastructure,
understand
systems
and
so
on
and
so
forth
cool.
Let's
see
and
go
you
know
if
our
parts
have
scaled
out.
Our
messages
are
still
consuming.
Okay,
so
we
are
about
715.
L
I
don't
think
it
did
scale
out
because
there's
probably
only
one
consumer
group,
but
if
I
had
more
than
you
know
one
two
three
four
consumer
groups,
then
it
would
have
scaled
like
three
four
parts
and
consumed
all
the
messages
and
you
can
see
by
probably
in
couple
more
minutes
thousand
messages
will
be
consumed
and
done
and-
and
the
part
will
be-
you
know,
shut
down
the
one
that
was
consuming
messages.
L
So
great,
that's
a
simple
demo.
If
you
have
any
questions,
I'm
happy
to
take
them
on
the
github
discussions
as
well.
But
you
know
thanks
for
listening
to
me
patiently.
J
J
I
J
L
Yeah,
that's
a
great
question.
There
is
a
project
called
fission
workflows
which
allows
you
to
do
that
to
some
extent,
but
also
our
users.
You
know
they
have
actually
built
out
their
own
custom
logic
to
build
a
chain
of
functions.
They
basically
use
message
queues
as
a
way
of
organizating,
so
one
function
produces
something
it
you
know
puts
into
a
message
and
there's
some
other
function
listening
to
it
and
that
just
builds
the
chain
of
functions.
You
know
that
you
can
execute
basically.
I
Awesome
when
it
comes
to
lambda
or
azure
functions
like
when
are
those
better
to
use
as
compared
to
fission,
for
example,.
L
Absolutely
I
think,
for
anybody
who
is
new
in
general
to
computing
or
let's
say
you
know
fast,
I
would
highly
recommend
them
using
lambda
or
you
know,
azure
functions.
They
are
great
starting
point.
They
give
you
a
lot
of
value
without
having
to
understand
all
of
the
underlying.
You
know.
Nuts
and
bolts
of
you
know
infrastructure.
L
So
I
think
they
are
a
great
starting
point
and
in
fact
I
would
say
even
for
smaller
businesses
early
stage
businesses,
they
are
great
value.
Add
they
give
you
so
much
power
without
having
to
worry
about
the
infrastructure.
J
That's
a
great
advice
for
how
one
should
look
at
transitioning
from
one
stack
to
another
and
we
got
another
one
and
you
shared
a
lot
about
the
projects
where
you
are
contributing
vishal,
and
I
think
that's
a
lot
to
this.
So
audience
is
asking
here:
how
do
I
get
involved
in
fission
and
start
contributing
to
it.
L
Sure
sure
I
think
the
the
first
and
foremost
thing
I
would
do
you
know,
is
go
check
out
the
project
and
try
it
out
forget
about
contributing,
but
also
understand
what
it
does
right,
build
a
simple
function.
Deploy
it
see
if
it
works
right.
If
you
again
run
into
any
issues,
join
the
slack
people
are
happy
to
help.
You
know
and
guide
you
once
you
understood
what
the
project
does,
then
I
would
go
and
look
at
the
good
first
issues
on
fiction
or
any
repository.
I
Thank
you,
that's
a
great
advice,
any
special
messaging
for
say
our
student
community
out
there
and
early
developers
anything
different.
You
would
want
to
suggest
them.
L
Yeah,
I
think
I
I
do
advise
you
know
a
few
of
my
family
and
you
know
friends
were
students,
I
think
start
basic
start
small
started
the
simple
language,
but
definitely
go
to
depth
of
it
and
have
a
lot
of
attention
to
detail.
And
today
you
know
we
are
lucky
in
2021.
We
have
so
many
tools
whether
it
is
a
browser-based
ide
or
you
know,
github
github
actions.
L
We
can
do
so
many
things
without
actually
having
to
know,
and
you
know,
build
everything
on
your
own
machine,
so
I
would
say
pick
up
one
language
get
great
at
it
and
beyond
that,
explore
your
interest.
You
know
whether
it
is
into
systems
or
ai
or
machine
learning
or
big
data.
You
know
whatever
it
may
be,
and
slowly
really
you
know
progress
with
open
source
projects,
because
there
is
so
much
out
there.
J
L
Absolutely
absolutely
yeah,
that's
a
topic
close
to
my
heart.
I
think
when
kubernetes
was
very
early
and
still
the
dominant
orchestrator,
so
to
speak,
I
I
thought
missiles
will
take
over,
but
I
realized
kubernetes
a
lot
of
power.
I
started
the
meetup
because
there
were
a
few
people
that
we
knew
about
kubernetes
and
we
thought
it's
a
good
idea
to
share
with
broader
community,
and
hopefully
more
people
will
join
us.
L
So
when
the
first
meetup
we
did,
it
was
just
eight
people,
including
myself,
and
over
time
you
know
it
has
grown
to
now
almost
2000
people
actively
in
the
in
the
meetup
group,
but
also
50
60
joining
us
every
month.
We
talk
about
you,
know
all
the
basic
topics
and
some
advanced
topics
as
well
and
and
learn
from
each
other.
I
Individually,
I'm
sure
folks
who
are
listening
in
would
want
to
also
know
how
can
they
join
in.
J
Great
great,
that's
that's
great,
and
this
question
has
been
coming
up
for
almost
every
speaker
out
here,
so
there
it
is
for
you,
charles.
What's
your
favorite
set
of
features
at
github
and
what
do
you
use
the
most.
L
Yeah,
absolutely
absolutely,
if
you
ask
me
what
is
my
most
favorite
one
today,
it
definitely
has
to
be.
You
know
the
vs
code
on
github,
where
you
can
open
a
browser.
You
know
ide
and
start
developing.
L
I
Wow,
so
it's
actually
coming
really
close
most
like
code
spaces
and
actions
and
that's
what
we've
been
hearing
from
folks
as
well.
I
When
it
comes
to
other
projects
that
you
contribute
to,
is
this
usually
in
the
same
area
or
do
you
do
you
prefer
like
again
from
an
advice
to
others
as
well?
Would
you
prefer
to
deepen
in
one
area
or
explore
multiple.
