►
From YouTube: GitHub Universe 2020: Day 1 - Enterprise Asia Pacific
Description
Senior leaders and decision-makers from global companies can hear from industry experts on transformation, security, scalability, and productivity. Whether it’s modeling for DevOps with 3M or learning how to overhaul legacy engineering practices through innersource with Intuit, these sessions will help you and your teams build like the best.
https://githubuniverse.com
A
A
A
A
A
A
A
A
A
A
B
B
C
C
C
C
C
A
A
A
D
A
D
C
C
C
C
C
C
A
A
A
A
E
Good
morning
welcome
to
github
universe.
Today
we
are
going
to
walk
you
through
how
we
use
github
at
github
and
along
the
way,
show
you
some
of
the
really
cool
new
features
we've
been
building,
let's
check
it
out.
I
start
my
morning
with
the
github
mobile
app.
I
check
out
my
notifications
and
I
catch
up
with
my
favorite
communities.
E
E
We've
learned
a
ton
from
the
communities
that
have
already
been
using
discussions
and
we've
added
some
great
new
features
like
customizable
categories
and
native
support
in
our
mobile
apps.
It's
awesome,
oh!
This
is
a
really
interesting
idea
that
came
from
the
community.
I
actually
think
we
should
work
on
this,
so
I
am
just
gonna
at
mention
ryan
see
if
he
can
figure
it
out.
F
Hey
leo
check
this
out
that
just
pinged
us,
that
is
a
great
idea.
Let's
open
an
issue
and
get
started.
F
F
F
F
G
G
G
Looking
at
the
pr,
we
can
see
that
there's
some
new
dependencies
to
power
these
animations,
we
should
give
them
a
once-over.
That's
super
easy.
With
our
upcoming
dependency
review
tool,
that's
built
into
pull
requests
it
automatically
surfaces,
security,
vulnerabilities
and
helpful
information
about
the
added
dependencies
when
you
preview
the
package
json,
I
see
we're
pulling
in
a
couple
of
libraries
that
have
vulnerabilities
so
I'll
need
to
update
these
to
the
patch
versions
before
we
merge.
G
G
E
Github
sponsors,
you
can
fund
the
open
source
projects
you
depend
on
and
the
developers
you
admire.
Github
sponsors
has
already
been
a
game
changer
for
developers,
including
some
who've,
been
able
to
quit
their
jobs
and
go
full
time
as
professional
open
source
developers.
They
don't
work
for
any
single
company.
They
work
for
the
internet.
E
G
G
F
Whoa,
it
looks
like
nao
cranked
this
out
already,
let's
check
out
the
pull
request
to
give
it
an
approval,
so
we
can
ship
it
with
github
mobile.
Not
only
do
I
get
push
notifications
for
things
like
comments,
but
I
can
keep
working
on
any
of
my
repositories,
no
matter
where
I
am,
let's
jump
to
nao's
pull
request
and
take
a
look
with
ui
changes
like
this.
Sometimes
it's
hard
to
know
if
everything's
working
just
by
looking
at
the
diff.
F
Sometimes
I
actually
need
to
run
the
app
to
see
the
changes.
This
calls
for
a
code,
space,
github
code,
spaces,
environment
right
in
my
browser,
even
on
an
ipad.
It's
like
an
infinite
dev
box
configured
in
code
and
since
codespaces
is
built
on
top
of
visual
studio
code.
It
gives
us
a
fully
featured
editor
right
in
my
browser,
complete
with
built-in
terminal
access
and
shell
access.
F
H
H
H
This
new
ui
is
looking
fresh.
You
can
see
exactly
what's
happening
in
your
workflow,
how
steps
and
jobs
relate,
and
even
what
state
they're
in,
for
example,
here
we're
running
the
final
minification
of
bundling
steps
in
parallel,
while
regenerating
our
project's
document
pulling
out
the
staging
now
we're
ready
to
talk
about
the
final
workflow
step.
H
H
E
Tens
of
millions
of
developers
use
github,
but
so
do
hundreds
of
thousands
of
companies,
including
some
of
the
biggest
in
the
world.
For
those
users,
we've
been
hard
at
work,
adding
all
the
new
features
you
saw
today
to
github
enterprise
server.
So
you
get
all
the
power
of
the
best
teams
in
the
world
running
on
your
company's
network.
That
includes
github
actions,
packages,
code
scanning
and
support
for
the
native
get
up
mobile
apps.
All
of
this
is
available
in
a
major
new
release.
We
call
github
enterprise
server
3.0.
E
This
is
the
biggest
release
we've
done
of
github
enterprise
server
in
years.
Okay,
that
was
an
awesome
day.
The
team
went
from
an
idea
that
came
from
our
community
all
the
way
to
production,
using
discussions
issues
the
new
cli,
our
native
mobile
apps
code,
spaces,
pull
requests
code,
review,
branch
protection,
continuous
deployment,
advanced
security
scanning
tools-
you
saw
it
all
at
github.
The
thing
we
care
about
the
most
in
the
world
is
developer
experience,
so,
whether
you're
an
open
source
developer,
you
work
at
a
company
or
you're
a
student
just
getting
started.
E
K
I
Whoa,
who
is
that?
Are
you.
J
M
In
the
words
of
the
immortal,
john
oliver
welcome
welcome,
welcome
to
github
universe,
2020,
the
global
developer
event.
I'm
really
excited
to
be
here
with
you
all
as
we
dive
into
the
really
cool
stuff
going
on
in
the
world
of
github.
My
name
is
daniel
ferguso
and
joining
me
here
in
the
enterprise
channel
over
the
next
three
days
is
our
very
own
divya
hi
divya.
M
N
And
welcome
everyone
to
github
universe,
our
annual
marquee
events
streaming
straight
in
your
office,
drawing
room
garden
wherever
you
are,
I'm
vivia,
vaishnavi
and
so
excited
to
be
your
host
next
three
days.
Welcome
again,
this
is
going
to
be
so
much
fun
daniel!
Isn't
it
tell
us?
Where?
Are
you
right
now.
M
So
divya,
I'm
not
broadcasting
out
some
out
of
some
kind
of
great
white
void,
I'm
actually
in
my
home
office.
I
live
in
the
blue
mountains,
a
little
west
of
sydney,
australia.
Now
I've
been
with
github
for
about
five
years
and
one
of
the
many
roles
I've
had
is
a
senior
solutions
engineer
for
apac
and
that
job
usually
takes
me
all
over
the
region
right
from
south
korea,
all
the
way
down
to
tassie
from
india
and
china
all
the
way
across
to
new
zealand.
M
But
you
know
2020
so,
for
now
you
get
to
see
me
kind
of
work
out
of
my
den
of
star
wars:
toys
in
fact
my
lego,
yoga
staff,
finance,
fantastic
right.
All
these
bendy
bits
and
look.
Here's
yoda
and
oh
wait.
Look
I'm
getting
a
note
from
my
stage
manager
to
say
I've
got
to
keep
moving
so
maybe
tell
us
a
little
bit
about
yourself.
Divia.
N
M
N
Okay,
I
agree
I
digressed
so
coming
back
to
me,
I'm
director
of
product
at
github
education,
and
I
love
that
at
github
we're
able
to
give
students
all
that
they
need
to
develop
their
best
code
and
help
teachers
with
software
programming.
You
know
daniel.
This
is
my
first
year
at
github
past
few
years.
I've
attended
universe
and
always
admired
and
adored
it,
and
I
love
monadi
octocad,
it's
just
so
cool
so
being
here
with
you
all
and
hosting
universe
is
so
so
special
to
me.
M
Oh
wow,
this
is
your
first
year
at
github.
What
a
way
to
kick
off
your
hosting
career
here.
Look.
I'm
super
excited
to
be
with
you
here,
divya
and
with
everybody
tuning
in
it's
going
to
be
a
fantastic
event.
Now
our
previous
virtual
event
was
satellite,
and
that
was
just
absolutely
awesome,
but
this
is
the
first
time
we've
produced
something
as
big
as
universe.
Virtually
you
know
it's
our
it's
our
marquee.
You
know
product
and
community
event.
M
N
So
we've
got
ton
of
great
guests
talks
coming
for
you
over
the
next
three
days,
but
before
we
go
any
further,
can
we
just
talk
about
the
keynote?
Oh,
my
god,
what
a
can
I
say
performance
was
it
drama,
humor
new
features,
a
complete
look
at
github
of
how
we
use
github
and
the
enterprise
server.
I'm
sure
all
of
you,
industry
leaders
in
this
right
now
in
the
enterprise
channel,
are
just
excited
about
the
new
toy
on
the
shelf.
Isn't
it
I
love
the
auto,
merge
as
well.
N
This
is
going
to
save
so
much
time,
especially
in
the
scenario
of
world
teams
like
for
a
person
like
me
now,
when
I
would
wake
up
and
start
my
day,
my
pending
pr
would
not
only
be
approved,
it
would
be
merged,
and
if
I
have
my
action
set
up
right,
even
deployed
wow
such
a
big
bag
of
goodies
just
announced
for
all
of
us
and
before
I
forget
the
dark
mode.
Oh
my
god,
that's
the
first
thing
I'm
gonna
play
with
what
did
you
like
daniel.
M
Oh,
look
the
whole
keynote
dark
mode
divya.
I
never
need
to
be
afraid
of
coding
after
dark
and
hurting
my
eyesight
from
a
super
bright
web
page
again,
I've
been
flying
the
staff
shift
now
for
a
few
weeks
and
it's
pretty
spectacular
it
synchronizes
with
my
system's
automatic,
dark
mode,
settings
and
everything
you
know
so
much
work
went
into
dark
mode.
We
didn't
just
skin
it
or
invert,
some
colors.
M
We
actually
engineered
a
whole
new
display
engine
for
github,
and
we
hope
that
it's
a
joy
to
work
with
and
it's
super
accessible,
and
I
also
know
that
actions
and
packages
is
finally
making
it
to
github
enterprise
server
and
that's
going
to
make
a
lot
of
you
on
this
channel
super
super
happy,
and
I
know
that
a
lot
of
you
don't
even
work
for
github
right.
So,
to
be
honest,
I
thought
the
whole
keynote
was
fantastic.
M
Now,
folks,
we've
never
actually
done
anything
like
that
before
so
we'd
love
to
know
what
you
the
audience
think
about
this.
So
you
know,
let
us
know
on
twitter
use
the
github
universe.
Tell
us
what
you
thought
about
the
keynote:
what
you're
most
excited
about
for
universe
or
even
if
you
noticed
any
little
octocat
easter
eggs
in
the
background.
So
let's
get
back
to
these
next
three
days,
divya!
What's
actually
going
to
happen.
N
Okay,
so
let's
talk
about
the
next
three
days
and
what's
what's
we?
What
do
we
have
in
store
for
you
like
github?
This
is
a
global
event
with
speakers
and
hosts
broadcasting
from
five
continents
around
the
world,
two
right
here,
right
now
and
for
our
global
developer
base.
For
the
first
time
we
have
this
apac
broadcast
to
see
to
suit
your
time
zones.
Isn't
that
awesome,
daniel.
M
Actually,
I'm
kind
of
stoked
having
local,
apec
based
folks,
such
as
divya
and
myself,
guiding
you
through
the
event
and
this
time
around
to
make
it
easier
for
you
to
find
the
content,
that's
most
relevant
to
you.
We
actually
have
four
channels
based
on
your
interests.
We
have
the
enterprise
channel,
which
is
where
you
are
now
and
that's
where
we're
going
to
talk
about
things
like
transformation
and
security
and
scalability
and
productivity.
M
We
have
the
developer
channel
for
open
source
contributors
and
maintainers
and
developers
looking
to
understand.
You
know
the
latest
software
tools,
techniques
and
best
practices.
We
also
have
the
university.
Oh,
I
just
realized
what
we
did
there
university,
oh
boy,
okay,
all
right
anyway,
you
can
hop
over
to
the
university
channel
to
learn
from
hiring
managers
and
campus
and
industry
leaders
on
how
to
and
build
and
expand
on
your
technical
communities.
M
Actually,
you
know
when
I
was
at
university
back
in
medieval
times.
We
never
had
source
control
management
was
all
multiple
name,
source
code
files,
source.cc.v1,
v2,
etc,
and
we
had
no
worldwide
communities
to
engage
in.
So
what
students
get
access
to
today.
It
just
blows
me
away,
but
anyway
I
digress.
The
fourth
channel
is
play
an
entire
channel
dedicated
to
inspiring
and
entertaining
sessions
that
push
the
boundaries
of
code.
Now,
please
give
them
a
look.
We
don't
mind,
you
know
you
can
come
back
here
anytime.
M
N
Each
channel
actually
has
a
specific
theme
or
focus
for
the
day
here
in
the
enterprise
channel.
Today
the
theme
is
secure
development.
Tomorrow
we
have
devops
and
day
3
is
all
about
developer
experiences
and
remember
the
themes
change
from
channel
to
channel
2.
daniel.
Do
you
want
to
show
how
folks
can
create
the
schedule.
M
Sure
so
folks,
don't
forget
that
session
scheduling,
including
the
daily
themes
for
all
channels,
is
available
on
githubuniverse.com
schedule.
Now
here's
a
schedule
I
built
so
that
you
can
see
how
it
works.
You
can
build
your
own
schedule
by
favoriting
sessions
or
saving
notifications
to
your
calendar
when
it's
ready,
you
can,
you
know,
share
your
schedule
with
the
rest
of
the
world.
We
want
you
to
create
your
universe,
the
way
that
it's
best
for
you
and
if
you
can't
stay
with
us
all
day,
that's
fine.
M
N
Don't
worry
daniel,
we
have
everything
sorted
so
github,
piloted
with
discussions
at
github
satellite
and
it
worked
great
use
it
as
a
platform
from
to
engage
with
each
other
and
to
engage
with
us
you
if
you're,
not
an
active
discussion
user,
I'm
excited
for
you
to
jump
in
and
see.
What's
new,
you
can
open
up
discussions
for
any
relevant
and
on
topic
conversations
you
want
to
have
subject
matter
experts,
speakers
and,
of
course,
the
community.
You
will
be
engaging
during
this
during
these
sessions,
so
go
to
githubuniverse.com
discussions
and
join
the
conversation.
M
N
You
know
what
daniel
I
am
way
ahead
of
you.
I've
generated
my
own
octocat
check
it
out.
It's
called
devatocad
and
she's
hanging
out
on
my
twitter
feed.
So
go
ahead.
Folks
create
your
own
and
share
with
the
world.
You
can
actually
also
get
your
octocat
your
own
octocat
printed
on
some
very
sweet
gear.
Sweatshirt
sky
is
the
limit.
So
next
week,
when
we
meet
here,
devato
cat
t-shirt.
M
Oh
wow,
that
is
so
cool,
and
now
I
am
super
jealous.
In
fact,
I'm
going
to
go,
create
one
during
our
first
break
now
this
reminds
me.
I
also
want
to
give
a
quick
shout
out
to
all
the
producers
who
are
looking
after
us
hosts.
They
sent
us
some
awesome
swag,
including
a
ton
of
coffee
and
popcorn
and
chocolate.
In
fact,
I
joined
mish
in
chat
yesterday
as
she
streamed
an
unboxing
on
her
twitch
channel
yesterday.
N
M
I
think
that's
about
all
the
housekeeping.
I
can
remember
for
now
before
we
jump
into
today's
programming.
Now,
as
divya
said
earlier,
our
theme
for
today
is
secure
development.
So
what's
our
plan
for
today,
divya.
M
Oh
wait.
I
almost
forgot
before
we
get
started
divya.
I
do
want
to
say
thanks
to
a
special
group
of
folks.
They
are
the
companies
that
have
come
on
board
to
sponsor
github
universe
this
year,
it's
taking
the
time
to
create
some
awesome
demos
and
giveaways,
and
they
just
want
to
help
even
deeper.
So
please
check
them
out
by
clicking
on
the
sponsors
link
above
or
head
over
to
githubuniverse.com
sponsors,
all
right,
let's
jump
into
our
program.
So
here
is
our
first
session.
It's
that
overview
of
code
spaces
that
you
mentioned
earlier
divya.
M
N
So
joining
and
sharing
all
about
code
spaces
are
two
product
managers
from
github,
bailey
brooks
and
matthew.
Isabel
bailey,
like
I
said,
is
a
product
manager
on
github
code,
spaces,
loves
video
games
and
actually
has
a
dog
named
atari
matthew.
Isabel
is
also
a
product
manager
at
github.
I
had
the
pleasure
of
working
with
him
in
my
previous
roles
and
know
he
loves
to
think
about
the
future
of
writing
debugging
and
shipping
code,
and
that's
exactly
what
he's
doing
at
github
too.
N
Remember
folks
engage
with
us
on
discussions,
that's
where
we
you
can
connect
with
bailey.
You
can
connect
with
matthew
and
the
other
subject
matter:
experts
from
github
we
daniel
and
I
will
take
questions
from
there
and
bring
to
bailey
and
matthew
for
the
live
q.
A
also
remember
folks,
don't
forget
to
rate
the
session.
We
really
value
your
feedback
find
the
yellow
star
next
to
the
joint
discussion
on
the
bottom
of
this
page
and
share.
How
did
you
feel
about
it
so
over
to
you,
bailey
and
matthew.
O
Hi
everyone,
I'm
bailey,
I'm
here
with
matthew
and
we're
both
product
managers
on
github
code
spaces.
Earlier
there
we
announced
github
code
spaces
at
satellite
and
the
excitement
from
the
community
was
overwhelming,
to
say
the
least.