L
Sure
I
think
in
past
I
tried
to
do
multiple,
but
I
think
at
least
personally
from
my
perspective,
what
happens
is
when
you
spread
yourself
too
thin
into
too
many.
You
know
areas
and
you
don't
get
depth.
I
prefer
to
focus
on
one
area.
For
example,
even
if
you
look
at
just
you
know,
infrastructure,
there
are
probably
hundreds
of
projects
out
there
and
I
don't
think
you
can
again
contribute
to
all
hundreds
of
them
anyways.
L
So
I
would
really
focus
on
one
area
get
depth
into
that
and
then
choose
a
few
projects
that
you
can
contribute
to.
You
know
consistently.
I
believe
the
consistency
over
time,
you
know,
is
a
lot
more
important
than
contributing
to
x
number
of
projects
if
you're
early
in
your
career
or
your
college
student,
who
still
don't
know
what
you
want
to
do,
whether
it's
system,
design
or
big
data
or
machine
learning,
it's
okay,
to
explore
it's
okay
to
be
a
little
open.
L
J
That's
great
that's
great
advice
and
definitely
very
very
useful
for
all
our
audience
and
vishal
with
that.
We'll
wrap
up
the
question
and
answers
here,
but
for
our
audience,
you're
gonna
hang
around
in
the
discussions
room
with
them
for
next
30
minutes,
so
everybody
out
there
do
catch
him
for
all
the
amazing
work
that
he's
doing,
learn
from
him.
His
experiential
knowledge,
especially
about
how
to
contribute
and
getting
started
with
the
open
source
projects
with
that
bye
vishal,
and
we
will
see
you
in
the
github
actions
room.
Leave
you
there
with
all
our.
I
I
Folks,
we
would
want
to
have
you
share
your
moments
with
us
as
well.
Show
us
your
bhangra
show
us
your
garbage.
Show
us
all
your
moves.
You
have
there
and
pour
the
love
on
hashtag
github
satellite.
You
can
tag
mohit,
juneja,
87
or
myself.
Divya
vaishnavi
also
remember
to
do
the
attendee
survey.
We
want
to
hear
your
feedback
you'll
find
that
linked
below
the
video
mohit.
I
think
that
was
oh.
J
I
And
sharing
all
about
that
is
uma.
Mukhara
he's
a
ceo
of
chaos
native
his
current
passion
is
obviously
about
bringing
chaos,
engineering
capabilities
to
developers
at
scale
in
the
cloud
native
space
and
how
to
make
the
tool
sets
like
litmus
more
robust
and
available
to
everyone.
Remember
folks
to
engage
with
us
in
discussions
post
your
questions
there
and
mohit,
and
I
will
bring
those
in
life
with
uma
over
to
you.
Uma
looking
forward
to
chaos,
engineering.
O
Hello
folks,
good
morning
excited
to
be
here.
I
am
today
I'll,
be
speaking
about
resilience
testing
with
litmus
chaos
and
github
actions,
pretty
exciting
topic,
considering
that
we
have
a
lot
of
development
going
on
in
the
world
today
with
kubernetes
at
mainstream.
O
So
let's
jump
into
it
a
little
bit
about
myself.
I've
been
a
technology
architect.
O
In
the
last
decade,
I've
been
doing
a
lot
of
entrepreneurial
stuff,
with
the
cloudbyte
being
my
first
startup
and
eventually
moved
on
to
kubernetes,
with
open
ebs,
open
source
project
for
storage
and
there
we
started
writing
chaos,
engineering
tools
for
open
ebs,
which
became
litmus
project
and
eventually
became
a
cncf
project
for
chaos,
engineering,
and
we
wanted
to
focus
more
on
taking
this
chaos,
engineering
capabilities
to
larger
community,
like
developers
sres,
and
we
spun
off
from
my
data
to
become
kiosk
native
as
an
independent
company,
to
focus
primarily
on
chaos,
engineering
for
kubernetes
and
surrounding
ecosystem.
O
So
what
we
are
going
to
talk
today
is
really
about
how
we
can
take
chaos,
engineering
to
developers
using
github
actions.
Of
course,
you
can
do
it
in
many
other
ways,
but
today
we're
going
to
talk
about
github
actions
and
in
that
process
we'll
touch
a
little
bit
about
what
is
chaos
engineering?
What
is
cloud
native
chaos,
engineering?
O
So
let's
talk
a
little
bit
about
cloud
native
developers
right
so
we're
all
now
already
in
the
cloud
native
space
and
it's
all
about
micro
services
right.
So
what
why?
The
developer
mindset
has
to
be
a
little
bit
different
about
the
cloud
native
ecosystem,
the
development
of
application
in
such
a
system
right,
the
first
primary
difference
is
as
a
developer.
You
are
expected
to
shift
things
faster
right
and
that's
the
whole
hype
about
microservices.
O
The
reason
why
kubernetes
and
containers
are
so
famous
now
right
and
they
are
also
coming
much
faster
to
you.
Your
development
environment
is
also
changing
right
and
the
pipelines
are
large,
complex
and
they're
expected
to
do
a
lot
more
job
than
what
they
used
to
do
earlier.
Right
and
as
developers.
Your
ecosystem
is
changing
a
lot
underneath
in
which
you're
developing,
which
you're
testing,
and
that
is
expected
to
be
very
sturdy.
Otherwise,
you
are
you're,
really
slowing
down
your
ecosystem,
all
right.
O
So
I
want
to
be
able
to
depend
on
my
tasks
and
I
want
to
be
able
to
depend
on
the
underlying
stack
as
well
right.
So
what
is
chaos?
Engineering
for
developers
right
so
just
to
summarize,
you've
been
developing
your
application
with
your
ci
pipelines
and
you
used
to
test
them,
but
now
you
also
have
a
continuous
verification
of
your
underlying
infrastructure,
as
well
as
your
underlying
micro
services
that
you
run
your
pipeline
on.
So
that's
really.
Chaos
engineering
for
developers
really
mean
it's
adding
chaos
engineering
to
your
ca
pipelines
right.
So
what
is
chaos?
O
Engineering?
We
all
know
that
it's
all
about
reducing
down
times,
because
they're
very
expensive.
You
move
your
testing
on
to
the
right
side
of
your
devops
loop.
Don't
wait
test!
Keep
testing
right
and
usually
it's
been
an
afterthought
process.
You
burn
something,
you
know
an
expensive
outcome
will
come
and
as
a
result,
you
are
expected
to,
you
know,
fix
it
and
the
rca
is
the
practice.
Chaos
engineering
right.
So
it's
been
a
mostly
traditional
one,
not
many
tools.
O
I've
been
there
in
a
way
that
you
can
automate
them
at
high
scale
and
generally
it's
a
reactive
stuff.
You've
not
been
seeing
chaos
engineering
as
part
of
ci
cd
so
far
that
aggressively,
except
that
you
know
last
a
year
or
so
with
so
much
of
stuff
happening
around
cacd,
faster
stuff
happening
in
in
the
left,
shift
mode
of
operations,
you're
seeing
chaos
engineering
as
a
way
to
do
it,
and
this
is
really
propelled
by
the
adoption
of
kubernetes.
O
As
you
see,
kubernetes
is
moving
mainstream
and
you
are
seeing
more
dynamism
and
the
chaos
engineering
has
begun
to
catch
up.
You
know
the
people's
mindset
and
we
believe
that
you
know
it's
already
on
the
path
to
mainstream
adoption,
as
you
would
have
seen
many
people
talking
about
how
chaos
engineering
is
going
to
play
our
main
role
in
this
year
and
probably
next
year
and
years
to
come
in
that,
so
there
is
going
to
be
more
of
more
chaos,
engineering
in
cloud
native
space
and
that's
why
cloud
native
chaos?
Engineering
is
a
topic.
O
You
know
we
define
certain
principles
right,
so
it's
got
to
be
open
source.
You
need
to
have
this
chaos,
experiments
pretty
well
organized
well
tested.
It
has
to
have
operators
with
open
api
and
life
cycle
management.
It
has
to
scale
well
and
probably
get
ups.
Is
the
right
answer
to
manage
chaos,
engineering
and
then,
when
you
introduce
certain
issues
or
bugs
you
find
them
using
fault
injection,
you
need
to
debug
them.
So
observability
is
a
very
key
factor.
O
So
when
you
do
chaos
engineering
in
this
way,
you
can
call
that
as
cloud
native
chaos
engineering.
These
are
the
principles
that
we
defined
couple
of
years
ago
before
we
started
the
journey
of
chaos
engineering
in
late
months.
The
project,
which
is
now
a
cncf
project,
is
really
based
on
these
principles
right,
so
it
is
open
source
and
it
is
having
a
chaos
hub
and
a
lot
of
operator.
O
Work
has
gone
in,
and
githubs
and
open
observability
are
just
around
the
corner
with
the
titans
all
right,
it's
a
project,
it's
pretty
famous,
I
would
say
we
have
about
close
to
50
000
installations,
all
over
the
place
that
we
know
of
there
may
be
more.
What
I'm
really
excited
about
is
this
project.
Apart
from
the
maintenance
chaos
native,
there
are
other
people
who
are
contributing
very
very
actively,
including
some
of
the
larger
companies.
Recently,
red
hat
also
became
one
of
the
main
adapters,
and
the
contributions
have
been
very,
very
helpful
right.
O
So
where
do
we
use
litmus
right?
Obviously,
you
know.
I
just
talked
about
the
ci
pipelines
use
case,
we'll
talk
more
about
it
shortly,
and
the
other
two
areas
are
as
an
extension
of
ci
chaos.
Engineering
is
used
as
a
trigger
to
do
cd
and
then
post
cd
as
well
right.
So
I
just
deployed
it
is
my
application
working
as
behaving
behaving
as
expected,
and,
of
course
chaos.
Engineering
has
been
having
the
use
case
of
randomized
testing
in
production,
not
reproduction
right.
So
overall
litmus
is
a
cross-cloud
multi-tenant
platform.
O
You
will
be
able
to
see
these
three
use
cases
used
properly
so
a
little
bit
about
what
is
litmus.
As
a
brief,
you
know
it's
a
helm
chart
with
a
lot
of
experiments
already
available
and
you
can
take
them
as
is
or
you
can
pull
them
into
your
private
git
repository
and
then
create
your
own
private
chaos
hub
and
collaborate
with
your
own
team
members
right.
So
that's
private
key
also.
O
So
when
you
install
litmus
through
a
helm
chart
you
get
a
nice
portal,
that's
where
your
centralized
cross
cloud
or
multi-cloud
control
plane
for
your
chaos,
engineering
and
then
once
you
set
that
up,
you
can
run
kiosks,
workflows
anywhere
any
kubernetes
or
non-kubernetes.
O
You
can
run
them
on
cloud
platforms,
vms,
bare
metals,
and
you
can
store
all
this
configuration
in
and
get
centralized
so
that
you
can
automate
them.
You
can
put
some
you
know
or
back
rules
around
it
manage
the
versioning
of
them,
and
this
works
very
well
with
any
other
githubs
platforms
such
as
argo,
cd
or
plus
cd.
So
in
a
nutshell,
it
you,
you
have
a
portal
where
you
can
manage
chaos
and
see
what's
going
on
and
you
can
run
chaos,
experiments
on
any
target,
either
kubernetes
or
non-kubernetes
or
any
public
cloud.
O
You
know
all
all
versions
are
supported,
so
workflow
is
is
really
the
next
step
in
chaos.
Engineering,
where
you
can
create
scenarios
on
the
flow,
a
set
of
experiments
pulled
together,
either
in
sequence
or
in
parallel,
consolidate
the
result
and
then
push
the
metrics
back
to
a
centralized
monitoring
place.
So
we
have
integrated
this
with
the
argo
workflows
and
it
works
very
well
right
now,
litmus
has
got
a
lot
of
experiments,
that's
already
there
and
a
lot
more
are
coming
as
it
is
open
source
community
continuously.
O
E
O
More,
interestingly,
how
you
can
use
it
in
github
actions
right,
so
what
we
have
done
is
we
have
developed
a
ci
library
on
top
of
litmus
which
you
can
actually
use
as
a
chaos
stage.