It
was
amazing
just
how
excited
the
community
was
to
be
able
to
have
a
cloud
dev
environment,
so
you
can
go
up.com
to
a
running
without
any
setup
or
configuration
since
may.
The
team
has
put
in
a
ton
of
work
in
order
to
really
continue
delivering
on
that
vision
of
cloud-based
development
that
feels
fast
and
lets.
O
O
O
P
O
Writing
great
code
should
be
about
doing
just
that,
and
not
the
periphery
of
machine
management
that
surrounds
it
code.
Spaces
are
available
anywhere
you
can
connect
from.
I
don't
have
to
worry
about
a
machine
in
my
office
or
at
my
house
who
lives
it's
all
just
available
and
easy
to
access
anywhere
that
I
can
get
to
a
browser.
O
O
We
know
people
are
excited,
we've
added
thousands
of
users
and
received
tons
of
feedback
and
we're
working
to
continue
improving
the
product
really
with
an
emphasis
on
making
it
fast.
So
we'll
continue
to
expand
the
beta
and
then
target
a
ga
in
the
spring
or
summer
period,
and
now
I'm
going
to
hand
it
over
to
matthew
and
he'll
walk
us
through
a
demo.
Q
So
we're
going
to
start
here
on
the
repo
landing
page,
and
this
is
a
page
that
I
love
like
it's
a
page
of
so
much
possibility
every
new
project
you
come
across
you're,
probably
starting
on
the
repo
landing
page
and
there's
so
much
information
here,
there's
so
much
density
of
information.
You
have
the
code,
you
have
the
contributors,
you
have
a
readme,
there's
just
so
much
to
absorb
here
and
again,
this
page
is
like
so
exciting.
I
we're
talking
about
it.
Thinking
about
learning
a
new
language.
Q
The
first
time
I
came
across
a
really
exciting
project
or
or
something
I
potentially
want
to
pull
into
a
project
I'm
working
on,
and
I
get
to
the
repo
landing
page.
It's
just
so
exciting
to
come
here
and
and
want
to
explore
this
project.
Maybe
it's
my
first
day
on
a
new
team,
and
this
is
kind
of
my
first
exposure
to
the
project,
the
code,
the
readme,
how
it
works.
Q
My
only
problem
is
like
sometimes
this
page
can
feel
a
little
bit
like
a
wall.
It
can
feel
much
information
here.
There
is
a
readme,
and
sometimes
that
read
me,
is
really
dense
and
explains
a
ton
about
the
project.
Maybe
there's
a
lot
of
configuration
and
setup
or
other
times.
Maybe
the
readme
is
really
shallow.
Q
Maybe
it's
just
been
one
or
two
people
collaborating
on
a
product
and
they
really
haven't
evolved
it
into
a
really
robust
readme
yet,
and
while
this
can
sometimes
feel
like
a
bit
of
a
wall
just
because
there's
so
much
here,
what
this
page
should
really
feel
like
is
like
a
door.
It
should
feel
like
a
door
to
to
connect
to
this
amazing
project.
You
want
to
get
started
with,
and
that's
really
where
code
spaces
comes
in
and
the
way
we
get
to
code
spaces
is
right
from
this
page.
Q
Q
So
you'll
see
we
connect
here
in
what
fields
in
really
is
vs
code
and
it's
vs
code
in
the
browser,
and
for
me
personally,
this
feels
a
lot
like
home
and
the
reason
is
because
I
use
the
github
dark
theme
and
this
is
using
the
github
dark
theme.
But
if
I
had
another
theme
I
could
have
that
set
up
and
synced
across
my
code
spaces
as
well.
Q
You
can
see,
I
have
my
custom
and
my
dot
files
are
synced
over
automatically.
So
I
really
have
everything
I'm
developing
locally
you'll
even
see
there
are
some
extensions
that
aren't
standard
here
that
don't
come
automatically
out
of
the
box,
so
I'm
also
able
to
bring
in
the
extensions
that
I'm
used
to
that.
I
like
to
work
with
and
use
them
all
inside
of
the
browser
for
this
code
space.
Q
Q
Q
Q
That
martin
was
just
talking
about
and
I
have
little
haikus
that
we've
written
about
some
of
these
octa-cats
and
this
is
really
cool.
I'm
running
a
node
app.
It
has
a
postgres
database
backing
it.
It's
not
super
complex,
but
I'm
able
to
get
the
full
app
running
with
a
container
for
my
web
service
and
with
a
container
for
my
database,
I
can
interact
with
it.
I
can
do
everything
I
would
do
to
build
this
app
port
it
on
securely
to
me.
Q
Q
Q
So
I'm
going
to
create
a
little
bit
more
space
here
and,
as
I
said,
this
is
a
pretty
basic
node
express
app
and
we
have
some
endpoints
that
are
defined
here
and
we
have
this
endpoint
for
for
the
heart
experience,
so
I
can
go
ahead
and
heart,
something
and
like
it
and
the
counter
goes
up.
So
what
I'm
going
to
do
is
I'm
going
to
put
a
break
point
right
here
and
we
can
jump
right
back
into
our
code
or
our
live
running
app,
I'm
going
to
go
button
and
you'll
see
up
here.
Q
Q
So
what
I'm
going
to
do
is
I'm
actually
going
to
stop
the
debugger
for
a
second.
I
think
we
need
to
talk
about
how.
How
is
this
working
like?
How
did
we
even
get
to
the
point
where
I'm
running
this,
this
multi-container
app
and
debugging
it
in
the
way
is
so
you'll
see
up
top?
I
have
a
dev
container
and
then
we
have
this
json
file.
So
let's
click
in
here
and
check
this
out.
Q
Q
I
have
some
forwarded
ports,
I'm
able
to
bring
it
using
bash,
so
that's
brought
in
autumn.
It's
really
cool
and
it's
check
out
this
docker
compose
I
just
referenced
and
you'll
see.
I
have
two
services
here.
I
have
a
web
service
and
that
depends
on
my
database
service,
so
we'll
go
ahead
and
collapse
the
web
service
and
you
can
see-
I
have
my
postgres
database
so
when
we
actually
go
ahead
and
create
this
code
space,
you
have.
You
know
your
web
service
in
a
container.
Q
Q
Here
and
let's
continue
to
walk
through
this
dev
container,
so
we
have
a
post
create
command.
So
basically,
I'm
saying
hey
when
you
go
ahead
and
create
my
code
space.
I
want
you
to
do
my
npm
install
for
me
and
then
this
last
part
is
super
cool,
so
I
can
load
in
extensions
and
the
great
part
about
this
again
is:
this:
is
configures
code,
this
lives
in
the
repo.
Q
And
maybe
I
have
a
style
guide
for
my
team
and
I
want
everyone
to
be
able
to
use
that
same
style
guide.
If
we
open
it
in
a
code
space,
it's
pre-loaded
there.
It
can
be
set
up
with
our
style
guide.
So
right
now
I
haven't,
I
think,
finished
configuring
it.
So
if
we
actually
did
an
extends
here
and
then
we
did
the
excellent
recommended,
you
can
go
ahead
and
actually
see
my
index
file
is
now
and
if
we
went
and
we
went
back
into
our
terminal,
you'll
see
assignments.
Q
I
did-
and
I
have
some
assignments
that
I'm
actually
not
using
and
they're
just
sitting
here
in
the
project.
So
I
haven't
really
finished
my
refactor,
but
it's
things
like
this
that
eslint
can
catch
for
me.
I
can
just
standardize
this
across
everyone
in
this
project,
so
the
code
comes
out
really
uniform.
I
love
that.
Q
Q
Q
Q
So
I'm
going
to
get
rid
of
this.
I'm
going
to
close
out
of
these
files.
Let's
go
back
to
our
index.
You
know
we're
not
using
these,
so
we
can
get
rid
of
those
if
we
want
we're
also
getting
some
other
things
from
eslint,
where
it's
telling
me,
I
have
other
values,
I'm
not
error,
handling,
there's
a
lot
to
to
be
desired.
Q
Let's
make
this
a
template,
and
now
I'm
going
to
go
back
to
my
terminal,
make
sure
that
that
still
prints
out
as
I
expected,
I
get
my
forwarded
port
awesome.
Everything
looks
great
and
now,
if
we
wanted
to,
we
could
go
in
here.
We
could
make
our
commits
and
push
them
to
our
repo,
and
this
is
like
a
awesome
end
to
end
right.
We
started
our
repo
landing
page.
We.
J
Q
The
eslant
we
were
able
to
look
at
our
database,
we're
able
to
make
a
change,
and
now
we
could
push
that
back
all
from
the
browser,
and
this
is
awesome
for
quick
changes.
It's
awesome
for
my
ipad.
I
think
ryan
demoed
code
spaces
on
the
ipad
and
the
keynote,
and
that's
like
spectacular.
I
love
to
be
able
to
do
all
of
these
things
on
the
go
and
not
worry
about
where
the
code
is
living,
where
the
latest
code
is
the
power
of
my
local
machine
is
not
relevant.
Q
I'm
able
to
connect
to
an
even
more
powerful
machine
in
the
cloud,
but
I
also
have
time
using
vs
code
locally,
and
I
want
to
go
from
vs
code
and
connect
to
my
code
space,
and
I
can
do
just
that.
So,
let's
go
to
vs
code
and
I'm
actually
going
to
go
to
the
remote
explorer
and
I've
installed
the
code,
spaces
extension.
Q
And
what
I'm
able
to
do
from
here
is:
I
can
connect
to
this
code
space
from
vs
code.
So,
what's
going
to
a
second,
it's
gonna
set
up
our
connection
and
then
we're
gonna
have
our
entire
in
just
the
state
that
it
was
right
because
we're
connected
to
that
remote
machine.
So
you
can
see
my
changes
are
here
and
I
can
go
ahead
and
if
we
want
to
make
our
commits
from
here
updates
for
live
demo
and
go
ahead
and
make
our
changes,
everything
looks
good
and
let's
go
ahead
and
push
them.
Q
So
I'm
going
to
go
ahead
and
push,
and
now
our
changes
are
back
on
our
repo.
So
if
I
go
back
to
the
web,
we
can
see
this
full
end
to
end.
I'm
going
to
use
the
command
line
with
this
nifty
little
trick
to
go
back
to
the
repo
and
you'll
see
updates
for
live
demo.
Here's
our
commit
you'll
see
that
it
kicked
off
github
actions.
So
it's
now
running
my
tests
and
we
did
all
of
this
from
the
code
space
again
we
started
in
the
web.
We
opened
our
code
space,
our
debugger.
Q
We
set
up
eslint
google
tools,
extension,
we
went
down
to
the
desktop
connected
from
vs
code
and
then
we
went
ahead
and
we
pushed
our
changes
and
we
were
able
to
kick
off
github
actions.
So
all
of
this,
just
from
a
code
space
I
didn't
have
to
do
any
machine
configuration
it
doesn't
matter.
What
else
is
running
on
my
machine?
What
is
competing
for
resources?
Q
And
I
also
want
to
plug,
if
I
may
really
quickly,
allison
is
doing
a
talk.
Allison
is
our
teammate
and
it's
on
the
developer
stream.
So
after
this,
if
you
want
to
see
an
even
deeper
dive,
some
tips
and
tricks
some
additional
functionality,
I
wasn't
able
to
cover
in
this.
If
you
jump
to
the
developer,
you
can
see
allison's
talk
and
it'll
be
for
there.
The
last
thing
I
want
to
do
is
just
say
like
thank
you
so
much
one
to
the
team
that
is
building
this.
That
is
in
discussions
now.
Q
Q
In
addition
to
that
thanks,
you
know
a
huge
thanks
to
the
team,
a
huge
thanks
to
bailey
everyone
involved
in
the
production
here.
Everyone
in
the
beta
want
to
get
into
the
beta.
We
are
going
to
be
adding
more
and
more
folks
as
we
target
our
ga,
but
those
that
have
given
feedback.
Those
that
have
tweeted
us
those
have
had
put
things
in
the
community.
Q
It's
been
spectacular,
like
the
engagement,
has
been
incredible.
As
bailly
said
from
from
the
moment
we
debuted
this
at
satellite
and
it's
so
special
to
work
on
this
project,
because
there
is
so
much
excitement
and-
and
it's
really
because
of
the
people
that
are
excited
about
vs
code,
the
people
that
are
excited
about
this.
So
thank
you
so
much
for
trying
the
beta
and
that's
our
that's
our
demo.
So
I
can't
wait
to
kind
of
see
some
of
the
questions
that
you
all
have.
N
Thanks
bailey
and
matthew
that
was
awesome.
I
think
code
spaces
is
gonna,
be
a
game
changer
for
every
developer
in
the
world.
Remember
folks
rate
us
rate
the
session.
Tell
us:
how
did
you
feel
about
it
and
now
it's
time
for
q?
A
really
the
first
question
is
for
you:
what's
the
roadmap,
looking
like
like
what
the
new
things
you
folks
are
working
on.
O
We
have
a
lot
of
exciting
features
that
we've
been
working
on
throughout
the
beta
for
codespaces.
Of
course,
you
know
we
hear
so
much
feedback,
and
so
we
try
to
incorporate
it
and
really
prioritize
it
based
on
what
our
users
are
needing
the
most
some
of
the
things
that
we're
really
excited
to
share.
Soon,
we
don't
have
specific
dates,
but
we
are
building
out
secret
support,
so
we'll
be
able
to
set
secrets
for
your
code
spaces
at
the
user,
repository
and
organization
level.
It
will
kind
of
be
similar
to
the
action
secrets.
O
So
you
know
how
can
we
support
these
larger
enterprises
and
smaller
organizations
to
do
their
best
work
with
code
spaces
performance,
as
I
think
we
said
like
a
million
times
in
our
talk
is
top
of
mind,
we're
trying
to
make
it
as
fast
as
possible,
so
reliability
kind
of
goes
hand
in
hand
with
that.
Those,
I
would
say,
are
the
most
exciting
things
to
me.
Q
I
think
the
only
things
I
might
add
are
like
this
whole
the
whole
process,
when
I
just
kind
of
showed
in
that
demo,
having
a
dev
container
setting
up
a
dev
container,
getting
your
configuration
set
up
the
way
that
you
want.
It
is
a
process
that
we
just
want
to
make
easier.
We
want
to
make
it
smoother.
We
want
to
have
a
really
compelling
onboarding
experience.
So
if
you've
used
code
spaces
today,
you'll
notice,
there
are
a
set
of
the
sample.
Q
Dev
containers
fueled
through
the
docks
and
those
are
a
great
starting
point,
but
we
really
want
to
get
into
the
product
a
really
compelling
rebuild
of
your
container
experience
really
a
way
for
you
to
be
able
to
tweak
that
and
kind
of
get
to
the
depth
container.
You
want
and
have
that
configuration
you're
looking
for
and
make
that
super
fast
as
bailey
said.
So
I
think
that's
really
one
super
exciting
thing
on
the
roadmap.
It's
just
like.
How
can
we
make
more
people?
Q
Have
that
really
great
developer
experience
faster
and
be
able
to
configure
it
and
change
things,
but
I
think
that
list
was
excellent
performance,
of
course,
and
and
yeah
a
lot
of
exciting
things
coming,
especially
you
know,
even
by
the
end
of
this
year,
for
folks
in
the
beta
and
then
you
know
over
the
next
quarter.
A
lot
of
those
things
will
start
to
light
up.
M
Q
Yeah
that
was
really
the
the
second
part
of
that
demo
is
being
able
to
connect
from
vs
code,
and
I
think
in
that
demo
I
did
it
while
already
inside
of
bs
code,
I
kind
of
you
know
alt
tabbed
over
to
vs
code
or
convert
command
tabbed
over
and
if
I
install
the
github
code,
spaces
extension
that
will
just
show
all
of
my
code
spaces
once
I
sign
in
I
can
connect
to
any
of
those
code
spaces.
I
can
create
a
code
space
from
that
extension,
so
I
can
really
live.
Q
Q
There's
a
click
in
the
bottom
left
and
you
can
say
open
this
nvs
code,
so
you
can
go
from
the
web
pretty
seamlessly
into
the
desktop
experience
as
well,
and
I
think
this
is
something
that,
like
one,
I,
I
don't
think
we
had
this
actually
at
satellite.
It
was
something
that
was
in
development
and
it's
just
really
compelling
for
folks.
Q
I
feel
like
there's
a
lot
of
people
in
the
beta
that
when
we've
talked
to
them
in
interviews
and
things
like
that,
like
they
haven't
known
about
it,
so
it's
definitely
something
to
check
out.
You
just
have
to
install
the
github
code,
spaces
extension
and
vs
code
and
you're
kind
of
off
and
running
with
that.
N
Awesome
awesome
the
next
question
for
whoever
wants
to
take
it.
So,
as
all
of
you
know,
like
es
code,
is
the
most
well
known
editor
and
most
used
editor.
The
key
and
people
like
personalize
it
with
the
extensions
so
would
all
of
vs
code
and
with
all
of
those
extensions
work,
the
same
way
in
the
browser
as
well.
O
Yes,
I
can
take
this
one
yeah,
I
mean
we
pretty
much
packaged
up
vs
code
and
popped
it
into
the
browser.
You
should
get
the
same
experience
that
you
have
in
your
local
installation,
and
that
extends
to
the
extensions.
Of
course,
you
know
we
are
working
through
a
lot
of
work
streams
every
day,
making
sure
that
we
can
support
as
many
languages
as
possible
and
as
many
different
experiences
that
we
expect
users
to
go
through
as
possible.
O
Q
Yeah,
I
would
definitely
it's
like
just
a
plus
one
yeah.
I
would
definitely
say
that
I
would
say
if
you
do
have
an
extension
to
bailey's
point
that
isn't
working
or
anything
like
that.
We
have
a
community
forum,
definitely
go
to
the
community
forum,
let
us
know-
and
we
can
work
with
the
extension
authors
and
we're
working
on
our
documentation
to
kind
of
extension
authors
trying
to
make
sure
that
their
extensions
are
working
in
code
spaces.
M
No,
I
haven't
got
anything
else
coming
in
from
the
the
discussions
channel
here.
So
look.
Thank
you.
So
much
bailey
and
matthew.
N
You
again
for
joining
us
and
checking
all
about
so
folks,
if
you
didn't
notice,
speakers
have
included
other
links
and
reference
material
on
the
github
universe.
Website,
billy
and
matthew
will
be
in
discussions
for
the
next
30
minutes.
Continuing
to
answer
your
questions
so
go
talk
to
them
on
discussions
and
get
to
know
all
more
about
code
spaces.
N
Folks,
so
what's
happening
right
now
on
the
dev
channel
is
github
code
spaces
beyond
the
basics
and
on
the
play
channel
is
exploring
generative
spaces,
a
quick
start
to
generative
art
awesome
like
that,
might
be
really
inspiring
going
into
the
next
session.
It's
actually
pretty
interesting
and
it's
different.
It's
a
panel
discussion
on
youtube,
dl
maintainers
and
their
impact
they're,
going
to
share
all
about
maintainers
best
practices,
so
join
us
for
a
panel
discussion
with
two
maintainers
of
the
youtube
dl
project
and
the
human
rights
watch
who
relies
on
the
open
source
project.
M
Sure-
and
I
just
want
to
give
you
a
quick
reminder
that
you
know
all
the
videos
of
these
sessions
will
be
going
online
about
you-
know,
24
hours,
you
know
after
they've
had
here
at
githubuniverse.com
and
don't
forget
to
shout
out
on
us
at
twitter,
use
that
hashtag
giveupuniverse.com
he's
going
to
be
moderated
by
github's
abbey
volmer
and
should
be
leading
this
panel
and
folks
remember
to
engage
with
us
on
discussions
and
also
don't
forget
to
rate
this
session.
We
really
value
your
feedback
here
so
find
that
yellow
star
next
to
the
join
discussion.
R
S
P
Hi,
I'm
gabby.
I
work
as
the
head
of
open
source
research
at
human
rights
watch,
an
international
ngo
that
investigates
and
reports
on
human
rights
abuses
around
the
world,
and
you
may
have
heard
the
word
open
source
in
my
job
title.
So
I
just
wanted
to
clear
this
up
that
this
relates
to
another
kind
of
open
source
which
is
open,
source
information
information
that's
publicly
available
rather
than
open
source
software
and
hardware.
R
S
First
of
all,
I
would
like
to
briefly
describe
describe
what
actually
youtube
dl
is
about
for
those
who
may
never
heard
of
it.
Basically
youtube
dl
dls
for
download
is
a
media
downloader
with
lots
of
options
and
wide
range
of
supported
sites.
Yes
despise
despite
its
name,
it's
not
only
for
youtube,
but
for
the
most
popular
media
services
like
youtube,
email
and
so
on,
as
already
mentioned
by
ib,
youtube
deal
started
back
in
2006
by
ricardo,
garcia,
admittedly
gained
popularity
quite
shortly,
and
eventually
moved
development
to
github
in
around
2010.
S
S
Most
of
us,
both
of
such
challenges,
came
from
the
nature
of
youtube
deal
itself
more
specifically,
it's
all
about
a
never-ending
cat,
mouse
game
between
youtube
dl
and
its
supported
websites
that
constantly
change
and
overtake
simply
speaking
once
some
websites
apis
changes,
youtube
deal
has
to
adapt
to
these
changes
and
actually
keep
itself
working.
S
S
You
may
probably
notice
many
times
when
youtube
deals
stops
working
for
some
reason.
Simply
updating
it
magically
fixes
the
problem,
but
there
is
actually
no
no
major
happens
here,
but
rather
someone
have
just
written
a
patch
and
fixed
version
was
released.
S
Another
quite
important
challenge
is
an
overall
project
maintenance
strategy
under
the
limited
manpower
conditions
being
quite
popular
youtube,
dl
receive
an
enormous
number
of
issues
and
pull
requests
to
deal
with.
So
there
is
always
a
compromise
for
us
on
what
features
to
fix
as
soon
as
possible
and
what
we
can
delay
or
even
not
fix
at
all.
What
changes
do
we
merge
and
not
to
merge
yet
and
so
on?
S
Reviewing
the
code
is
also
a
little
bit
harder
comparing
to
regular
software
projects,
because,
besides
actually
reviewing
and
checking
the
code
itself,
we
also
have
to
inspect
and
check
whether
the
extraction
algorithm
is
correct
or,
if
it's
possible
to
do
better
and
so
on.
We
also
deal
with
answering
questions
and
emails
and
do
basic
support
all
on
our
own.
S
All
of
this
bring
us
to
another
compromise
on
how
to
achieve
maximum
productivity,
keeping
the
quality
on
decent
level
and
minimize
our
efforts
at
the
same
time,
so
with
challenges
eventually
combat
solid
experience
you
receive.
That
is
basically
the
main
benefit.
As
for
developer,
for
me
personally,
developing
youtube
deal
with
my
skills
significantly,
especially
on
the
early
stages
of
involvement
in
youtube
deal.
It's
also
a
great
responsibility.
R
Yeah,
the
that's,
a
really
good
point
about
websites,
constantly
evolving
their
design
and
apis
and
and
so
for
tools
that
rely
on
those
structures
like
youtube
cl
you
know
needing
to
keep
up
with
those
changes
is
really
important.
So
I
I
agree.
You
know
your
point
about
it's
not
just
magic.
Obviously
somebody
needed
to
make
a
patch
and-
and
you
guys
work
really
hard
to
do
that.
I
mean
we'd
love
to
hear
your
perspective
as
well.
T
T
Also,
users
tend
to
forget
that
we're
volunteers
in
the
projects-
and
they
expect
us
to
respond
to
every
message,
fulfill
every
request
and
review
every
request
and
so
on.
But
this
is
simply
not
within
our
capability
bigger
requests.
If
a
code
works,
it
does
not
mean
it
has
to
be
merged
because
it
needs
to
meet
a
certain
criteria,
such
as
adhering
to
the
project's
coding
convention.
T
R
That's
great
and
I
think
the
point
you
made
about
people
forgetting
that
maintainer
really
is,
is
a
common
challenge
across
a
lot
of
projects,
and
I
can
imagine
for
for
this
one
in
particular,
it's
so
popular,
and
you
both
mentioned
how
much
you
know
how
many
issues
will
request
this
kind
of
thing
you
get
so
again.
Thank
you
thanks.
R
Everyone
who's,
maintaining
this
project,
especially
youtube
gabby
I'd,
be
interested
to
know
how
does
human
rights
watch
use
open
source
tools
and
then
more
specifically,
can
you
tell
us
how
human
rights
watch
uses
utl.
P
Absolutely
so,
as
you
can
imagine,
we
work
with
a
lot
of
sensitive
data
in
our
research
into
human
rights
abuses
and
not,
but
even
the
fact
that
we're
doing
this
research
can
be
extremely
sensitive.
So
that
means
that
we
have
to
be
extremely
careful
about
the
tools
that
we
use
so,
for
instance,
our
researchers.
P
I
wouldn't
recommend
that
they
would
use
a
closed-source
browser-based
metadata
viewer,
for
instance,
where
we
didn't
know
who
created
it,
what
data
is
being
collected
or
how
that
data
is
being
stored
and
instead
would
suggest
that
they
use
a
locally
hosted
exif
metadata,
and
this
is
quite
similar
to
how
I
also
view
video
downloading
software
and
one
of
our
key
sources
of
data
that
we
rely
on.
P
It
are
videos
posted
on
social
media
websites
and
other
websites
recorded
by
witnesses
and
also
perpetrators,
and
in
order
to
analyze
this
video,
we
have
to
download
an
offline
copy.
This
is
because
the
content
can
be
removed
from
platforms
without
any
notice
really
quickly,
because
maybe
the
uploader
removes
it
themselves
or
the
platform
would
remove
it
and
also
because
we
need
an
offline
copy
in
order
to
analyze
it.
P
So
I
go
frame
by
frame
in
videos
looking
for
clues,
and
I
need
a
locally
hosted
copy
to
do
this,
and
also
a
locally
hosted
copy,
also
is
essential
for
me
to
apply
strategies
to
reduce
the
impact
of
viewing
distressing
and
graphic
content,
which
really
only
work
with
an
offline
copy,
and
so
because
of
this
I
use
youtube
dl
every
day
in
my
work,
I
use
it
to
download
content
and
I
use
the
tools
functionality
to
download
videos
in
the
highest
quality
available.
P
I
use
the
batch
I
use
I
download
batches
of
videos
and
because
of
security
concerns,
there's
really
no
alternative
to
youtube
dl
and
because
of
this,
I've
also
started
to
train
other
researchers,
how
to
use
it
at
human
rights
watch
and
they
see
the
real
need
to
learn
how
to
use
a
tool
like
this,
because
they've
experienced
too
many
times,
content
being
removed,
and
we
have
around
200
researchers
based
all
over
the
world
and
for
many
this
is
the
first
time
they've
ever
used
a
terminal.
P
So
it's
also
a
really
exciting
entry
tool
to
introduce
to
human
rights.
What
human
rights
researchers
who
are
completely
unfamiliar
with
the
terminal,
and
because
of
this
I
can
then
introduce
other
terminal
based
tools
so
yeah.
This
is
how
we
use
youtube
dl
every
day
in
our
work,
and
I
just
want
to
echo
the
thanks
for
inviting
us
on
this
panel
and
also
for
all
the
youtube
dl
contributors
who
make
this
possible.
R
That's
really
fascinating
all
of
the
ways
that
this
tool
in
particular
helps
your
work
and
the
surprise
there
was
the
the
fact
that
we
were
able
to
use
that
to
teach
you
know
the
kind
of
the
gateway
to
the
terminal.
That's
a
really
cool
side
side
benefit
for
that.
So
I'm
curious
to
know
you
know,
I'm
sure
sergey
and
amin
are
also
aware
of
some
interesting
applications
of
the
code.
R
So
I'd
be
curious
to
know
if
you
could
share
beyond
this
one
that
gabby
just
explained
about
how
human
rights
watch
uses
the
code.
Are
there
other
applications
that
might
be
interesting
to
discuss
survey.
S
Well,
I
think
it's
secret
to
know
on
that
youtube.
Dl
is
used
extensively
in
various
software
tools
as
a
back-end.
It's
used
for
archiving
and
making
backups
it's
used
for
offline
watching
in
high
quality
on
slow
connections
and
many
many
other
typical
applications.
But
I'd
like
to
mention
couple
of
my
favorite
ones.
The
first
one
I
especially
like
is
using
youtube
deal
for
educational
purposes
for
research
and
academic
pursuits.
S
That's
why
many
researchers
uses
youtube
deal
as
a
tool
for
that,
as
it
allows
to
automate
it
easily.
There
were
many
researchers
that
used
youtube
mail
for
that
purpose,
ranges
from
from
detection
of
pirated
video
re-uploads
on
youtube
to
some
recent
and
quite
relevant
researches
on
covet
19..
S
There
is
also
another
quite
interesting
application
of
youtube
deal.
I
would
like
to
share,
and
I
actually
learned
about
it
not
so
long
ago
I
have
got
an
email
on
that
right
right
after
the
takedown
happened.
I
may
be
wrong
on
some
details,
but
basically
there
is
a
special
mobile
alike
device
for
rehabilitation
of
visually
impaired.
S
Among
other
features,
this
device
affords
gaining
access
to
the
information,
for
example,
to
listen,
audiobooks
or
listen
audio
of
youtube
videos,
so
that
obtaining
of
an
audio
url
by
this
device
is
powered
by
youtube
deal
in
the
back
end.
So
it's
quite
amazing
how
youtube
can
be
used
in
seemingly
unexpected
places
and
how
it
may
have
a
social
impact
and
significance,
even
in
indirect
fashion.
S
R
Yeah,
absolutely,
I
would
be
interested
to
hear
it
I
mean.
Are
there?
Those
are
all
really
great
examples.
I
mean:
are
there
other
ones
that
you
might
want
to
share.
R
Also,
a
really
interesting
application,
a
great
well
now
we've
talked
a
bit
about
the
project.
I
think
it
could
be
good
to
shift
a
bit
to
the
reinstatement.
I'd
actually
be
interested
to
hear
from
all
of
you
on
this
one.
How
did
you
navigate
the
takedown?
Well,
first,
let's
do
it
survey,
and
I
mean
how
did
you
navigate
the
takedown
and
reversal
as
maintainers
of
the
project
sergey.
S
R
Great
amin
is
there
anything
you
would
like
to
add.
T
Yes,
after
receiving
the
dmc
I
take
down,
I
thought
the
removal
of
the
code
could
affect
not
only
other
parts
of
ut
of
the
year,
but
other
projects
as
well.
So
we
trade
to
make
every
possible
effort
to
ensure
that
the
project
would
continue,
and
here
I
want
to
mention
eff's
help
that
has
been
crucial,
especially
their
legal,
and
I
would
like
to
thank
them
and
also
thank
github
for
reinstating
the
project
and
taking
a
good
direction
with
their
new
policy.
R
Thanks
yeah-
and
I
also
would
like
eff
for
working
with
us
to
better
understand
the
code
eff
if
our
listeners
aren't
all
aware
of
electronic
frontier
foundation
as
legal
advice
to
the
maintainers
here
so
well,
I
mentioned
gabby.
I
know
you're
impacted
as
well.
You
mentioned
use
this
tool
every
day,
so
I'm
I'm
curious
from
your
perspective.
What
was
the
impact
you
saw
following
the
takedown.
P
So
for
us
well,
the
tool
still
worked.
So
I
think
that,
for
us,
the
impact
was
just
concern,
concern
for
what
this
might
mean
for
the
tool
itself,
but
also
for
concern
for
what
it
might
mean
for
the
way
we
download
material
and
also
what
it
might
mean
for
the
future
for
other
tools
that
we
rely
on.
P
We
use
tools
that
weren't
necessarily
built
for
the
purpose
of
human
rights
research
and,
unfortunately,
we're
super
used
to
them
getting
sunsetted
going
behind
paywalls
no
longer
working
anymore.
However,
if
something
happened
to
youtube
dl,
I
think
that
would
be
truly
devastating
for
our
work
and
the
reason
that
youtubedl
is
so
irreplaceable
is
not
only
that
it's
free
and
open
source,
but
also
it's
reliable.
P
I
think,
like
sergey
was
saying
with
the
cat
and
mouse
game,
we
just
couldn't
keep
up
with
the
changes
that
platforms
make
to
the
way
you
can
download
materials
and
the
fact
that
youtubedl
has
a
dedicated
group
of
contributors
that
can
keep
up
with
these
changes.
P
It's
something
that
would
be
impossible
for
human
rights
or
civil
society
organizations
or
journalists
who
just
wouldn't
have
the
resources
or
technical
capacity
to
do
this,
and
just
to
give
one
example:
mnemonic
an
organization
who
whose
project
syrian
archive
has
saved
two
million
videos
from
the
syrian
conflict
using
youtube
dl,
and
when
they
went
back,
they
ran
a
script
to
check
how
many
of
these
videos
were
now
no
longer
on
youtube
and
they
found
that
23
of
these
videos
have
been
permanently
removed,
meaning
that
they've
been
saved
in
this
archive
and
those
those
videos
would
have
been
lost
permanently,
that
depict
war
crimes
and
crimes
against
humanity,
and
these
would
have
been
lost
without
a
tool
like
youtube
dl.
P
So
it's
with
this
in
mind
that
that
led
me
and
colleagues
at
human
rights
watch
contact
ef
companies
involved
to
write
something
that
would
show
the
importance
of
this
tool
for
human
rights
research
and
bring
together
every
other
human
rights
organization.
We
knew
that
uses
this
tool,
which
is
pretty
much
all
of
them.
R
That's
all
really
important
to
understand
and
actually
quite
relevant
to
github's
policy
work
advocating
for
developers.
It's
a
good
lead
into
my
last
question,
actually
because
github
does
and
will
continue
to
take
a
stand
for
developers,
but
no
matter
what
we
do
to
protect
developer
rights.
We
do
need
to
work
within
the
boundaries
of
the
law
and
in
this
case
the
dmc
rules
happen
to
be
under
review.
R
P
Yes,
yeah
thanks
for
this
opportunity,
for
us
we
would
say
restricting
access
to
youtube
dl,
for
everyone,
for
any
purpose,
is
not
a
proportionate
response
to
the
fact
that
this
tool
could
be
used
in
ways
that
may
by
like
violating
right.
P
So
policy
makers
need
to
consider
the
impact
on
human
rights
and
other
use
cases
that
sergey
and
I
mean
highlighted
so
our
message
to
policymakers
would
be
that
they
need
to
ensure
that
copyright
laws
don't
improperly
restrict
rights
and
eliminate
key
sources
of
evidence
to
hold
rights
abusers
and
war
criminals
accountable.
P
Copyright
considerations
shouldn't
trump
access
to
justice
for
human
rights
atrocities.
So
that
would
be
our
message.
R
Great
next,
let's
hear
from
amin.
R
That
makes
sense
and
sergey
what
would
your
message
to
policymakers
be.
S
I
think
I'll
just
summarize,
I
appreciate
a
lot
github's
efforts
to
stand
up
for
developers
as
well
as
I
highly
welcome
changes
made
in
the
review
process
for
claims
based
on
dmc,
and
I
really
hope
changes
made
already
at
github
sites
and
potential
changes
future
will
probably
make
it
easy
for
developers
to
deal
with
the
mca.