All
you
just
need
to
do
is
you
know
you
implement
a
chaos,
action
that
calls
this
library
function
and
then
the
entire
litmus
experiment
just
gets
executed
automatically.
O
So
it's
as
simple
as
just
calling
this
api
and
then
you're
good,
so
very
the
same
infrastructure
can
be
used
or
is
being
used
with
other
pipelines
too
spinnaker
or
captain
or
gitlab.
So
let's
go
ahead
and
actually
show
chaos,
actions
in
in
reality
right
so
how
we've
been
using.
So
when
chaos,
when
github
actions
was
introduced,
we
ourselves
litmus
project,
moved
our
ci
from
something
else
to
github
actions.
So
we
are
using
github
actions
and
we're
using
chaos
to
test
our
own
chaos.
O
Engineering
code
I'll
show
how
we've
been
using
it,
but
primarily
with.
If
you
want
to
introduce
github
actions,
you
just
introduce
a
new
workflow
or
a
stage
right,
and
you
call
that
as
chaos
stage,
and
then
you
keep
calling
chaos,
experiments
or
chaos
actions
within
it
right.
It
generally
includes
you
call
certain
functions
that
installs
litmus
and
at
the
end
of
the
chaos
stage
of
the
workflow
you
clean
up
bitmus
and
in
the
middle,
you
can
call
as
many
chaos
experiments
as
your
as
your
platform
or
application
deserve.
O
You
can
do
them
in
parallel
or
in
sequence
right,
so
you
can
also
use
chaos,
actions
against
an
external
kubernetes
cluster.
We
support,
passing
cube,
config
through
environment
variables
and
the
rest
of
it
works
fine
as
similar
to
a
local
pipeline.
O
So
as
part
of
your
github
trigger
you
can
call
entire
chaos
pipeline
on
a
remote,
kubernetes
cluster
and
you
can
test
it
as
well
right.
So,
let's
see
them
in
action,
so
we
can
go
to.
We
have
published
chaos,
actions
litmus
care
sections
on
on
the
marketplace,
so
you
can
go
and
search
for
chaos.
O
So
you'll
see
kubernetes
chaos
here
and
what
we
have
done
is
we
have
actually
created
one
single
action
and
call
any
experiment
that
you
wish
to
execute
as
an
environment
variable.
So
it's
it's
pretty
easy.
You
don't
have
to
learn
a
lot
of
actions.
It's
just
one
action
right
now
we're
trying
to
implement
more,
probably
workflows,
so
you
can
just
use
this
one
single
action
and
then
it
really
includes
three
steps.
As
I
said
first,
you
include
a
script
to
deploy.
O
It
must
and
then
later
to
clean
it
in
the
middle
you
need
in
the
middle.
You
call
this
actions
and
then
call
what
is
the
experiment
or
where
the
target
is
the
application
through
all
environmental
variables
right,
and
these
are
the
environmental
variables
as
as
you
keep
tuning
it,
you
are
in
control
of
what
experiment
should
be
executed
against
which
target
right,
and
I
have
a
sample
project
that
I'm
going
to
show
right
now.
O
It's
a
simple
project
where
we're
going
to
have
a
chaos
action.
So
let
me
go
here
and
explain
how
this
workflow
is
written.
O
So
this
is
a
demo,
chaos
action
and
it
uses
chaos.
I
mean
the
github
actions.
All
we're
going
to
do
is
set
up
a
kubernetes
cluster
kind
cluster
on
the
fly
and
install
nginx.
That's
one
stage.
So
then
I'm
going
to
introduce
a
chaos
stage
right.
So
it's
all
about
setup
litmus,
it's
as
simple
as
that
and
then
run
a
couple
of
experiments.
O
I'm
just
calling
this
actions,
chaos,
actions
with
this
environment
variables.
You
can
see
chaos,
experiment
is
modulate
and
the
same
action.
I
call
again
with
a
different
experiment
right
and
you're
all
set.
Then
of
course,
I'm
going
to
delete
litmus
uninstall
it
once
at
the
end
of
it.
So
you
go
and
see
this
in
action.
Let
me
just
go
run
it
just
for
the
sake
of
it
and
while
it
gets
launched
it
might
take
a
minute.
I
can
go
and
see.
Show
you
how
this
was
done
earlier
right.
O
So
it's
really
about
setting
up
big
mess
and
running
couple
of
experiments
and
uninstalling
it
rest
of
it.
Is
your
own
action
pipeline
right.
So
if
you
go
and
see
this
modulate
experiment,
all
you
called
is
just
one
line,
but
we
do
the
heavy
lifting
underneath
and
the
developer
should
not
be
worried
about.
You
know
what
goes
on
underneath,
but
you
can
generally
go
and
see
you
know
what
goes
on
and
you
know
what
the
results.
O
Of
course
you
can
integrate
this
with
a
lot
of
monitoring
tools
which
are
not
talking
about
it,
but
what
it
really
is
is
simple
way
to
execute
chaos
into
your
pipelines
right-
and
this
is
our
repository
where
we've
been
using
github
actions
as
a
way
of
testing
our
own
merged
code
and
as
you
can
see
that,
and
we
got
your
e2e
pipelines
and
that's
where
we
are
running
our
own
chaos
actions
right.
So
let's
go
and
see
one
run
pipeline,
so
you
will
see
some
a
lot
of
generic
tests.
O
This
generic
tests
are,
you
know,
set
up
late
pass
and
for
every
code,
much
that
we
do.
We
go
on
test
if
our
own
experiments
are
working
or
not.
So
if
you
are
looking
at
how
to
execute
a
particular
experiment,
you
can
go
to
our
own
pipelines
and
see
how
we
are
using
chaos,
actions
and
github
kiosks
experiments
and
github
actions.
You
can
just
take
that
as
an
example
and
then
and
do
them
so
with
that.
I
think
you
know.
O
I
would
like
to
take
some
questions
if
there
are
any
right
so
in.
In
summary,
it's
it's
really
a
very,
very
straightforward
way
of
using
github
actions
and
litmus
chaos.
We
try
to
make
it
as
simple
as
possible.