Thank
you
so
much.
R
Thanks
yeah,
these
are
all
really
useful
perspectives
for
github
to
be
able
to
take
forward
as
we
fight
for
developers
on
policy
issues,
and
I
have
to
say,
the
law
behind.
This
is
all
quite
complicated,
but
our
objective
is
to
put
developers
first
and
whether
that's
documenting
human
rights
abuses,
making
the
internet
more
accessible
or
even
going
beyond
this
particular
project
learning
to
code
or
doing
security,
research
or
working
on
infrastructure
that
powers.
R
The
cloud
we're
here
to
make
sure
developers
can
continue
to
engage
in
global
collaboration
to
maintain
and
improve
projects
that
make
a
difference
in
people's
lives.
And
I
think
this
one
was
a
really
interesting
one
to
focus
on
where
you
know
we
talked
about
how
it
started
in
spain
many
years
ago,
and
it's
you
know.
We
have
people
all
over
the
world
that
are
maintaining
and
using
the
project
and
has
all
these
great
beneficial
uses
that
we've
just
discussed,
and
you
know
it
was
really
a
moment
for
us
to
kind
of
see.
R
R
Also
gabby
representing
one
of
its
really
vital
uses-
and
I
think
you
know
all
the
conversation
we
had
here
today
really
is
quite
insightful,
and
I
hope
that
you
know
I
learned
a
lot
and
I
hope
everybody
else
learned
a
lot
too.
So
really
want
to
thank
everyone
for
this
great
discussion
on
the
very
important
topic
here
and
have
a
wonderful
whoever
you
may
be
thanks.
So
much.
M
M
So
thank
you
so
much
for
that
panel
and
look
that
is
such
a
cool
project.
I
had
no
idea
about
all
the
ways
that
people
are
using
this
piece
of
code.
You
know
training
data
for
ai
models,
I'm
just
so
glad
that
we
managed
to
get
youtube
hdl
back
up
on
github
and
now
featuring.
You
know
those
maintainers
at
universe,
and
I
never
thought
about
how
human
rights
advocates
turn
to
open
source
software
because
they
really
need
to
especially
secure
software
right
and
I'd
love.
To
hear
from
you
two
core
maintainers
of
this
project.
M
I
can't
imagine
how
many
issues
and
pull
requests
that
they
actually
manage.
It's
a
good
thing
that
we
made
it
easier
with
them
with
the
best
developer
products
around.
So
folks,
don't
forget,
like
I
said
we
will
have
streams
available
on
demand
on
you
know
about
a
day,
and
there
are
also
those
four
channels
to
check
out.
L
M
Got
the
swag
store,
we
have
the
opticat
generator.
We
have
custom
gear
that
you
can
kind
of
get
with
those
octa
caps
that
you
generate
orbital
events
that
we
have
going
on
around
github
universe,
way
more
intimate
engagements
with
our
subject
matter.
Experts
and
then
don't
forget
those
workshops
that
you
can
sign
up
and
take
part
in
and
don't
take
don't
forget
to
reach
out
to
us
on
twitter
using
that
hashtag
hiphop
universe.
So
do
we
have
anything
cool
to
share
about
divya.
N
I
love
what
everybody
is
sharing
right
now.
Thank
you
so
much
folks
for
talking
about
talking
about
github
universe
on
twitter,
danish
love,
your
octocat,
it's
so
decorative
and
everyone
everyone,
everyone,
daniel,
like
you
and
me-
love
the
dark
mode
proper,
emma
sultan
abhije.
Thank
you
again,
folks.
Those
who
are
posting
questions
on
twitter,
please
remember
discussions
is
the
place
to
ask
all
your
questions,
because
that's
where
the
subject
matter,
experts
from
github
will
be
answering
your
questions
and
you'll
get
much
faster
responses
there,
daniel
any
good,
find
at
your
end.
M
Well,
there's
a
couple
of
things:
firstly,
I
just
want
to
point
out
again
dark
mode
light
mode,
awesome,
stuff,
really
loving
it
it's
fantastic,
but
actually
I'm
going
to
give
a
shout
out
to
somebody
else,
and
this
is
kind
of
a
little
bit
different
here,
because
I
I
am
giving
this
person
you
know
a
shout
out
just
because
they
had
the
cajones
to
actually
go
and
post
this.
They
posted
something
with
the
hashtag,
basically
github
universe,
github
a
whole
bunch
of
hashtags
are
obviously
trending
right
now,
but
actually
has
nothing
to
do
with
github
universe.
M
So
I
just
want
to
say
to
sakil
hassan
congratulations
on
getting
your
cisco
verification
at
the
cisco
networking
academy.
I'm
sure
it
has
so
much
dude!
Congratulations!
Okay!
So
excuse
me
so
what's
happening
now!
Well,
on
the
dev
channel,
we
have
the
metasploit
framework
going
on
and
over
on
the
play
channel.
We
actually
have
nanu
who's,
creative
code,
creative
coding
with
russ
and
cool.
M
N
Was
again
very
interesting
knowing
how
folks
use
use
open
source
or
use
the
code
and
like
the
various
various
different
scenarios
that
light
up,
which
I'm
sure
the
maintainers
wouldn't
have
thought
of
when
they
started
off?
M
Look
just
watching
that
code,
spaces
demonstration-
I
haven't-
had
a
chance
yet
to
dig
into
it
deeply
so
actually
getting
there
and
seeing,
and
you
know
being
presented
by
the
experts,
you
know
the
people
that
are
bringing
it
to
market.
Just
totally
blew
me
away.
I
can
keep
talking
forever
and
ever
about
dark
mode.
So
I'm
gonna
stop
talking
about
that
now.
What
else
can
I
think
about?
You
know
that
it's
been
amazing.
You
know
what
I'm
really
interested
in
actually
is
kind
of
going
on
on
the
other
channels.
M
There's
some
really
interesting
stuff
around.
You
know
computation
in
the
play
channel
music
generation,
all
kinds
of
things
happening
there
that
I'm
kind
of
quickly
noting
down
as
I
switch
back
and
forth
in
our
downtime
just
so
I
can
go
back
and
watch
them
again
as
recordings
afterwards.
Apart
from
that,
you
know
I'm
just
enjoying
kind
of
being
online
chatting
to
you
so
yeah.
It
is
pretty
awesome
at
this
point
in
time.
You
know
what
we're
what
we're
doing
here:
cool.
M
N
Oh
yes,
because
that's
again
a
very
interesting
session,
do
you
want
to
tell
us
all
about
it.
M
Sure
well
coming
up
right
now
is
you
know,
delivering
code
to
car
with
techton
and
github
advanced
security,
and
I
gotta
admit
when
I
first
saw
this
title-
I
kind
of
misread
it
because
I
thought
it
said
delivering
code
to
cloud
and
I'm
going
well.
Okay,
we
can
do
that.
I
mean
I'm
sure
everyone
knows
we
can
do
that.
But
actually
here
what
we're
talking
about
is
how
we're
helping
the
automotive
industry
so
divya.
What
can
you
actually
tell
us
about
our
speakers.
N
Before
I
go
to
the
speakers,
I
wanted
to
share
a
thought
as
well
like,
what's
become
so
interesting,
now,
isn't
it
software
everywhere
and
having
like
delivering
quote
to
car,
we
wouldn't
have
thought
about
that
like
five
ten
years
back,
so
we're
in
a
new
and
awesome
world.
Now,
okay,
bringing
this
session
of
court
to
car
is
gwen
interno.
He
is
a
senior
infrastructure
engineer
at
toyota.
Research
institute,
advanced
development
when
is
into
japanese
anime.
U
L
U
V
So,
as
you
heard
today,
we
have
an
exciting
and
challenging
mission
ahead
here
at
trid
with
our
irene
product.
N
Thanks
dan
and
gwen
that
was
awesome
inspiring
and,
like
I
learned
a
lot
of
new
things.
Folks,
we
heard
some
of
you
had
technical
glitches.
We've
got
back
shortly,
but
if
you've
missed
remember,
you
can
go
back
to
a
previous
point
in
this
trip
stream
and
see
what
you
missed
anytime
throughout
the
day.
N
N
W
Hi,
my
name
is
eddie
jiaod
and
I've
been
a
software
engineer
for
over
15
years,
and
I've
been
contributing
to
open
source
for
over
10
years,
and
I
really
enjoy
being
a
project
maintainer
on
github
when
I'm
not
on
github.
You
can
usually
find
me
on
youtube,
doing
videos
and
live
streams.
I
believe
open
source
is
for
everybody
and
that's
why
I
love
encouraging
other
people
to
get
into
open
source.
I
believe
open
source
is
not
just
about
code.
It
is
more
about
communication,
collaboration
and
the
community.
W
Like
most
people,
I
got
started
in
open
source
by
fixing
a
typo,
maybe
my
second
and
third,
but
fourth
pull
request
were
also
fixing
typos
and
then
I
slowly
got
into
doing
more
bug,
fixes
improving
the
code
quality
and
the
code
coverage
and
then
also
fixing
bugs
and
adding
features
to
other
people's
projects
in
the
community.
And
then
I
became
a
project
maintainer
and
my
whole
world
changed.
If
I
was
sent
to
a
desert
island-
and
I
could
only
take
one
social
platform
I
would
take
github
to
me-
github
is
not
just
about
social
coding.
W
It
is
about
the
community
and
collaboration
and
with
all
these
new
awesome
features
coming
out,
I
can
spend
more
time
on
github
becoming
a
github
star.
Was
such
a
wonderful
surprise
to
me,
it's
great
to
get
the
recognition
from
my
peers
in
github
for
the
work
that
I
do
for
the
community
rubbing
shoulders
with
the
other
github
stars
around
the
world
and
the
github
team
on
slack
has
been
brilliant.
W
We've
been
able
to
share
ideas
of
what's
worked,
what
hasn't
worked
so
we
could
all
move
forward
and
efficiently
together
to
do
more
for
the
community,
my
top
github
at
the
moment
I
say
at
the
moment
because
as
new
features
come
out,
this
list
may
change,
but
at
the
moment
I
think
number
one
has
got
to
be
github
actions.
This
has
really
changed
the
landscape
of
continuous
integration.
W
It
has
really
made
it
easier
for
every
project
to
have
ci
to
run
their
linters
to
run
the
automated
test
to
deploy
whatever
it
is,
and
then
the
github
actions
marketplace
with
almost
6
000
free
plugins
that
are
really
easy
to
use
with
a
few
lines
of
yaml
has
really
also
accelerated
the
use
of
github
actions.
That's
all
still
part
of
number.
One
number
two
will
be
code
spaces,
although
I
haven't
used
this
very
much.
W
There
are
people
who
are
using
technology
one,
but
they
want
to
contribute
to
technology
too,
but
don't
have
it
installed,
don't
have
the
right
version,
whereas
when
they
can
fork
a
repository
and
open
it
up
on
codespaces
and
have
all
the
dependencies,
be
it
ruby,
python,
php
node
just
installed
and
they
can
just
make
their
changes.
I
think
this
is
going
to
be
the
next
game
changer
in
the
open
source
landscape.
My
third
favorite
feature
on
github
at
the
moment
has
got
to
be
the
project
boards
and
the
github
discussions.
W
Okay,
I
named
two,
but
I'm
grouping
them
together
because
wait
wait,
hear
me
out
I'm
grouping
together
because
they
fit
together
in
collaboration
and
communication
with
the
community
and
with
the
team.
I
really
love
how
they
both
really
bring
everybody
together.
If
I
had
a
magic
wand-
and
I
could
wave
in
ask
for
a
couple
of
features,
I
would
have
two
number
one
could
github
a
discord
slack
like
communication,
because
sometimes
you
do
need
that
real-time
communication
and
then
you
can
go
from
the
real-time
communication,
move
it
into
a
discussion.
W
Therefore,
it
doesn't
get
lost
and
you
can
move
the
discussion
when
it's
ready
to
be
actioned
into
an
issue,
and
then
it
can
be
actioned
on
the
relevant
project.
I
think
having
a
real-time
chat
would
give
me
another
reason
to
spend
more
time
on
github,
rather
than
move
to
other
third-party
apps.
My
second
wish
of
a
feature
I'd
like
to
see
on
github
is
a
little
bit
easier.
It's
for
github
to
support
ascii
docs
natively.
I
know
it
supports
some
of
the
basic
features
similar
to
what
you
get
with
markdown
and
don't
get
me
wrong.
W
Markdown
is
awesome
and
epic.
I
really
do
love
it.
However,
sometimes
you
want
those
extra
features
from
ascii
dots
where
you
can
do
alerts
and
call
outs
and
do
a
lot
more
with
those
sorts
of
things.
The
diagram
support
with
ascii
docs
is
epic,
then
github
could
harness
the
power
of
ascii
docs
and
have
diagrams
in
readme
that
are
coded.
So
therefore,
they're,
not
binaries
and
they're
really
easy
for
people
to
make
have
to
install
a
certain
application
to
update
this
image
or
redraw
the
image
from
scratch.
W
Every
time
I
would
like
to
end
by
saying
thank
you
and
show
my
appreciation
to
everyone
who
gets
involved
in
github
from
the
github
team
to
also
the
community
who
contribute
to
my
open
source
projects
and
our
open
source
projects
as
a
community.
I
really
enjoy
collaborating
with
you
all
on
github
and
learning
from
you,
and
I
hope
you
benefit
from
me
sharing
my
experiences
at
night.
Knowledge
too.
If
there's
anything
more,
I
can
do.
Please
do
reach
out
and
let
me
know
I'll
see
you
on
github
hi.
My
name
is
eddie.
W
I
said
it
out:
let's
try
again
we're
able
to
learn
my
feet.
My
fee
kind
of
talk,
my
three,
my
three
favorite
features
on
github.
It's
like
it,
my
top
three
actual
fractions
kind
of
talk.
I
really
enjoy
collaborating
and
learning
from
you
all,
and
I
hope
I
learn
I
learn
from
you
too,
doesn't
make
any
sense.
Eddie,
don't
speak
english.
N
M
M
M
Awesome
look.
I
love
seeing
content
like
that
that
showcases,
our
fabulous
community
and
and
just
a
shout
out
to
everybody
out
there,
I'm
also
a
little
jealous,
because
you
got
to
see
a
few
outtakes
and
eddie
got
to
do
many
many
takes
and
pick
the
right
ones
where
we're
live
on
stream
and
boy.
This
is
raw,
but
you
know
it's
lots
of
fun
and
I'm
having
a
great
time
so
folks.
Remember
that
there's
a
lot
to
check
out
on
universe.
We
have
those
four
channels.
M
N
Oh
yes,
I
am
a
book
fan
the
the
my
favorite
this
year
has
been
educated,
and
I
love
like
that
and
like
to
know
it's
a
memoir
and
a
true
story.
What
I'm
also
reading
right
now
is
sapience.
I
know
it's
an
older
book
but
trying
to
understand
and
how
it
has
shaped
us,
your
favorite.
What
are
you
reading
right
now.
M
Well,
I
just
finished
the
cole
forsgren's
book
accelerate,
which
is
a
bit
of
a
preview
of
what
we're
going
to
be
talking
about.
I
think
it's
tomorrow
on
the
enterprise
channel
here
and
but
that
was
an
absolute
fantastic
book,
but
to
be
honest
right
now,
I
have
finally
started
reading
after
I
don't
know
how
many
years
that
it's
been
out,
I
have
finally
started
reading
game
of
thrones
there.
M
It
is
oh
there
we
go
see
it
now
and
yeah
yeah,
I'm
about
20
of
the
way
into
the
first
book,
and
it's
pretty
interesting,
we'll
put
it
that
way
anyway.
So
what's
happening
now,
divya.
N
Now
that
you've
started
talking
about
books,
I'm
starting
to
feel
isn't
it
time
to
take
some
break
like
stretch
a
little
refill
our
coffees,
because
what
we
have
coming
up
next
is
great
content
for
you
break
performance
in
lehman
security
as
a
feature
and
moving
your
enterprise
to
the
cloud
even
more
securities
on
the
developer
channel,
as
we
continue
our
secure
development
team.
So
tell
us
folks
about
your
experience.
M
M
We
need
to
talk
to
the
screenwriters,
but
anyway,
so
let's
get
a
taste
of
what's
going
on
over
in
the
play
channel
without
actually
going
anywhere,
and
we
have
a
musical
performance
by
mario
carrillo
and
eliza
strother's
job,
and
the
cool
thing
about
this
is
that
eliza
is
in
paris
coding
the
music
and
mario's
in
mexico
actually
doing
all
the
visuals.
So
this
is
pretty
awesome
and
they're
going
to
be
both
presenting
again
later
in
the
next
few
days.
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
M
Awesome
welcome
back
everybody
that
was
just
fantastic.
Thank
you
so
much
mario
carrillo
and
eliza
strothers
joan
now
folks.
We
those
channels
again,
but
if
you
want
to
keep
going
at
the
play
channel,
feel
free
to
check
it
out
and
remember,
if
you're
flipping
between
those
channels
just
remember
to
unmute
your
audio
so
that
we're
not
blasting
you
as
soon
as
you
switch
back
in
oh
and
I'm
getting
a
little
bit
of
a
buzzing
in
my
ear
right
now,
apparently,
we've
got
a
special
guest.
It's
kyle,
okay,
take
it
away!
Kyle.
X
Hey
divya
and
daniel
you're
off
to
a
very
energetic
start,
and
I
just
wanted
to
stop
by
and
quickly
remind
everyone
watching
to
stick
around
for
the
github
universe
highlight
show
at
the
end
of
universe
today
at
2
p.m.
India
standard
time
we'll
be
covering
giving
you
a
special
sneak
peek
at
what's
coming
tomorrow,
I'll
see
the
two
of
you
and
everyone
else
at
the
highlight
show
at
2
p.m.
India,
standard
time
back
to
you,
divya
and
daniel.
M
Get
out
of
here,
kyle
we've
got
some
work
to
do
here,
all
right,
so
let's
drop
into
the
social
and
see
what's
actually
happening
on
twitter
with
the
hashtag
github
universe.
I'm
just
having
a
quick
look.
Now,
I'm
loving
the
activity
that's
happening
on
twitter
right
now.
Its
divanshiki,
as
you
can
see
here,
is
absolutely
pumped
to
be
attending
github
universe,
2020.,
and
I
also
want
to
give
a
shout
out
to
the
w.
I
think
it's
the
double
who's
actually
taking
advantage
to
really
insert
some
really
useful.
M
You
know
short
shot
snippets
of
information
to
help
train
developers
on
using
gear
and
github.
So
just
a
shout
out
to
those
folks
now
and
also
remember,
everybody:
we've
got
four
channels
to
check
out.
M
We
have
the
enterprise
channel
the
dev
channel,
that
university
channel
and,
of
course,
that
play
channel
one
two
three
four
yep
we've
got
them
all
there
and
you're
in
that
enterprise
channel
and
feel
free
to
pop
in
it
in
and
out
at
any
time
to
any
of
those
channels,
in
fact
happening
now
on
the
dev
channel,
we've
got
so
you
committed
a
secret.
I
do
that
a
lot.
M
So
probably
would
be
a
good
thing
to
go
and
actually
look
and
watch
and
see
how
you
can
deal
with
what
happens
when
you
commit
a
secret
over
on
the
play
channel,
we're
going
to
have
some
10
minute
tutorials.
You
know
the
quick
introductions
into
a
bunch
of
tools
to
you
know
to
get
started
with
that
creative
coding
that
you've
seen
on
the
play
channel
all
day
today.
Now
I'm
going
to
talk
quickly
now
about
our
next
session
and
it's
all
about
security
as
a
feature,
because
it's
security.
M
Now
we
talk
to
organizations
all
the
time
about
how
can
they
actually
shift
security
left
into
the
software
development
life
cycle
because
it's
way
cheaper
to
fix
things
there
than
when
it's
actually
out
in
the
wild
look?
And
while
we're
talking
about
security
now,
just
remember
that
we
have
another
session
later
on.
It's
an
advanced
security
roundup,
a
little
a
little
later
today,
anyway,
divya
tell
us
all
about
our
next
speaker.
N
So
joining
us
for
our
next
session
is
keith.
Hoodlett
he's
a
senior
manager
of
application
experience
at
thermo,
fascia
scientific,
a
devsecops,
pioneer
and
champion
of
secure
software
development.
Remember
folks,
engage
with
us
on
discussions,
ask
bring
that
to
keith
when
we
meet
him
for
live
q,
a
also
don't
forget
to
rate
the
session.
We
really
love
your
feedback,
find
the
yellow
star
next
to
the
join
discussions
on
the
bottom
of
this
page
and
tell
us
all
that
you
want
to
share
about
the
session
and
rate
the
session
so
over
to
you.
Keith.
Y
Thank
you
so
much
for
that
nice
intros
it's
great
to
be
here
and
honestly
really
exciting
to
talk
about
security
as
a
feature
today,
we're
going
to
be
going
through
a
few
different
ideas
in
this
concept,
in
terms
of
why
companies
might
not
think
of
security
as
a
feature,
of
course,
what
they
do
think
of
as
a
feature
first
and
then
going
into
what
happens
when
they
don't,
but
also,
of
course,
some
of
the
good
things
that
can
come
from
thinking
of
security
like
a
feature.
Y
Your
tool
chain
or
your
process
take
it
from
there,
so
let's
go
ahead
and
dive
right
in
this
is
gonna,
be
great,
so
self.
So
at
a
high
level.
Of
course,
I
am,
as
the
intro
says
there,
the
senior
manager
of
application
experience
here
at
thermo
fisher
scientific.
Y
I
am
responsible
for
the
teams
that
make
up
the
largest
enterprise
applications
that
we
have
here
at
thermo
fisher,
including
the
conference
office
and
service
technologies,
teams
which
do
an
excellent
job
themselves,
keeping
the
business
running
the
situation
that
we're
in
with
the
global
pandemic,
really
all
of
the
great
work
that
they're
doing
to
keep
us
moving
forward
for
scientific.
I
was
the
senior
manager
of
global
devsecops.
Y
I
built
the
devsecops
and
application
security
program
from
the
ground
up,
which
was
a
really
great
challenge
and
experience,
and
it's
funny
because
I
am
on
record
as
saying
devsecops
doesn't
exist,
but
and
then
it
became
my
title
and
so
I
kind
of
had
to
adopt
it
and
really
embrace
it,
and
since
have
just
a
little
bit
of
background
about
myself
and
the
perspective
that
I
bring
to
this
conversation.
Y
So
formally
I
hosted
the
application
security
weekly
podcast,
starting
back
in
2018,
with
paul
zero
zero
to
50
deaf
world.
I
was
a
rank,
65
bug,
crowd,
bug,
bounty,
hunter
back
in
2018
and
an
mvp,
and
when
I'm
writing
some
code,
I
really
love
to
jump
into
visual
studio
code.
It's
a
great
platform
for
those
of
you
that
haven't
had
a
chance
to
jump
in
and
get
your
feet
wet.
Personally,
I
love
writing
in
python,
and
bash
javascript
is
something
I'm
still
trying
to
pick
up.
Y
Y
That's
private
currently
called
the
secure
functions
project,
but
will
eventually
be
released,
open
source
to
embrace
think
of
it
more
like
an
object,
relational
mapper
for
security,
in
terms
of
the
way
that
you
can
put
security
into
your
code
and
some
of
those
sensitive
functions
that
you
that
you
build
on.
That
said
some
of
my
hobbies
I
love
to
read.
I
can
always
recommend
books
and
I'll
have
some
here
for
you
today.
Y
Writing
is
something
that
I
enjoy
doing
on
occasion
and
then
gaming
breath
of
the
wild
legend
of
zelda
is
a
favorite
of
mine
right
now
and
of
course,
during
times
when
we're
not
in
covet.
I
love
to
travel,
can't
wait
to
get
back
to
japan
because
I'm
lost
to
all
my
friends
out
there
in
japan.
So.
Y
You
know
what
makes
something
a
feature
right:
that's
something
that
is
is
often
discussed
in
concerning
the
project,
management
or
product
management
team,
the
dev
teams,
they
always
say.
Well,
that's
not
really
a
feature
security's,
not
a
feature,
and
that's
because
of
course
features
are
things
that
customers
ask
you
for
right,
they're,
the
things
that
people
want
to
see
the
things
that
people
will
complain
about
if
they
don't
have
it
in
your
application,
and
so
therefore
they'll
tell
you
about
it,
then
of
course
there's
resources
or
money.
Y
Those
are
things
that
get
allocated
to
features
whatever
you're
allocating
into
those
are
the
features
you're
working
on
whether
you're
calling
calling
them
a
feature
or
not
and
then
features
well,
generally
speaking,
if
you
build
it,
you're
going
to
make
sure
that
it's
regularly
tested
you're
going
to
make
sure
that
it
works
the
way
that
you
want
it
to
and
you're
going
to
make
sure
that
it
continues
to
get
enhanced
over
time.
Y
Y
So
why
isn't
security
considered
a
feature,
and
this
is
kind
of
an
interesting
topic,
because
one
of
the
things
that
I'll
often
ask
dev
teams
after
they've
done
some
security
review
of
their
applications
is
they'll
say:
do
you
have
a
banking
app
on
your
phone
now
that
doesn't
always
translate
depending
on
where
you
are
in
the
world?
Some
cash,
heavy
cultures,
don't
really
use
banking
applications
might
do
e-commerce,
but
alaska
dev.
Are
you
using
some
some
sort
of
financial
transaction
application
on
your
phone
and
the
answer
is
almost
universally?
Yes.
Y
Well,
one
of
the
questions
that
you
should
be
asking
is:
would
you
use
it
if
it
had
the
vulnerabilities
that
your
application
has
and
that's
when
you
know
security
is
a
feature
because
it's
not
something
that
it
was
something
that
you
and
the
people
using
your
applications
are
exp.
Y
So
I'd
like
to
say
this
is
kind
of
like
the
faucet
that
you
go
to
or
the
sync
that
you
may
go
to
and
when
you
turn
that
left
knob,
you
expect
the
water
to
be
hot.
That's
universally
true,
you
didn't
have
to
ask
anyone
for
it
and
you
didn't
have
to
tell
the
plumber
to
install
it
that
way.
It's
just
the
way
that
that
operates,
and
so
in
a
lot
of
ways.
Y
That's
the
way
that
people
think
of
security
today
is
it's
one
of
those
utilities
that
you
just
expect
it
to
be
there
and
expect
it
to
work
as
intended.
Of
course,
you
will
give
money
and
time
to
secure
generally,
not
as
a
feature
you'll.
Y
Do
it
when
there's
a
bomb
about
to
go
off
in
terms
of
some
vulnerability
in
a
dependency
or
in
your
code
base,
that's
been
uncovered
or
if
those
bombs
have
already
exploded,
you're
going
to
spend
time
and
money
on
those
things
to
very
quickly
fix
them,
and
it
tends
to
be
very
disruptive
when
you
do
that.
Unfortunately,
when
that
happens,
you're
going
to
be
disrupting
all
of
the
other
features
that
your
customers
have
asked
you
for
that
they're
outwardly
expressing
that
they
want.
Y
So,
of
course,
what
happens
when
you
don't
take
security
seriously?
What
are
those
things
that
occur
in
the
world
as
a
result
of
that?
Well,
first
of
all,
vulnerabilities
continue
to
pile
up.
If
you
don't
fix
one
vulnerability:
a
chain
of
vulnerabilities,
multiple
vulnerabilities,
it's
it's
a
challenge.
A
good
example
of
that
is,
unfortunately,
capital
one.
Y
They
had
a
breach
due
to
basically
a
lack
of
security
in
the
implementation
of
some
of
their
applications
and
due
to
cultural
challenges,
they
lost
a
number
of
very
talented
people
because
of
the
insecurity
and
the
way
that
their
culture
really
thought
about
security
inside
the
workplace.
Y
Now,
from
the
fines
themselves,
it
was
estimated
to
cost
about
150
million
u.s
dollars
for
them
to
pay
for
all
of
the
different
fines
and
regulations,
but
the
total
cost
of
the
company
in
terms
of
buying
all
those
security
tools,
hiring
new
staff
upgrading
all
of
their
applications
was
estimated
over
500
million
us
dollars.
That's
a
lot
of
money
that
they
could
have
been
investing
in
other
ways
or
they
could
have
made
smaller
investments
in
security
and
been
a
lot
better
off
over
the
long
term.
Y
As
a
result
of
it,
you
also
see
vulnerabilities
leading
to
bad
publicity.
Key
example
of
that
is
uber
back
in
the
day,
and
this
is
not
too
long
ago.
There
was
a
data
breach
of
over
a
hundred
thousand
us
dollars
that
was
paid
out
via
a
bug
bounty
program
that
they
ended
up,
losing
their
cso.
Our
chief
security
officer
over
as
a
cover-up
and
that
chief
security
officer
is
now
being
brought
up
on
criminal
charges
as
a
result
of
trying
to
cover
up
the
breach
event.
Y
It
was
really
unfortunate
both
for
for
uber,
who
does
generally
a
pretty
good
job
of
security
and
well,
quite
frankly,
for
all
of
their
customers
that
were
caught
up
in
all
of
that
and
then.
Finally,
of
course,
there's
zoom.
Now
zoom
is
a
great
product
and
they're
one
of
those
companies
that
is
used
universally
to
try
and
get
us
through
the
situation
that
we're
in
today.
Y
But
here's
the
situations
happen,
hopefully
once
in
a
lifetime
the
way
that
their
business
operates,
and
then
the
market
kind
of
capture
that
they
can
actually
realize
as
a
result
of
being
a
superior
product
in
the
marketplace.
Y
Unfortunately,
for
them
they
had
some
end-to-end
encryption
challenges
that
were
brought
forward
right,
as
this
all
kicked
off,
and,
of
course,
then
they
had
some
security
vulnerabilities
that
were
piled.
On
top
now,
they've
rushed
to
hire
a
chief
security
officer
and
bring
in
security
as
new
feature
sets
in
their
application.
They
could
have
avoided
that
and
actually
captured
a
great
bigger
part
of
the
market
share
out
there
in
the
world
if
they
had
actually
considered.
Y
And
it
doesn't
have
to
be
this
way.
Quite
frankly,
there
are
a
number
of
things
that
we
can
do
as
developers
and
as
security
professionals
to
make
our
applications
more
secure.
I
like
to
think
of
this
as
the
broken
windows
theory
when
it
comes
to
security
as
lending
back
in
the
1990s,
we
had
challenges
when
it
came
to
really
crime
happening
in
new
york
city.
Here
in
the
united
states,
it
was
continuing
to
rise.
Y
It
was
rampant
and
almost
universal
within
the
city
and
one
of
the
psychological
theories
around
this
was
because
of
broken
windows
and
graffiti
found
throughout
the
city,
especially
in
subway
cars
and
their
kind
of
public
transit
systems,
one
of
the
ways
they
fixed
that
they
actually
took
those
subway
cars
out
of
production,
they
repainted
them
and
then
sent
them
back
into
the
production,
as
that
paint
was
drying
so
that
they
could
show
that
the
city
really
cared
about
the
people
that
lived
there
and
the
public
transit
systems
that
they
were
investing
in.
Y
When
we
think
about
the
tomatoes
and
the
tomato
sauce,
I
like
to
say,
check
your
recipe
and
check
your
ingredients
by
checking
your
recipe,
I
mean
static
analysis
going
ahead
and
taking
a
look
at
your
code
to
make
sure
that
you're
not
inserting
any
sort
of
vulnerable
functions
or
calling
things
in
a
way
that
you
really
shouldn't
be
such
as
calling
directly
to
your
sql
database
as
opposed
to
using
an
object,
relational
mapper
and
then
checking
your
ingredients,
dependency
check
or
depends
dependency.
Checking
it's
one
of
those
tool
sets
that
can
really
help.
Y
You
understand
that
the
ingredients
that
you're
putting
into
your
applications
are
fresh
that
they're
continuously
being
going
ahead
and
solving
some
of
those
problems
that
you're
seeing
when
it
comes
to
the
vulnerabilities
at
the
end
of
the
day.
If
you
make
a
great
recipe
with
rotten
ingredients,
it's
gonna
turn
out
pretty
bad
for
your
health
and,
of
course,
for
anyone,
that's
trying
to
consume
that,
and
then
I
like
to
think
of
finally
that
throwing
throwing
spaghetti
at
the
wall
in
terms
of
integration
testing.
Y
So
that's
that
whole
idea
of
making
sure
things
stick.
So,
of
course,
you
can
do
that
with
web
applications.
Today,
using
dynamic
analysis.
Y
That
you
can
go
ahead
and
use
to
do
that
actually
checking
the
inputs
that
you're,
throwing
into
your
application
is
reacting
in
safe
and
secure
ways
and
then
for
compiled
applications.
There's
fuzzing.
Basically
again,
it's
like
throwing
spaghetti
at
the
at
the
wall
to
see
if
it
sticks
or
throwing
a
bunch
of
inputs
at
your
code
to
see
what
your
application
does
when
you
throw
it,
something
that
it's
not
really
anticipating.
Y
So
there
are
a
lot
of
ways
that
we
can
solve
this
problem
when
it
comes
to
treating
security
as
a
feature
as
we
develop,
and
then,
of
course,
there
are
benefits
to
treating
security
as
a
feature.
A
good
example
of
that
as
attack
complexity
increases
one
of
the
things
equivalent,
because
people
fall
for
them.
Y
First
of
all,
and
because
the
more
complex
attacks
are
really
expensive,
we
can
look
at
the
zero
day
market
when
it
comes
to
things
like
ios
or
android
vulnerabilities
that
are
out
there
today,
where
you've
had
zero
days
to
apply
a
patch
or
implement
security.
And,
quite
frankly,
those
costs
are
going
up
and
that's
a
good
thing,
because
what
that
ends
up
meaning
is
that
the
attacker
ends
up
being
a
very
small
subset
of
the
world's
landscape.
Y
It
ends
up
being
state
actors,
as
opposed
to
cheeky
kids
on
the
internet,
for
example,
and
so
that
way
your
application
will
be
a
little
bit
more
robust
and,
quite
frankly,
you're
out
running
a
majority
of
the.
Y
It
also
differentiates
your
project
or
your
product,
if
you
think
about
apple,
for
example,
they're
almost
universally
known
for
a
lot
of
the
security
and
privacy
implementations
that
they've
put
in
place.
We
can
also
look
at
examples
within
the
software
development
landscape,
such
as
react
versus
angularjs
back
in
the
day
angularjs.
The
original
version
of
it
had
a
sandbox
and
that
sandbox
had
a
lot
of
escapes
and
it
led
to
a
lot
of
vulnerabilities
such
as
remote
code
execution
or
even
a
full
remote,
reverse
shell.
Y
And,
of
course,
once
you
go
ahead
and
invest
in
security
as
a
feature,
it
allows
you
to
save
time
and
money.