O
It's
been
for
operations
traditionally,
but
that's
we
are
in
the
new
world
where
cloud
native
ecosystem
is
changing
the
way
we
do
id
right.
So
chaos
engineering,
in
my
opinion,
is
going
to
be
a
common
place
in
developer's
tool
set
right.
So
that's
what
we
are
set
out
to
do
and
we
are
at
the
beginning
of
that
cycle
right.
O
So,
first
of
all,
you
need
to
create
a
good
tool
set
an
open
source
tool
set,
that's
easy
to
use
and
it
makes
a
lot
of
sense
by
using
it
and
if
it
produces
results,
developers
will
take.
Take
it
and,
as
I
discussed
in
this
session,
we
expect
developers
to
start
looking
at
the
test,
not
only
negative
tests,
but
there
are
chaos
tests
outside
your
own
code
that
your
code
should
really
depend
on.
J
Wow,
that's
going
to
change
a
lot
of
things
and
thanks
a
lot
for
kind
of
enlightening
us
on
to
that
next
one
up
we
have
for
you
is
what
are
the
most
common
chaos
actions?
Do
you
see
getting
used
by
the
users
as
of
now.
O
Right
the
scales
actions,
a
lot
of
them
are
there.
I
mean
chaos
experiments.
There
is
only
one
chaos
action
that
we
have
written
right
now,
using
which
you
can
introduce
whatever
the
chaos
experiment
that
you
want,
using
the
environmental
variable
right
and
usually
either
developers
or
whoever
is
trying
to
do
chaos
and
trading
in
the
beginning.
They
would
want
to
take
the
most
simple
chaos.
Experiments
right,
so
port
eviction
and
port
delete
is,
is
a
very
common
thing.
Right.
O
Kubernetes
can
kick
any
part
out
based
on
the
resource
constraints,
so
you
it's
safe
to
do
a
port
delay
right,
because
kubernetes
is
mainstreamed
right
now,
so
you
go
and
actually
use
such
chaos
experiments
to
learn
the
benefits
of
chaos
and
how
to
use
chaos,
and
you
generally
people
use
port
delay
to
cpu
hog
memory
hog,
because
you
know
these
are
less
intrusive
and
you
learn.
But
generally
what
we
also
see
is
people
go
all
the
way
to
the
extent
of
breaking
some
infrastructure.
O
For
example,
a
disk
fell
right,
or
this
delay
or
network
loss
network
delay.
All
this
kind
of
thing,
one
of
the
other
common
things
that
we
have
seen
is
what
happens
if
my
kubernetes
itself
gets
stuck
right.
So
how
do
I
simulate
the
scenario
of
something
wrong
going
into
kubernetes
itself
and
you
take
a
cue
blade
out
right,
so
we
have
a
cubelet
kill
experiment.
O
That's
where
people
find?
Oh
okay.
So
it's
pretty
easy
to
test
my
code
when
kubernetes
under
trouble.
You
just
call
a
chaos.
Action
with
cubelet
down
and
within
minutes,
you'll
be
able
to
actually
test
whether
your
code
is
able
to
sustain.
I
That's
that's
insightful.
Thank
you
so
much.
What
more
can
we
expect
in
the
future,
with
github
actions
from
kiosks
perspective.
O
Right,
our
first
goal
is
really
you
know,
because
we
like
github
actions,
because
we
are
on
github
right,
so
we've
been
using
other
ci
platforms
and
let's
actually
move
on
to
github
actions,
so
we
wrote
what
we
needed
to
begin
with,
and
recently
we
have
added
a
lot
of
capabilities
into
chaos,
tool
litmus
to
make
it
useful
for
enterprise
users
who
use.
I
know
large
deployments
and
all
so
as
part
of
that
we
created
chaos,
workflows
right,
which
are
nothing
but
a
set
of
experiments
you
can
put
together.
O
You
can
stitch
together
to
create
a
chaos
scenario
right,
usually
the
problems
happen,
not
because
the
small
fault
has
happened,
but
because
you
know
something
you
know
a
dual
failure,
or
a
triple
failure
happened
in
an
unexpected
way.
You
wanted
to
simulate
all
this
stuff
and
that's
what
a
chaos
workflow
can
do
and
you
can
automate
that
also
so,
can
I
introduce
chaos
workflows
through
github
actions?
O
Right
of
course,
it's
going
to
be
a
little
bit
more
difficult
than
or
cumbersome
than
a
simple
chaos,
action
of
an
experiment,
but
that's
what
we
are
trying
to
look
at
developing
bring
in
chaos.
Workflows
as
a
way
to
test
complex
scenarios
in
your
pipelines
using
github
actions,
so
we
might
write
one
more
chaos,
action
called
chaos,
workflow,
and
then
we
are
also
looking
forward
to
integrate
some
analytics.
You
know
if
github
is
providing
some
analytics
or
in
general.
O
Prometheus
is
a
way
to
observe
the
analytics
of
the
ci
platforms
as
well
right.
So
the
observability
and
workflows
are
the
next
things
that
we're
trying
to
do.
J
That's
great
and
we
will
just
take
one
more
before
we
let
you
go
to
github
discussions,
and
this
is
again
a
question
which
everybody
got
asked.
What
is
your
favorite
github
feature
that
you
use
the
most.
O
I
know
a
lot
of
people
would
like
to
say
you
know
the
latest
feature.
I'm
pretty
excited,
of
course,
github
actions
we
like
them,
but
you
know
as
an
open
source
maintainer.
I
want
my
community
to
be
working
very
well
on
github
right,
so
the
age-old
feature,
github
issues
right
we've
been
using.
Everybody
uses
github
issues
as
a
way
to
ask
questions
as
a
way
to
go
and
find
answers
right.
You
ask
a
question,
you
answer
and
then
a
year
down
the
line,
somebody
faces
the
same
question.
O
I
I
Hold
on,
I
know
you
are
smart,
so
now,
let's
celebrate
a
home
for
all
developers
that
is
github
and
celebrating
indian
developer
community,
actually
the
world's
developer
community
on
github.
So
everybody
join
us
and
let's
get
this
celebration
going,
I'm
a
little
sad
we're
coming
to
the
end
of
session.
One.