It's
that
return
on
investment,
the
compounding
interest
that
allows
you
to
actually
go
ahead
and
focus
on
other
investments
and
experimentation
so
that
you
and,
of
course,
differentiate
your
product
and
then
pay
down
those
other
technical
debts
that
you
might
be
encountering
so
where
to
get
started
right.
How
can
we
actually
start
implementing
these
things
and
I
always
like
to
say,
of
course,
people
are
probably
the
most
important
thing
within
your
organization.
Y
The
next
most
important
thing
is
that
process,
and
you
have
to
think
about
a
few
things.
First
of
all,
what
speed
of
development
do
you
need
to
actually
be
hitting?
Are
you
a
web
application
that
needs
to
have
sub
millisecond,
or
rather
excuse
me
sub
second
or
millisecond
deployments,
or
are
you
building
a
product
that
has
a
I
don't
know,
and
it
doesn't
need
to
be
patched
right
away
because
it's
not
connected
to
the
internet
or
it's
not
supposed
to
be
connected
to
the
internet?
Y
Y
Not
only
how
much
are
you
actually
covering
integration
tests
that
follow
that
happy
path,
but
work
with
your
security
team
to
think
about
how
you
can
follow
the
unhappy
path,
throw
the
things
at
your
application
that
it's
not
expecting
or
that
it
would
should
handle
gracefully
or
would
otherwise
avoid
falling
over
because
of
the
unhappy
or
malicious
unit
test
that
you're
throwing
at
it,
and
then,
of
course,
think
about
that
mean
time
to
resolution
measure.
Y
Y
You
probably
are
going
to
encounter
an
issue
at
some
point
in
the
history
of
your
application
as
a
result
of
those
vulnerabilities
that
are
going
unaddressed
so
measure
it
and
then
bring
it
forward
to
your
leadership
to
make
sure
that
it
gets
addressed
on
a
regular
basis,
which
gets
to
the
last
point,
of
course,
which
is
allocating
time
for
technical
debt.
I
like
to
say
that
if
you
allocate
time
to
fix
those
things
periodically
fix
the
broken
windows
paint
the
walls,
change
change
the
drapes.
Y
It
allows
you
in
this
case
to
improve
your
code
over
time,
making
the
house
worth
living
in
and
the
neighborhood
a
better
place
for
your
customers
to
live
in.
So
if
you
allocate
about
20
time
for
technical
debt
over
time,
you're
going
to
end
up
being
able
to
release
faster,
to
have
better
testing
and
resolve
problems
quicker.
It
pays
itself
in
the
long
term
and
then,
of
course,
in
terms
of
some
tools
that
you
can
use.
I
like
to
say
with
static
analysis.
Github's
advanced
securities
toolset
is
phenomenal.
Y
And
then,
if
you
have
ruby,
as
your
main
code
base,
breakman
great
tool
open
source,
it's
publicly
available,
I
think
they
now
have
a
paid
version,
but
also
a
free
version,
and
then
soda
cube
is
another
great
one,
as
well
from
a
static
analysis
perspective.
To
give
you
some
some
ideas
on
things
you
can
do
and
then
from
dynamic
analysis.
Y
The
open
web
application,
security
project
or
owasp
has
the
zed
attack
proxy
or
zap
that
electric
symbol
that
you
see
there
great
dynamic
analysis
tool
has
an
api
functionality
to
it
is
free
and
is
something
I
strongly
encourage
people
to
check
out
and
start
using
regularly
just
to
see
what
happens
again,
throw
that
spaghetti
at
your
code
and
see
what
sticks
then,
there's
w3af
by
andreas
riancho,
who
is
another
great
developer,
who
has
provided
a
nice
dynamic
analysis,
attack,
toolset,
really
great
for
java
and
other
tools
which
are
very
common
in
the
enterprise
today,
dependency
checking
again
making
sure
that
you
check
the
ingredients
as
well
as
of
the
static
analysis,
recipe
dependable,
really
great
tool.
Y
If
you're
on
the
github
platform,
which
I
would
think
that
you
probably
are,
if
you're
watching
this
and
then
of
course,
osp's
dependency
check
tool,
if
you
need
another
thing
to
go
ahead
and
look
into
the
environment
and
make
sure
that
things
are
working
appropriately
and
the
libraries
you're
using
are
fresh
and
secure
and
then
secrets
management
making
sure
that
you're
actually
dealing
with
those
problems
of
committing
secrets
to
your
code
by
understanding
how
that
works
and
making
sure
that
people
understand
how
to
use
the
secrets
fault
that
you're,
using
of
course,
cyberark
conjure,
also
has
another
solution
in
the
space,
and
I
strongly
recommend
you
check
it
out
and
then
for
further
learning.
Y
I
strongly
recommend
these
three
books
to
just
about
anyone
that
I
talk
to
the
devops
handbook
is
something
that
every
individual
or
a
project,
that's
working
with
a
software
to
read
front
to
back,
because
it
will
cover
pretty
much
every
use
case
that
you
can
think
of
including
part
six,
which
is
about
security,
which
is
why
I
often
say
devsecops
is
the
buzzword
today.
But
it's
really
just
part
of
devops.
Y
It's
always
been
part
of
the
devops
handbook,
and
it's
something
that
I
encourage
a
lot
of
people
to
go
read
for
those
people
that
are
either
in
the
manager's
path
or
in
terms
of
their
career
or
are
looking
to
get
into
management.
I
strongly
encourage
camille
fournier's
book
the
manager's
path,
largely
because
it
brings
that
human
element.
Y
It
thinks
about,
of
course,
making
sure
that
you're
not
burning
yourself
out
or
your
team
walks
through
kind
of
every
level,
from
a
lead
engineer,
all
the
way
through
cto
on
what
your
world
will
look
like
as
a
result
of
moving
down
that
path
in
your
career
and
then
finally,
for
those
leaders
that
are
watching.
I
strongly
strongly
encourage
reading
lean
enterprise.
Y
It
is
one
of
those
books
that
will
bring
forward
in
the
first
half
of
the
book
a
lot
of
the
ideas
that
you
see
in
the
devops
handbook,
but
in
the
second
half
it's
pure
gold.
It
will
talk
through
a
lot
of
the
different
challenges
that
you're
going
to
experience
and,
of
course,
how
to
slowly
break
them
down
and
rethink
about
the
way
that
you're
going
to
address
them
and
then
move
forward
and
build
a
better
enterprise
as
a
result.
Y
N
N
N
Y
That's
a
great
question:
divya,
it's
one
of
those
things
where
you
know
years
ago.
If
you
were
to
ask
me,
I
probably
would
have
said
start
with
dynamic
and
static
analysis.
Those
would
have
been
just
absolutely
the
things
that
would
have
made
your
life
better
and
easier,
but
I
I
surprised
a
lot
of
people.
You
know
with
with
kind
of
the
talk
about
dependency,
checking
as
something
that
people
should
really
start
with,
and
the
reason
that
I
say
depends
dependency
checking
is
the
right
places.
It's
it's
almost
like.
Y
Whenever
I
start
to
cook-
and
I
know
we
were
talking
a
little
bit
before
I
came
on
about
cooking
indian
cuisine
and
how
I
recently
learned
to
make
butter
chicken,
curry
and
so
having
the
right
ingredients
is
super
super
important
for
making
a
really
tasty
meal
and
so
always
checking
those
to
make
sure
that
you're
in
a
good
place.
Y
I'd
say
by
making
sure
that
you
can
just
kind
of
continuously
update
your
dependencies
on
a
regular
basis
that
will
enforce
and
encourage
you
to
have
really
good,
automated
it's
security
or
just
making
sure
that
the
application
continues
to
work
appropriately,
as
well
as
encourage
people
to
be
able
to
change
and
update
faster,
which
will
help
everything
down
the
line
when
it
comes
to
security,
because
if
you've
got
good
testing
from
a
happy
path
perspective
and
you
can
update
your
dependencies
regularly
well,
what's
to
stop
you
from
fixing
the
vulnerability
and
then
also
pushing
it
out
to
production
quickly.
M
Sure
look:
I've
got
a
couple
of
questions
that
quite
similar,
so
I
might
ask
them
both
to
get.
M
Y
You
know
that's
a
good
question,
it's
it's
always
one
of
those.
How
much
time
do
you
have
for
remediation
and
how
much
sensitivity
do
you
have
to
false
positives
right?
That's
that's!
Really!
The
answer
there
now
now
when
it
comes
to
to
the
tools
themselves.
Static
analysis
is
one
of
those
spaces
that
has
not
had
as
much
innovation
in
it.
In
the
last
you
know
decade
as
or
even
the
last.
You
know,
20
years
as
I
think
what
we
saw
with
github's
acquisition
of
semel.
Y
I
was
very
fortunate
in
in
kind
of
getting
a
lead
on
semel
from
some
friends
of
mine
in
the
security
industry,
about
I
don't
know
close
to
18
months
ago
in,
like
april
may
of
last
year,
maybe
a
little
more
than
18
months
ago,
and
and
so
what
github
advanced
security
is
the
right
tool
to
innovative
product
in
the
static
analysis
space
out
there
that
I've
seen-
and
I
worked
at
a
basically
the
founders
of
binary
static
analysis.
Y
You
know
some
years
ago,
so
I
actually
have
done
code
security
engineering
and
been
a
static
analysis,
q,
a
engineer
in
my
past
life
and
so
get
up
advanced
security
start
there
stay
there.
If
you
can,
especially
from
a
language
coverage
perspective,
the
only
time
I
ever
recommend
with
static
analysis,
getting
something
additional
is
if
you
need
to
cover
languages
that
aren't
as
robustly
covered
by
the
tool
that
you
have
dynamic
analysis,
that's
always
the
hardest
one
because
it
really
well.
Y
Quite
frankly,
you
know
how
again
that
that
false
false
positive
sensitivity
right
because
you
will
get
variance
based
on
just
the
quality
of
checks
that
you
get
from
the
tool
that
you
use.
Y
What
I
would
recommend,
though,
before
looking
at
adding
more
tools
to
the
toolbox
is
how
quickly
are
you
remediating
the
vulnerabilities
that
you
validated,
because
if
the
answer
is
weeks
or
even
in
some
cases
for
those
critical
vulnerabilities
days,
don't
add
another
tool?
It's
just
going
to
add
more
to
your
pile
of
things
to
do,
and
it's
it's
going
to
burn
bridges
with
the
developmental
with
with
tools
that
can
work
via
the
api
and
the
command
line
to
kick
off
those
scans
and
really.
Y
My
philosophy
has
always
been
make
security
as
self-service
as
possible.
Security
should
be
in
a
perfect
world
like
the
wind
is
what
I
say,
because
when
you
think
about
the
wind,
whether
it's
out
on
the
ocean
or
in
the
forest,
or
what
have
you
or
in
a
field,
you
cannot
see
the
wind.
You
see
the
the
way
that
the
wind
impacts
the
world
around
you
right,
the
way
that
the
trees
sway
or
the
waves
move,
but
you
don't
actually
see
the
wind
itself.
It
just
shapes
the
environment
around
it.
N
I
love
that
analogy:
wow
security
as
wind
and
github,
with
all
of
its
advanced
security
features,
I
kind
of
think,
like
the
things
you
were
referring
to.
It
addresses
some
of
those
one.
The
other
question
I
had
for
you
keith
was:
how
much
time
should
we
actually
allocate
to
addressing
security
issues.
Y
I
often
say
the
right
amount
of
time.
It
will
very
much
depend
on
the
company,
but
I
often
say
as
a
baseline
and
not
just
security
issues.
Y
By
the
way
I
say
technical
debt
issues
or
is
or
technical
inflation
issues
is
another
topic
for
another
day
is
about
20
right,
so
so,
whether
that's
one
sprint
in
five
or
whether
that's
fridays,
depending
on
the
you
know,
scale
of
the
problems
that
you're
facing
that's
the
right,
the
right
amount
of
time
to
start
with
ramp
up
as
you
need
to
for
surge
support
ramp
down
as
you
need
to
to
get
those
features
up
the
door.
But
20
is
the
right
amount
of
time.
In
all
reality,.
L
Y
N
Awesome,
thank
you,
everyone
and
thank
you
so
much
keith
for
all
that
insights.
Remember
folks.
Keith
will
be
in
discussions
for
the
next
30
minutes.
So
continue
answering
your
questions
and
post
it
at
github
universe.com,
slash
discussions
and
get
more
from
kate
all
live.
I
hope
all
of
you
are
having
a
good
time.
So
tweet
us
tag
us
daniel
and
I
would
love
to
hear
from
you.
You
can
reach
us
at
dd,
figatio
and
divya
at
the
via
vashnavi
again.
Thank
you
so
much
keith.
N
So,
what's
happening
right
now
on
the
dev
channel.
Is
community
powered
security
analysis
with
codeql
and
on
the
play
channel
is
making
music
with
robots
wow?
That
would
be
really
interesting.
I
should
go
check
that
out
after
we
do
this
so
bringing
the
next
session
is
accelerating
software
development
safely,
with
github
enterprise
github
enterprise
3.0
has
ton
of
features
for
administrators,
and
given
your
enterprise
customer
base,
daniel,
I'm
sure
you're
getting
excited
about
this
one
tell
us
more
who's
sharing
about
github
enterprise.
M
Awesome,
I
am
very
very
honored
to
introduce
a
really
good
friend
of
mine,
maya,
ross
she's,
the
product
director
for
enterprise
at
github.
She
has
a
masters
physics,
you
know
focusing
on
quantum
mechanics
and
she
plays
the
oboe,
which
is
so
much
better
than
me,
because
I
just
play
with
toys.
Look
folks,
don't
forget,
engage
with
us
on
discussions,
github
dot,
get
up,
universe.com
discussions
and
don't
forget
to
rate
this
session,
really
want
that
feedback
need
to
know
how
we
can
do
better
next
time
around.
Z
Hello,
that
was
a
awesome
introduction.
Thank
you
so
much
it's
great
to
be
here
today.
Hope
you're,
all
enjoying
universe,
got
to
check
out
the
keynote
earlier,
and
today
I'm
going
to
be
talking
to
you
a
little
bit
about
github
enterprise.
Z
So
myself
and
my
colleagues
spend
a
lot
of
time
talking
to
administrators
people
like
keith
who
run
devops
tooling
for
their
companies,
and
we
know
that
you've
got
a
lot
to
do
and
it's
pretty
hard.
Sometimes
you
have
to
secure
all
your
software
and
your
applications
across
the
supply
chain.
You
need
to
help
your
teams
to
automate
workflows,
so
they
can
focus
on
what
they
do
best.
Z
Those
apps
are
amazing:
they
have
more
than
a
million
downloads
and
they're
going
to
enable
developers
to
collaborate.
Check.
Notifications
approve,
pull
requests
from
you
know
in
bed
in
the
bath
on
a
bus,
no
matter
where
they
are,
but
github
enterprise
sits
across
the
cloud
as
well,
and
we
have
a
few
hundred
companies
who
are
using
github
enterprise
in
a
hybrid
environment,
so
they're
using
both
enterprise,
server
and
enterprise
cloud
together,
and
I'm
going
to
show
you
some
ways
today
that
you
can
do
that.
Z
So,
let's
talk
first
of
all
about
that
enterprise
foundation.
So
what
is
an
enterprise
account
at
github
for
those
of
you
who
haven't
seen
one
before
we'll
just
go
through
these
kind
of
basics,
so
an
enterprise
account
is
an
umbrella
around
your
users
and
around
your
organizations
for
many
companies.
Z
Z
All
right
so
here
we
have
a
enterprise
cloud
account
just
a
demo,
one
that
I
have
set
up
and
it
has
four
organizations
in
it.
You
can
have
any
number
of
orgs
that
you
want.
Some
companies
have
one
some
companies
have
thousands
or
even
tens
of
thousands
depending
on
how
they
want
to
manage
their
company,
and
each
of
these
organizations
can
have
different
security
and
governance
policies
applied
to
them.
Z
I
can
also
see
all
of
the
people
in
my
company,
so
here
I
just
have
a
company
of
three
whole
people,
and
I
can
see
some
security
information
about
each
person.
Now
I
mentioned
that
you
can
use
enterprise
in
a
hybrid
way
here.
One
of
the
things
you
can
do,
if
you
have
both
cloud
and
server,
is
to
see
all
of
your
users
across
both
environments
and
that
is
enabled
through
github
connect.
Z
If
I
jump
into
my
security
settings,
I
can
have
a
look
at
some
of
those
ip
security
settings.
So,
first
of
all,
the
one
that
most
companies
set
up
first
is
salmon
authentication
this
delegates
authentication
to
your
identity
provider.
Here
I
have
this
set
up
with
octa,
so
you
can
see
I
could
sign
in.
Of
course,
it
will
just
sign
me
straight
in
oh
no,
it
won't
and
that
ensures
that
all
of
your
enterprise
assets
can
only
be
accessed
by
people
signed
in
through
your
idp.
Z
We've
also
recently
added
support
for
automated
provisioning
and
de-provisioning
for
anyone
using
octa.
So
this
means
that
whenever
somebody
joins
your
organization
or
leaves
it
their
account
will
be
created
or
removed
automatically.
This
is
particularly
great
when
you're
off
boarding
people
and
you
want
to
remove
access
quickly.
Z
Iplowless
is
one
of
our
more
advanced
conditional
access
policies
and
it
enables
you
to
ensure
that
your
enterprise
resources
can
only
be
accessed
by
people
in
your
corporate
network.
Here
I
have
a
couple
set
up
so
moving
on.
Let's
have
a
look
at
verified
domains.
So,
as
I
mentioned,
this
is
one
of
our
newer
features.