J
Yes,
we
have
reached
our
final
session
of
day
one
and
what
a
energy
pack
day
right
and
for
this
session
we
have
a
very
special
guest
one
and
only
martin
woodward,
the
man
who
needs
no
introduction
director
of
developer
relations
at
github
martin
hosted
the
enterprise
channel
at
universe,
2020,
and
it
was
rad
and
energetic,
and
we
all
look
up
to
him
as
a
role
model
on
how
to
really
bring
that
energy
right
to
our
community.
Martin
will
be
talking
about
the
stars
program,
meetups,
the
release
radar
and
a
lot
more.
I
I'm
sure
you
know
what
I'm
sure
people
want
to
create
their
own
octocats
as
well
like
we
have
mona.
So
so
folks
go
ahead.
You
can
go
to
october
and
create
your
own
actor
cat.
You
can
actually
order
for
swag
whether
it's
t-shirts,
caps
mugs.
You
can
use
that
as
well,
so
go
to
hashtag,
github
satellite
and
do
that
we're
also
hearing
a
lot
from
all
of
you.
We
want
to
hear
more
so
create
more
noise.
I
I
see
roshan
kumar
patron
saying
he's
enjoying
all
the
sessions
that
are
happening,
man
of
modi,
talking
about
the
india
being
a
big
potential
contributor,
so
I'm
just
enjoying
it.
What
was
your
favorite
part.
J
Oh,
my
favorite
part
is
something
that
I'm
not
sure.
If
everybody
has
noticed
on
our
new
profile
page
on
twitter,
you
check
it
out
because
we
have
got
our
very
own
yoga
cat.
The
one
thing
that
really
unites
india
is
nothing
but
yoga,
and
we
have
your
favorite
octocat
in
a
new
avatar,
go
check
out
our
new
face
on
twitter
and
just
look
out
how
the
new
yokato
cat
looks
to
you
and
we're
gonna
be
all
ears.
Listen
to
your
comments.
J
Hashtag
get
up
satellite
tweet
us
on
github
india
and
we're
gonna,
listen
to
each
and
every
comment
that
you're
gonna
share
with
us.
And
if
you
want
to
hit
me
and
then
we
have
directly
absolutely
go
ahead
at
divya
version
and
move
it
to
87,
you
got
all
of
us
for
you
answering
everything
that
you
can
ask
there
waiting
for
your
comments.
J
J
I
Yeah,
I'm
gonna
do
that
too.
I
I've
created
my
own
octa
cat
as
well.
I
called
it
the
watercat
which
has.
E
J
I
Oh
yes,
so
all
of
these
are
paintings
done
by
my
daughter,
she's,
really
good.
So
yes,
I
I
grabbed
her
room
for
for
today.
J
I
A
J
A
P
Hey
everybody
thanks
for
that
fantastic,
welcome,
yeah
and
thanks
everybody.
As
I
said,
I'm
martin
woodward,
I'm
the
director
of
job
operations
here
at
gil
and
it's
my
absolute
pleasure
to
be
able
to
wrap
up
what's
been
a
truly
fantastic
day
for
us
all.
I've
been
in
since
about
four
o'clock
this
morning,
I'm
based
in
the
uk.
Here.
It's
now
seven
a.m
live,
and
so
I
want
to
say
thank
you
to
everybody.
P
You
know
thanks
to
the
wonderful
host
for
keeping
us
company
during
the
day
today
to
aniston
coron
on
the
open
source
channel
and
then
divio
mohit
over
on
the
devops
channel
rocking
some
fantastic
headwear.
I
have
to
say
sorry
my
my
head's
looking
particularly
bare
today,
but
there
we
go
and
thanks
for
joining
us.
You
know
we
really
really
really
do
appreciate
the
time
and
also
the
welcome
you've
given
github
here
in
india
when
we
opened
the
office
just
over
a
year
ago.
P
You
know
we
really
really
felt
the
the
love
of
the
india
developer
community
and
that's
only
grown
as
we've
been
growing.
Our
engineering
team
in
india
as
well
and
that's
you
know,
despite
everything,
that's
been
going
on
over
the
past
12
months,
the
challenges
we've
all
had
to
face
getting
used
to
our
new
ways
of
working.
So
thank
you
very
much
for
joining
us
online
and
also
thank
you
for
sharing
your
octocats
with
us.
If
you've
been
people
been
heading
over
to
myoctocat.com,
sharing
their
octocats
on
social
media.
P
So
thanks
for
doing
that,
I
brought
some
of
them
in
here.
Live
that
got
shared
in
the
past
couple
of
hours
and
thanks
for
joining
us
over
in
discussions.
I
was
just
over
in
there
this
morning.
Some
great
questions,
some
great
discussions
happening
and
people
just
saying,
hi
and
introducing
themselves
as
well.
So
thanks
to
you
know
this
great
and
being
part
of
this
great
github
community,
it's
really
it's
been
a
real
pleasure.
Today.
The
github
india
community
has
really
been
growing
over
the
past
year.
P
As
erica
said
this
morning,
1.8
million
developers
have
joined
us
in
the
github
community.
Here
in
india.
That's
just
insane
numbers
it's
so.
Thank
you
very
very
much.
This
is
the
equivalent
to
a
developer
in
india,
creating
their
first
repo
every
30
seconds.
So
while
I've
been
jibber,
jabbering
on
people
have
been
creating
repos
and
it's
every
single
30
seconds,
and
it's
not
just
people
using
github
for
work
either.
It's
as
erica
said
this
morning.
P
India
is
now
the
fastest
growing
open
source
contributor
in
the
world,
so
everybody
in
india
has
been
contributing
massively
and
the
potential
for
india
and
indian
developers
to
positively
impact
the
world
is
unbelievable,
as
we
saw
in
the
covid
session
earlier
on
talking
about
the
impact
for
good
there,
and
also
just
thanks
to
all
the
amazing
open
source
contributions
that
are
making
the
world
a
better
place.
P
We're
proud
to
host
a
growing
collection
of
projects
that
are
built
in
or
receiving
significant
contributions
from
india.