It's
just
about
to
launch
in
beta,
and
what
this
enables
you
to
do
is
to
ensure
that
no
data
is
lost
through
the
email
channel,
essentially
by
verifying
domains
that
you
own.
Z
Z
You
can
see.
All
I
need
to
do
is
to
add
this
to
my
dns
record
and
then
the
domain
will
be
verified
within
a
couple
of
days
hopping
over
to
that
audit
log.
So,
of
course,
the
ability
to
audit
the
whole
enterprise
is
crucially
important,
and
here
we
have
a
single
view
of
all
events
that
are
going
on
across
all
organizations
and
all
users.
Z
Z
I
can
query
both
git
and
github
events
at
the
same
time,
if
you
want
to
or
just
one
or
the
other,
you
can
also
export
those
get
events
jose
and
your
github
events
next
year
we'll
be
adding
those
get
events
to
this
ui
as
well.
Z
Now,
let's
just
hop
in
to
one
of
my
organizations
we're
going
to
look
at
optodemo
platform,
so
here
you
can
see
we
have
a
couple
of
repos.
These
are
internal
repos,
which
means
they're
visible
by
everyone
across
my
enterprise,
internal
repos
are
really
the
foundation
of
inner
sourcing
with
github,
and
one
of
these
repos
is
building
a
company
wiki.
Z
Private
pages
again
is
another
new
feature
which
is
in
beta
now
and
which
is
going
to
launch
for
everybody
before
the
end
of
the
year,
and
what
it
means
is
that
you
can
create
pages,
just
as
you
know,
and
love
them
with
github,
which
are
only
accessible
by
people
in
your
enterprise,
and
the
visibility
is
built
of
the
visibility
of
your
repo.
So
this
is
an
internal
repo,
which
means
the
page
built
offer
is
visible
by
everyone.
Z
In
my
enterprise
they're
perfect
for
company
wikis,
in
fact,
we
use
a
private
page
for
the
github
intranet
and
our
engineering
wiki.
Here's
a
basic
example.
One
of
the
other
things
I
really
like
about
private
pages.
Is
this
edit
flow.
So
now,
since
I
have
write
access
on
that
repo,
I
can
edit,
the
private
page
directly
from
here.
Z
Make
changes
commit
it
and
then
those
changes
will
go,
live
within
just
a
couple
of
minutes,
really
nice
integrated,
workflow
and
great,
especially
for
people
who
aren't
so
technical
but
need
to
maintain
knowledge
basis.
Z
Let's
just
go
back
to
my
wiki.
I
just
want
to
touch
briefly
on
some
branch
protection
rules
and
how
we're
extending
them-
you
might
have
seen
a
little
bit
of
this
in
the
keynote.
If
you
manage
to
watch
it
so
here
I
have
a
couple
of
branch
protection
rules
set
up,
which
means
that
any
code
changes
need
to
be
reviewed
first
of
all
by
a
third
party
and
then
by
my
code
owners.
Normally
often,
a
security
or
expert
team
before
they're
merged
in
github
has
also
recently
expanded
the
same
concept
to
environment
protection
rules.
Z
Z
We
can
see
a
pull
request
that
has
been
merged
in
and
then
deployed
through
my
environments
and,
as
per
my
rule,
it
has
been
approved
by
me.
This
is
one
of
the
biggest
things
that
we've
shipped
in
the
last
few
months.
Chris
pat
is
doing
a
talk,
deep,
diving
into
this
new
experience.
I'd
really
encourage
you
to
go
watch
it
if
you
can
all
right.
So,
let's
just
hop
back
here.
Z
We
know
from
our
ghes
customers
in
particular
that
you
know
they're
under
a
lot
of
pressure
to
administer
this
product,
make
it
available
to
their
company
and
over
the
last
year
we
have
been
making
big
changes
to
work
more
in
the
open
and
more
transparently
at
github.
Z
Z
I
think
this
is
going
to
make
a
big
difference
to
the
overall
reliability
of
the
product,
and
I'm
excited
for
this
change.
If
you
have
any
thoughts
on
this
love
to
chat
to
you
about
it
in
the
discussion
later
so
just
moving
on
to
those
other
pillars,
I'm
just
going
to
do
a
quick
whiz
round,
some
of
the
other
main
capabilities
that
you
get
through
github
enterprise.
Z
First
of
all,
automation,
so
github
has
really
built
the
community
standard
for
automation
with
github
actions.
I'm
sure
you
will
have
seen
this
before,
but
actions
is
the
number
one
ci
tool
on
github.com
and
it's
achieved
that
status
in
just
a
year
after
launching-
and
we
now
have
6000
actions
on
the
marketplace,
which
I
just
think
is
an
amazing
testament
to
how
easy
it
is
for
developers
to
build
actions.
Z
So,
first
of
all,
I'm
going
to
decide
which
of
my
orgs
should
have
access
to
actions
this.
You
people
usually
decide
based
on
managing
cost,
and
I'm
gonna
enable
just
my
ml
team
to
have
it.
I
can
also
decide
whether
to
allow
all
actions,
including
actions
from
the
marketplace,
just
ones
we've
built
or
select
actions,
for
example,
ones
created
by
github,
I'm
going
to
allow
all
actions
and
these
the
marketplace
actions
are
going
to
be
available
to
my
private
enterprise
server
instance,
because
I
have
enabled
github
connect.
Z
Z
I
can
also
set
my
log
retention
period,
I'm
going
to
make
that
a
long
time
and
I
don't
want
to
lose
any
data
and
then
I'm
going
to
set
up
a
couple
of
self-hosted
runners.
So
it's
super
easy
to
set
up
takes
about
five
or
ten
minutes
to
get
all
of
your
runners
configured
again.
I
can
decide
whether
to
make
them
those
runners
available
to
the
whole
enterprise
or
just
selected
organizations.
Z
Z
Z
In
addition,
we
also
have
a
template
that
my
org
administrator
has
made.
For
me,
it's
a
mlt
ci
workflow,
and
this
is
a
workflow
template.
That's
available
across
my
organization
next
year,
we'll
be
adding
enterprise-wide
templates
as
well,
which
will
be
great
particularly
for
companies
operating
in
more
high-compliance
high-governed
environments.
Z
Let's
just
go
back.
The
next
thing
I
wanted
to
cover
briefly
is
security
and
how
you
can
simplify
and
automate
that
so
as
kind
of
keith
talked
about
just
previously,
finding
and
fixing
vulnerabilities
is
really
notoriously
difficult,
and
this
is
very
much
a
structural
issue.
We
have
575
570
times
more
developers
in
the
world
than
security
researchers
and,
as
we
keep
coding,
we
keep
introducing
new
vulnerabilities,
we're
not
getting
any
better
at
just
naturally
spotting
vulnerabilities,
so
github.
Z
Our
approach
to
addressing
this
problem
is
to
bring
that
community,
together
with
the
right
tooling,
to
help
you
secure
code.
Now
our
security
capabilities
have
grown
massively
over
the
last
year.
Advanced
security
offers
both
code
scanning
and
secret
scanning,
which
are
automated
security
scanning
tools
and
in
addition
to
that,
our
dependency
alerts,
automated
security
fixes
and
the
advisory
database
and
making
sure
that
both
private
and
open
source
repos
are
staying
secure.
Z
Okay,
so
here
I
have
another
enterprise
server
instance
and
it
has
a
repo
setup.
The
first
thing,
you'll
notice,
is
that
we
have
found
some
security
vulnerabilities
in
my
dependencies
now.
This
information
is
coming
from.
The
github
depend
advisory
database,
which
is
on
github.com,
and
it's
coming
to
my
private
environment
again
through
github
connect,
so
we're
bringing
actions,
we're
bringing
user
information
and
we're
bringing
the
security
information
into
your
private
environment
through
connect.
Z
Z
Codeql
has
found
this
issue,
and
the
code
scanning
tool
has
also
given
me
a
bunch
of
recommendations
on
what
I
need
to
do
to
fix
it.
Now
you
can
see
all
of
the
source
code
for
these
queries
in
this
public
codeql
repo
and
the
queries
here
are
written
by
github
staff
and
by
the
security
researcher
community.
Z
Here's
an
example
of
one
that's
under
development
right
now,
written
by
jonathan,
who
is
a
github
staff
and
a
security
researcher
in
boston
and
through
code
scanning
we're
going
to
bring
his
knowledge
expertise
and
the
work
he's
doing
to
contribute
to
this
directly
to
your
company
going
back.
Let's
just
look
quickly
at
my
secret
scanning
alerts.
Secret
scanning
has
picked
up
that
I
have
put
in
two
aws
secrets,
and
this
is
a
very
common
way
that
customer
data
is
stolen.
Z
Z
Alrighty
so
just
going
to
wrap
up
see
this
slide
there
we
go
so
we've
gone
through
today,
the
github
enterprise
platform
and
how
it
provides
a
very
integrated
community
power
platform
to
help
companies,
administrators
and
developers
to
achieve
the
kind
of
goals
that
we
outlined.
Z
M
N
I
think
the
best
part
was
having
everything
that
we
have
on
github.com
being
available
in
github
enterprise,
3.0
actions,
policies,
marketplace
actions,
advanced
security-
all
of
that.
But
if
I
have
to
talk
about
one
thing
which
impacts
all
of
us
would
be
the
change
in
the
process
for
the
release
pipeline
to
help
increase
reliability.
M
Absolutely
you
know
we
do
so
much
development
and
to
be
able
to
you
know,
have
this
capability
now
to
to
ship
it
to
you.
First
before
we
release
it
generally,
so
that
you
know
we
can
deal
with
those
edge
cases
that
may
came
come
up.
You
know
at
the
last
minute.
You
know
I
it's
fantastic,
I'm
really
looking
forward
to
that.
We've
actually
done
it
once
already.
We
did
it
with
a
few
customers
and
it
worked
really
well
so
looking
forward
to
doing
that
now,
moving
forward.
M
Some
of
the
things
I'm
I'm
really
excited
about
is
the
visualization
of
the
actions
workflows,
you
know
and
the
ability
to
to
to
approve
a
deployment
before
it
goes
out.
You
know:
we've
had
a
lot
of
customers
asking
us
for
for
more
powerful
cd
capability
and
that
literally
lands
right
in
that
nest,
and
I'm
really
excited
about
that.
The
ability
to
do
things
like
manage
what
actions
can
actually
run
within
a
particular
repository
is
fantastic.
M
M
AA
Hi,
my
name
is
gina
hoyske
and
I'm
a
software
architect,
and
also
the
project
lead
and
yeah
main
developer
of
a
little
project
called
octoprint
octoprint
is
an
open
source
web
interface
for
3d
printers
that
I
created
back
in
2012
and
which
I've
been
maintaining
ever
since,
and
I
am
actually
able
to
work
on
it.
Full-Time
100
crowdfunded
by
the
community,
which
is
something
that
I
never
expect,
would
work
and
which
is
yeah
an
absolutely
awesome.
AA
What
they
mean,
what
what
kind
of
things
they
allow
and
not
allow
and
and
yeah
the
the
whole
the
whole
principles
behind
them
like
like,
sharing
open
and
free
sharing
of
knowledge
and
giving
back
and
all
that
and
at
the
same
time,
also
started
then
contributing
to
the
one
other
project
and
yeah.
AA
And
while
I
think
well
personally
think
that
it
is
very
important
to
have
decentralized
repository
and
code
storage,
which
git
by
its
nature
kind
of
enforces,
because
every
get
every
cloned
repository
is
its
own
full
featured
repository
itself
and
that
no
single
company
or
no
single
platform
should
have
total
control
over
all
the
projects
out
there.
AA
I
also
think
that
having
something
like
a
global
development
hub
that
yeah
github
de
facto
has
become,
has
made
it
extremely
easy
for
people
to
enter
the
world
of
open
source
development
and
also
take
their
first
steps
in
there
and
also
to
in
general
collaborate
and
contribute
because
yeah,
you
just
have
to
understand
how
the
github
issue
tracker
works,
how
full
requests
work
and
that
just
translates
to
such
a
huge
number
of
projects,
then
that
it
simply
has
sped
up
contributing
so
much
in
my
personal
experience
so
yeah,
that's,
that
is,
that
is
pretty
much
what
github
means
to
me.
AA
AA
I
really
hope
to
be
able
to
help
improve
the
platform
as
a
whole
through
my
feedback
and
my
insight,
and
what
I
also
hope
to
achieve
a
bit
is
making
open
source
female
open
source
maintainers
like
myself,
a
bit
more
visible
overall,
because,
sadly,
still
the
general
stereotype
of
das,
open
source
must
be
male
still
persists
strongly
in
the
community
and
sometimes
frankly,
drives
me
up
the
wall.
With
regards
to
what
github
features
I
love,
I
will
admit
that
I've
fallen
completely
for
github
actions.
AA
I
currently
view
them
a
bit
as
a
hammer
to
every
single
nail
that
I
encounter
in
the
development
space
when
it
comes
to
a
continuous
integration
or
automation
of
any
kind,
and
I
really
enjoy
using
them
because
they
make
it
extremely
easy
to
quickly
get
results
and
reusable
ones
to
to
boot
and
another.
Another
github
feature
that
I
really
love
is
the
extremely
well
documented
api,
as
it
has
enabled
me
to
easily
interact
with
github
when
necessary
in
the
past
and
present.
So
I
built
a
bunch
of
tooling
to
help
me
with
issue
management.
AA
AA
With
regards
to
allowing
me
to
define
fields
that
have
to
be
filled
in
maybe
with
some
pre-filled
options
for
for
components,
for
example,
which
are
back
effects
or
something
like
that
check
boxes
that
have
to
be
set
and
if
they
have
not
been
set,
then
the
ticket
cannot
be
submitted
same
for
log
files
that
have
to
be
uploaded
or
the
ticket
cannot
be
submitted
because
right
now
I
have
this
issue
template
that
gets
pre-filled.
AA
But
a
lot
of
people
just
delete
it,
and
it
is
a
bit
of
a
wall
of
text
because
it
explains
in
detail
where
to
find
the
information
that
I'm
asking
for,
because
otherwise
my
experience
has
been
that
people
just
ask.
But
where
do
I
find
that?
And
then
I
have
to
continuously
explain
it
again,
and
this
wall
of
text
actually
now
has
people.
AA
Yeah
scared,
scared
people
a
bit,
so
that
is
also
not
the
perfect
solution
and
also
trying
to
validate
issues
that
are
submitted
with
a
bot
after
the
fact
is
also
a
bit
of
frustrating
experience
for
users,
because
they
just
submitted
this
thing
and
send
it
off
and
thought
everything
was
fine
in
our
bot
comms
and
tells
them
hey
by
the
way.
This
is
not
a
bug
report
or
not
a
complete
bug
report.
We
need
this
this
and
this
information.
It
would
be
nice
if
this
if
there
was
some
way.
AA
Maybe
why
a
yamal
front
meta
or
something
like
that
for
me
to
define
some
kind
of
form
that
has
to
be
filled
in
and
yeah
instead
of
this
free
form
text
box.
That
is
a
bit
overwhelming
to
many
people.
Apart
from
that,
let
me
just
say
to
everyone
working
on
github:
please
just
keep
being
awesome
and
listening
to
your
users,
you
have
a
stellar
track
record
for
this
over
the
past
couple
of
years
and
yeah,
I'm
just
looking
forward
excitingly
to
what
might
still
come.
AA
M
Wow
that
was
awesome.
Thank
you
so
much
gina
folks,
you
know
again
maya's
not
going
to
be
in
discussions
for
the
next
30
minutes.
So
but
please
hop
in
there
and
you
know,
ask
those
questions.
We've
got
subject
matter.
Experts
on
hand
available.
You
know
divya's
pointing
right
at
it
right
now,
so
you
should
know
exactly
where
to
go
and
yep.
So,
let's
move
on.
M
Well,
it's
getting
to
the
end
of
the
day.
I
think
everyone's
getting
a
little
tired,
so
there's
the
odd
glitch
going
on
there,
but
it's
all
good
awesome
folks,
don't
forget!
We've
got
those
four
channels
to
check
out.
We've
got
the
enterprise
channel
the
developer
channel
the
university
channel
for
all
those
students
and
the
play
channel
just
for
fun
now,
you're
in
that
enterprise
channel,
if
you
haven't
figured
it
out
by
now,
but
feel
free
to
pop
in
and
pop
out
of
those
other
channels,
come
back
and
visit
us
at
any
time
all
right.
M
So,
let's
now
move
on
to
our
next
session
now
you
might
have
heard
a
little
bit
about
security
earlier,
but
let's
go
a
bit
deeper
now,
let's
do
a
bit
of
a
round
up
here.
So
what
we've
got
here
is
an
advanced
security
roundup.
It's
going
to
give
you
all
the
latest
and
greatest
that's
going
on
in
the
area
of
github,
advanced
security,
but
divya
tell
us
all
about
justin.
N
So
joining
us
telling
us
all
about
detailed
about
security
is
our
very
own.
Justin
hutchings
he's
a
staff
product
manager
at
github
worked
on
security
features
like
advisor
database,
so
folks
remember
to
engage
with
us
on
discussions
justin's
already
around
and
waiting
to
hear
all
your
questions
don't
forget
to
rate
the
sessions.
We
really
value
your
feedback
and
find
the
yellow
star
next
to
join
discussions
at
the
bottom
of
this
page.
Over
to
you,
justin.
AB
Hi
and
welcome
to
the
github
advanced
security,
roundup,
I'm
justin
hutchings
and
I'm
a
product
manager
on
github's
security
team.
Today,
I'll
give
you
a
very
brief
introduction
to
the
state
of
software
security.
Tell
you
about
some
of
things.