If
you
visit
our
made
in
india
collection
on
github,
you
can
learn
more
that's
github.com
collection
made
in
india
and,
if
you're,
a
maintainer
of
a
project
in
india,
we'd
love
to
feature
your
project
on
this
list.
P
So
if
you
head
on
over
to
that
address
there-
and
you
can
send
a
pull
request
in
to
add
your
project
into
this
list
today,
please
do
we
would
love
to
feature
you,
and
you
can
also
tell
us
about
your
project
in
discussions
if
you
want
or
if
you
want
to
get
some
feedback
or
anything
else
like
that,
I'd
love
to
love,
to
listen
it
now
with
india,
as
erica
mentioned,
to
help
support
these
projects.
P
Erica
also
announced
the
github
grants
for
open
source,
and
this
is
a
brand
new
program
that
you
can
learn
about
in
in
that
in
the
same
discussions
repo,
you
can
learn
about
the
program
there
and
it
offers
grants
for
a
total
or
some
of
10
million
rupees
to
open
source
maintainers
to
support
their
work,
as
they
continue
to
build
world-class
software.
P
That
really
makes
an
impact
for
india,
but
across
the
world,
and
open
source
projects
based
out
of
india
will
be
able
to
apply
and
we're
using
working
with
some
representatives
from
academia
from
the
software
industry,
as
well
as
from
within
github,
to
select
the
grant
recipients.
I'm
really
glad
that
we're
launching
this
program
as
well.
I
just
can't
you
know,
I'm
really
looking
forward
to
seeing
the
impact
that
the
recipients
are
able
to
have
with
this
additional
financial
support
that
we're
providing.
P
What's
cool
what's
happening
if
you've,
your
favorite,
open
source
project
has
had
a
major
release,
then
be
sure
to
let
us
know
by
tagging
it
with
gh
release
radar
or
by
sending
it
to
github
on
twitter
and
we've
just
got
this
fantastic
community
and
that's
what
we've
seen
today
and
that's
what
you
know
despite
us
all
being
remote
despite
us
all
coming
from
the
different
locations
around
the
world,
it's
just
fantastic
to
see
this
community
come
together,
but
especially
in
india.
P
Over
the
past
year,
we've
launched
a
new
program,
as
eric
mentioned,
to
highlight
the
fantastic
leader
in
leaders
in
our
communities.
We
call
that
the
the
github
stars
program
and
the
github
stars
program
exists
to
lift
up
people
who
inspire,
who
educate
you
nurture
in
your
communities.
You
know
you
always
see
these
people
they're
the
people
who
are
always
volunteering,
always
stepping
up
and
really
driving
communities.
P
There
are
a
fantastic
group
of
people
across
the
world,
who've
been
incredibly
active
in
building
local
communities
and
helping
online
and
helping
others
as
well,
and
I'm
very
pleased
to
say
two
of
our
stars
who
are
indian
stars
been
presenting
here
at
satellite.
We
had
santosh
on
earlier
and
then
nicholas
is
running
a
workshop.
Where
is
if
you
haven't
signed
up
for
the
workshops?
P
Actually,
if
you
want
to
head
on
over,
the
space
is
quite
limited,
but
remember
that
all
money
for
the
workshops,
all
the
money
raised-
is
going
to
local
charities
in
india
as
well
and,
as
I
say,
nishka
she's
going
to
be
presenting
one
of
those
workshops.
P
And
if
you
know
someone
in
your
local
community,
someone
in
your
developer
community,
that's
using
github
to
help
other
developers
and
help
people
learn
to
help
people
get
better
and
raise
up
through
get
better
as
open
source
contributors
or
as
developers.
And
if
you
think,
they've
got
what
it
takes
to
be
a
star,
then
please
visit
stars.gable.com
to
nominate
them.
It's
a
it's
a
it's,
a
small,
very
exclusive
group
of
them.
Really
some
of
the
most
inspirational
people
in
the
community
that
we've
got.
P
You
know
over
56
million
developers,
but
we
are
adding
new
people
every
week.
So
let
us
know
who's
a
star
in
your
eyes.
That'd
be
fantastic,
and
one
of
the
things
do
that
our
stars
do
a
lot
of
is
to
educate
and
sort
of
share
their
knowledge,
and
so,
as
we
start
to
open
back
up
over
the
next
year,
if
you're
hosting
an
in-person
meetup
around
github
then
do
reach
out
to
us
in
discussions.
P
We'd
love
to
send
you
some
stickers
to
hand
out
see
how
else
we
can
help
and
remember
that
we've
got
our
virtual
meet
up
for
indian
developers,
which
streams
live
or
you
can
catch
replays
on
youtube,
and
that
happens.
You
know
regularly
it's
not
just
satellite
india.
We
have
these
regular
virtual
meetups
as
well,
where
you
can,
where
you
can
get
in
contact
with
local
developers,
so
be
sure
to
stick
around
after
these
virtual
meetups
and
there's
lots
of
great
conversation
happening
as
well.
P
I'm
always
just
completely
blown
away
by
the
the
energy
and
the
passion
that
the
students
in
india
have
in
supporting
open
source
in
using
github
and
just
you
know,
really
participating
in
the
community.
It's
fantastic
to
see
and
there's
obviously
such
an
amazing
future
coming
up
through
the
that
community.
P
So
you
can,
just
you
know,
really
feel
the
passion
for
hunger
and
learning
as
well.
It's
just
amazing
one
of
things
has
also
been
great
to
see
is
that
the
faculty,
the
academic
staff
in
india
have
been
some
of
the
most
responsive
in
the
world,
actually
in
terms
of
helping
their
students,
get
the
skills
for
jobs
and
also
learn
how
to
contribute
into
open
source.
P
In
the
last
year
alone,
we've
had
more
than
a
hundred
higher
education
institutions
join
github's,
education
programs
and
we've
also
that's
been
supported
by
an
amazing
74
volunteer
campus
experts
in
india.
In
the
student
body,
there
are
well
over
a
hundred
thousand
students
now
signed
up
to
our
educational
programs
and
with
the
campus
program,
students
across
many
of
india's
higher
education
institutions
have
access
to
github's
full
product
suite
as
throughout
their
time
as
students.
P
The
student
ecosystem
is
incredibly
important
to
the
continued
growth
and
pace
of
innovation
in
india
and,
as
I
say,
it's
just
such
a
bright
future.
Looking
ahead
of
us
there
as
we
look
towards
that
community
and
the
more
we
can
do
to
equip
them
as
developers
as
innovators.
The
solution
builders
of
tomorrow,
the
brighter
our
future
is
going
to
look,
which
is
why
we
have
the
the
github
student
pack
and
if
you're,
a
student
in
india
and
you're
not
already
familiar
with
it,
be
sure
to
check
it
out.
P
The
pack
contains
over
14
million
rupees
worth
of
free
software
and
services
to
help
every
student
developer,
so
not
just
from
github
but
from
partners
and
and
other
people
that
we
work
with.
So
if
you
head
on
over
to
education.github.compack-
and
you
can
learn
all
about-
learn
more
and
learn
how
to
get
qualified
for
the
student
developer
pack
and
then
when
you're
starting
to
get,
you
know
looking
at
getting
some
work
experience.
This
is
something
my
own
eldest
son
is
doing.
Right
now
is
he's
thinking
about
going
from
education
into
the
workforce.
P
Erica
also
announced
the
github
india
externship
program
this
morning,
and
this
builds
on
top
of
github's
campus
experts
by
offering
participation
participating
students
a
unique
opportunity
to
work
with
some
of
the
leading
companies
in
india
and
get
hands-on
development
experience
outside
of
the
classroom.
The
program
offers
three
months
paid:
externship
to
open
source
projects
in
partners
in
partnership
with
tech
companies,
and
in
return
these
top
tech
companies
get
to
start
building
relationships
with
developers.
P
They
may
want
to
hire
when
they
graduate
and
also
help
make
sure
open
source
is
getting
the
contributions
that
it
needs
to
be
supported.
The
gear
of
india
externship
program,
you
know,
really
helps
connect
the
dots
between
open
source,
the
next
generation
of
software
developers
and
successful
and
growing
companies
so
definitely
check
that
out.
If
that's
of
interest
ryan.
So,
let's
look
at
what's
coming
up
tomorrow,
we've
got
a
brilliant
day,
lined
up
for
us
tomorrow
and
loads
and
loads
of
great
content.
P
Did
you
know
that
we've
shipped
over
a
hundred
features
to
get
up
in
the
past
six
months?
We're
shipping
features
every
single
day.
Tomorrow
morning
my
boss,
shanku,
will
be
joining
us
with
the
caster
characters
from
across
the
entire
company
and
the
entire
globe
and
joining
you
here
and
he's
going
to
take
us
on
this
demo
pack
session.
I
think
there's
only
about
six
minutes
of
talking.
P
The
rest
of
the
time
is
just
all
demos,
where
we're
going
to
go
all
the
way
through
github
showing
you
all
the
latest
features,
including
one
or
two
brand
new
features.
That'll
get
their
first
exclusive
look
tomorrow
morning
for
you
in
the
keynote
session
first
thing
tomorrow
morning.
It
promises
to
be
a
fantastic
session,
definitely
worth
tuning
in
for
and
actually
straight
after
that
session,
we'll
be
splitting
back
into
the
two
channels.
P
Again,
I'm
a
good
friend
of
vp
he's
a
vp
of
software
engineering,
sanjay
mulphani
he's
going
to
be
joining
us
from
hyderabad
to
talk
about
the
work
the
github
engineering
team
are
doing
here
in
india
and
the
work
they
do
and
some
of
the
lessons
they've
learned
along
the
way
and
with
all
the
fantastic
sessions
you
know,
dr
varelsa,
the
co-founder
of
julie
computing
is
going
to
be
talking.
One
of
my
friends.
P
Shashank
bazaar
is
going
to
be
talking
about
github
actions
and
that's
and
then
my
my
good
friend
mitch
manners
will
be
joining
us
live
from
australia
to
tell
you
how
to
get
up
like
a
boss.
So
definitely
check
that
session
out
and
just
like
today,
the
open
source
track
will
have
a
bunch
of
lightning
talks.
P
Some
things
like
tensorflow
kubernetes
emma
lots
using
github
all
that
sort
of
stuff
so
definitely
check
that
out
and
remember
it
promises
to
be
a
fantastic
day,
but
you
can
get
started
on
github.com
for
free
right
now:
it's
free
to
developers
and
teams
of
any
size
for
private
projects,
as
well
as
for
open
source
projects.
So,
if
you're
learning
to
code,
if
your
country
reaches
open
source
or
if
you're
starting
a
new
private
project
or
startup,
you
can
do
that
on
github
for
free
today,
right.
Okay,
that's
enough
for
joining
me
for
this
quick
wrap-up!
P
So
thanks
very
much.
I
hope
you
enjoyed
getting
using
github
as
much
as
we
enjoy
building
it.
I'm
going
to
head
back
over
into
discussions
right
now,
so
you
can
join
us
and
ask
questions
in
the
chat
down
there.
But
in
the
meantime,
thank
you
very
much
for
joining
us
today
and
I'm
looking
forward
to
seeing
you
tomorrow
take
care
bye.
I
Thank
you
there,
martin,
for
such
an
awesome,
closing
session
and
going
over
everything
that
was
shared
today
and
what's
coming
up
all
of
you.
Thank
you
so
much
for
joining
us.
A
lot
of
great
contentiously,
the
launch
of
great
programs
for
startups
students,
accidents,
security,
linkered
vision,
chaos,
engineering,
we
covered
it
all
hit
us
on
twitter
and
let
us
know
what
were
your
favorite
sessions
key
quotes
that
you
really
liked
and
hit
mohit
junaid,
87
or
divya
vashnavi,
and
we
would
want
to
see
more
of
you
in
the
headgear
or
in
the
dance
moves.
J
Absolutely
absolutely
what
energetic
day
and
for
tomorrow
we
have
more
amazing
sessions
for
you
at
devops
channel
we're
gonna
talk
about
how
you
can
create
your
own
github
apps
and
your
own
github
actions.
We're
gonna
talk
about
mlogs
using
github
and
we're
also
going
to
talk
about
how
github
uses
github
in
our
own
organization
for
collaboration.