Github
has
been
working
on
that
can
really
help
you
protect
yourselves
from
the
modern
security
threats
that
are
out
there.
AB
So,
let's
start
by
touching
base
on
the
state
of
software
security,
and
I
need
to
acknowledge.
I
can't
tell
you
everything
about
software
security
in
a
20-minute
talk.
We
could
spend
hours
on
any
one
chunk
here
at
github.
We're
really
focused
on
understanding
security
from
the
developer's
point
of
view,
because
empowering
developers
to
build
secure
code
is
one
of
the
best
ways
to
move
the
needle
on
your
security
story.
AB
AB
AB
Well
you
hire,
there's
a
reason
that
mitre
has
so
many
different
cwe
buckets
it's
because
as
humans
we
tend
to
introduce
the
same
kinds
of
problems
over
and
over
again,
you
know
another
great
source
for
context
in
the
ecosystem
is
varicode's
state
of
software
security
report,
and
that
tells
us
that
around
83
of
applications
have
at
least
one
security
vulnerability
in
them.
So
if
you're
not
doing
something
to
go
and
find
those
and
mitigate
them,
you're
putting
your
users
at
risk,
whether
that's
open
source
or
enterprise
software.
AB
So
that's
why
we
at
github
have
been
hard
at
work
with
a
collection
of
security
solutions
that
we
call
github
advanced
security
within
github,
advanced
security.
We've
got
three
major
product
areas.
The
first
is
secure
dependencies,
and
this
is
your
classic
software
composition,
analysis
or
sca
capabilities.
AB
AB
Finally,
secure
secrets:
we
know
credential
leaks,
are
a
huge
problem
both
for
security
and
reliability.
Reasons
I
mean
have
you
ever
tried
to
roll
keys
on
an
app
where
someone
hard
coded
credentials
into
the
source
code,
instead
of
putting
them
into
the
key
vault?
It's
not
going
to
be
a
good
day,
you're
going
to
cause
an
outage
and
everyone's
going
to
be
unhappy.
AB
AB
B
AB
AB
Finally,
the
dependency
graph
is
what
makes
all
of
our
dependency
security
features
possible.
It
does
this
by
scanning
the
manifest
files
for
supported
package
managers
and
building
out
a
graph
of
all
the
software.
You
depend
on
now.
We've
got
great
coverage
here.
We
currently
support
npm
and
yarn
for
javascript
maven
for
java
nuget
for
dotnet
developers,
composer
for
you,
php
developers,
rubygens
for
ruby
and
then
pi
pi
for
python,
and
so
for
most
of
you.
We've
got
something,
and
of
course
this
is
an
area
that
we're
constantly
looking
to
improve.
AB
AB
That's
why
we've
made
it
really
easy
to
view
results
in
code
scanning
super
easy
by
integrating
those
alerts
into
pull
requests
and
making
sure
the
developers
are
only
blocked
when
they
introduce
a
net
new
vulnerability
in
their
code.
That
way,
when
you
have
a
lot
of
security
debt,
it's
not
going
to
come
up
every
day.
It's
not
going
to
slow
you
down,
it's
still
there
and
we
hope
you'll
fix
it,
but
it's
not
in
your
way.
AB
You
know.
Code
scanning
is
the
best
and
easiest
way
to
run
codeql
or
other
analysis
tools
on
github
we've
integrated
with
both
the
action
ci
system,
as
well
as
some
third-party
ci
systems.
Using
a
simple
cli
code
scanning
is
generally
available
in
cloud
and,
as
maya
mentioned
in
the
previous
section
will
be
generally
available
in
the
upcoming
enterprise.
Server
3.0
release
as
well.
AB
Codeql
is
the
semantic
analysis
engine
that
powers,
our
own
security
analysis.
Now
a
lot
of
static
analysis
tools
out
there
do
things
like
use,
regular
expressions
or
look
at
bytecode
to
try
and
figure
out
what's
happening,
codeql.
We
actually
map
all
the
code
in
your
repository
into
a
graph
database,
and
this
is
a
special
because
it
allows
security
researchers
to
reason
over
that
code
and
develop
queries
that
can
find
really
complicated
vulnerabilities
with
really
high
precision.
AB
In
fact,
we've
been
focused
on
reviewing
the
set
of
cves
that
have
been
published
over
the
last
couple
of
years
and
whether
our
queries
would
have
caught
them.
You
know,
as
of
today,
we
find
that
about
24
of
recent
javascript
cves
out.
There
would
have
been
caught
by
a
default,
codeql
query
on
github
and
that
may
not
sound
like
a
lot
but
go
and
look
how
many
cves
there
are
for
javascript
it's
a
lot,
and
this
can
really
help
improve
your
security
posture.
AB
Now.
Codeql
currently
supports
seven
of
the
top
programming
languages
out
there,
including
c
c
plus
plus
c
sharp,
go
javascript,
java,
python
and
typescript.
Of
course,
we're
working
on
expanding
this
coverage
soon,
so
I'll
just
say,
keep
an
eye
on
the
roadmap
for
a
little
more
information
there
we're
also
detecting
more
than
160
cwes
or
common
weaknesses.
This
includes
all
the
classic
problems
that
you
know
to
look
for,
like
cross-site,
scripting
or
denial
of
service.
AB
And
you
know
I
mentioned
security
researchers
earlier
and
I
think
it's
an
important
point
to
drill
in
on
the
github
security
lab.
Is
a
coalition
we've
built
with
the
security
research
community
to
help
find
new
vulnerabilities
and
get
them
responsibly?
Patched
we've
been
running
a
bounty
program
to
encourage
participation,
participation
and
to
date
our
researchers
have
found
186
cves,
including
ones
like
this
remote
code,
execution
vulnerability
alvaro
uncovered
in
germany's
covet.
AB
19
contact
racing
software,
and
this
is
the
sort
of
stuff
that
the
security
lab
does
every
day
they're
going
out
and
trying
to
innovate,
to
find
new
vulnerabilities
that
we
can
then
bring
back
and
inoculate
your
software
against
using
codeql,
of
course,
we're
big
believers
in
defense
in
depth,
which
is
why
we
built
code
scanning
to
be
interoperable.
From
the
start.
AB
We've
been
engaging
with
the
broader
community
of
security
tool,
vendors
and
open
source
projects
to
make
it
really
easy
to
add
in
scenarios
like
container
scanning,
you
know
using
a
tool
like
anchor
or
trivi
or
sneak
doing
configures
code
scanning.
So
your
yaml
and
you
know
hashicorp
files
are
all
protected
or
even
performing
analysis
on
additional
languages,
with
open
source
tools
like
breakband
or
with
any
of
these
commercial
products
that
are
that
are
in
the
sidebar.
AB
We've
done
this
by
building
against
an
open
standard
that
makes
it
really
easy
for
you
to
plug
in
your
own
tools
as
well
now.
The
reason
this
is
so
important
is
because,
by
bringing
all
of
this
together
in
one
user
experience
we're
making
it
easier
than
ever
to
get
security
challenges
in
front
of
developers
before
they're
a
problem
for
your
users.
AB
Now
you
may
know
that
we've
been
scanning
public
repos
for
secrets.
For
the
last
couple
of
years.
You
might
have
even
seen
an
email
when
you
made
your
own
mistake,
checking
in
an
aws
key
once
you
check
a
secret
into
a
public
repository
and
push
that
to
github.
You've
got
to
consider
a
compromise,
there's
no
coming
back
from
that.
AB
So
secret
scanning
in
public
repos
is
integrated
with
more
than
30
partners
who
review
potential
matches
in
those
public
repositories
and
then
revoke
the
secrets
from
the
server
side
before
they
can
be
used.
Maliciously,
you
know
we're
still
seeing
more
than
a
hundred
thousand
potential
secrets
per
week
in
public
repositories,
because
this
is
such
an
easy
mistake
to
make.
AB
And
we're
using
that
exact,
same
infrastructure
to
help
enterprise
developers
identify
secrets
in
their
private
code
as
well.
This
scans
the
full
history
of
your
repositories,
and
it
provides
users
with
a
native
experience
for
triaging
secrets
that
we
find
in
your
code
as
much
as
this
is
a
security
feature.
It's
also
a
reliability
feature
I
mentioned
earlier.
Rotating
secrets
can
be
really
problematic
if
you've
got
secrets
checked
into
your
code.
You
know
that
can
cause
big
problems,
because
maybe
one
of
your
micro
services
doesn't
use
the
key
vault
and
the
other
ones
do
so.
AB
AB
This
list
is
growing
all
the
time
as
more
and
more
companies
work
to
help
their
users
avoid
security
risks
in
the
cloud
all
it
takes
is
some
regular
expressions
and
a
webhook
endpoint.
So
if
your
service
produces
tokens,
I
would
definitely
recommend
reaching
out
to
us
and
we'd
be
happy
to
partner
with
you.
AB
AB
Of
course,
I'd
be
remiss
not
to
mention
just
a
ton
of
additional
security
talks
that
have
already
aired
at
github
universe.
Today.
You
know
these
talks
go
into
more
detail
about
things
like
code,
ql
or
dependency
review,
and,
if
you'd
like
to
learn
more,
I
definitely
encourage
you
to
catch
up
on
those
videos
later
on
on
the
webcast
with
that,
thank
you
and
back
to
the
hosts.
N
Thank
you
so
much
justin
such
an
awesome
ride
of
github,
advanced
security,
full
roundup
folks,
remember,
please
rate
the
session.
Give
your
feedback
all
of
us,
including
justin,
wanna,
wanna,
learn
more.
So,
let's
start
with
the
q.
A
the
first
one
justin
for
you
is
from
omkar
and
he
wants
to
know
is
depend
about
available
for
github
enterprise
server
and,
if
it
is,
is
it
charged?
How
do
we
go
about
installing
it
and
everything
around
it?.
AB
AB
All
of
this
happens
on
your
local
appliance,
so
you
set
up
a
thing
called
github
connect.
This
pulls
down
data
from
the
the
github
advisory
database
and
then
the
dependency
graph
runs
locally
on
your
server
to
figure
out.
If
you
have
any
dependencies
and
then
it
queries
that
that
data
that
it
downloaded.
So
all
that
happens
on
the
server
and
you
can
get
those
security
alerts,
but
you've
got
to
write
your
own
patches
on
enterprise
server
right
now.
AB
M
Now
that's
a
good
call
and
it's
a
quick
shout
out
folks.
We
have
a
public
roadmap
at
github.com
github
roadmap,
if
I
remember
so
definitely
go
and
have
a
look
at
that.
There's
a
project
board
there.
It
categorizes
everything
it's
fantastic
anyway.
Just
I
got
a
question
from
my
very
good
friend
andre.
He
knows
who
he
is.
What's
the
difference
between
dependebot
and
codeql,.
AB
That's
a
fantastic
question,
so
you
know
we
bought
both
of
them,
interestingly
enough,
but
they
do
totally
different
things.
So
dependabat
is
our
software
composition,
analysis
tool.
It
helps
developers
patch
and
find
vulnerabilities
in
their
dependencies.
AB
So
if
you've
got
an
electron
app
that
you
wrote,
an
electron
publishes
a
new
cve,
it's
going
to
give
you
the
patch
that
gets
you
to
a
secure
version.
Codeql.
On
the
other
hand,
that's
a
static
analysis,
soft
security
testing
tool,
and
so
that
will
go
build
your
to
your
code,
analyze
that
all
into
a
graph
allow
security
researchers
to
query
it
and
then
give
you
alerts
on
vulnerabilities
that
you
actually
wrote.
So
that's
the
difference,
dependable,
is
on
vulnerabilities
in
other
people's
code
and
code
ql's
on
vulnerabilities
in
yours,.
AB
AB
You
know
which
methods
call
which
methods
how
different
variables
get
used
where
the
data
that's
in
them
came
from.
And
what
have
you
now
once
you
have
that
data
set,
though
you
you
know
it
doesn't
do
anything
for
you
until
you
figure
out
behaviors
that
are
bad,
and
so
we
have
this
huge
set
of
queries.
That's
up
on
github.com
github
codeql,
and
these
are
a
bunch
of
security
rules
that
we've
put
in.
AB
So,
for
example,
if
you
have
a
string,
that's
populated
from
the
ui,
that's
your
source
of
the
data,
and
you
drop
that
into
a
sql
string
without
sanitizing
it
at
all,
that's
a
sql
injection
attack,
and
so
they
can
actually
write
queries
that
say
find
me
strings
that
come
from
a
user
controlled
source
that
go
into
a
sql
sync
and
that's
a
really
popular
security
vulnerability
that
codeql
could
actually
catch.
Based
on
that.
M
Wow
awesome
awesome,
look
enough
questions
from
andre
he's
at
his
moment
in
the
sun.
I'm
going
to
ask
you
a
couple
of
other
questions.
At
least
one
here
from
wanting
is
the
process
for
advanced
security
such
as
secret
scanning?
Does
that
happen
on
github
enterprise
server
itself,
or
is
it
done
back
in
the
cloud
via
you
know
something
like
githubconnect.
AB
Yeah,
so
the
advanced
security
features
that
we
have
everything
that
we've
brought
to
github
enterprise
server
all
happens
on
the
appliance,
so
you
could
be
air
gapped.
You
could
be,
you
know,
running
in
a
government.
You
know
dark
ops,
lab
or
something
like
this.
None
of
the
data
is
ever
going
to
leave
your
instance
and
that's
really
important,
because
we
want
you
to
have
that
sort
of
confidence
that
your
code
is
your
code,
it's
safe,
it's
secure!
N
AB
Yeah
so
code
scanning,
we
built
it
by
default
as
an
interoperable
tool,
and
that
means
we
we
built
against
a
standard
called
the
serif
standard,
static
analysis,
results,
interchange
format,
and
so
any
tool
can
go
and
produce
this.
It's
just
a
json
file
and
then
they
can
upload
that
back
to
us
using
either
an
included
github
action
that
we
have
or
the
api
that
we
support,
which
is
code
slant
code
scanning
serifs,
you
post
that
it
puts
that
data
in
we
parse
it.
We
do
all
the
state
management
we
handle.
AB
M
AB
M
AB
Of
course,
I
mean
we've
actually
open
sourced
all
these
queries
and
that's
one
of
the
things
that
we
think
is
so
important.
Is
that
we're
a
community
powered
security
tool,
which
means
that
you
know
we'll
do
the
best
we
can
to
make
the
best
set
of
queries
that
we
possibly
can.
But,
ultimately
you
know,
we
know
that
the
world
of
software
is
huge.
There
are
going
to
be
libraries
and
tools
and
patterns
out
there
that
we're
not
going
to
foresee,
and
so
anybody
can
make
contributions.
AB
You
can
just
go
to
that
codeql
repository
up
on
github
and
you
can,
you
know,
make
any
contributions.
You
like
we've
also
got
great
samples
and
tools
available.
If
you
go
to
the
github
security
lab
website,
you'll
find
all
the
details
on
exactly
how
to
you
know,
write
those
queries
test
them
before
you
make
those
contributions
back.
AB
So
dependency
review
is
brand
new.
It's
going
to
be
rolling
out
over
the
next
couple
weeks,
so
it
depends
on
you
know
your
user
id,
whether
you
have
it
today
or
you'll,
have
it
in
a
week.
AB
But
what
will
happen
is
just
create
a
new
pull
request
in
a
public
repo
that
changes
a
manifest
file
in
a
supported
file
format.
So
like
a
package,
lock,
json
and
then
go
to
that,
you
know
pull
request,
and
then
you
want
to
click
that
little
files
render
tab
in
the
pull
request
under
files,
change
and
you'll
see
all
the
details
on
that
particular
dependency
that
you
just
changed.
N
Cool
can't
wait
to
get
my
hands
on
it
before
we
let
you
go
justin
one
more
question
like
any
secret
sauce
or
anything
that
you've
not
shared
with
all
of
us
here
yet.
AB
Well,
so
you
know,
let
me
just
drop
a
little
plug
that
if
folks
are
curious
about
kind
of
where
we're
going,
they
should
definitely
check
out
the
roadmap.
AB
One
thing
that
we
have
been
working
on
is
we're
working
on
bringing
some
new
languages
to
codeql,
sorry,
a
new
language
to
codeql,
and
I
don't
want
to
say
what
it
is.
I
don't
want
to
break
the
anticipation
if
you
go
up
to
the
roadmap
and
check
it
out,
you'll
see
the
next
language
in
line
to
get
codeql
support,
and
you
know
we
want
to
welcome
that
community
with
open
arms
for
some
great
security
testing
when
we
get
that
done.
N
N
Oh,
my
god
daniel
can
you
believe
it?
We
are
at
the
end
of
day
one.
Thank
you.
Everyone
for
joining
in
this
has
been
an
awesome
day,
a
lot
of
great
discussions.
This
talks
speakers
we
hope
you
like
us,
had
the
same
excitement,
learning
inspiration
and
all
of
that
check
this
great
tweet
from
carl,
carlo
gilmer.
If
I'm
pronouncing
that
right
that
illustrates
his
learnings
for
the
day.
N
B
N
A
lot
more
in
store
for
you
tomorrow,
so
check
out
the
schedule
at
githubuniverse.com
schedule
and
we've
got
great
themes
coming
up
too.
So
tomorrow
is
all
about
devops.
It's
actually
truly
inspiring
the
transformation
devops
brings
in
companies
and
cultures.
So
remember
and
don't
miss
it
out
on
friday.
That
is
day.
Three
is
all
about
developer
experiences.
B
M
That
is
folks,
there's
so
much
more
to
github
enterprise
and
github
generally
than
dark
mode
like
we're
watching
this
stream,
and
everybody
is
just
talking
about
dark
mode,
but
don't
forget
code,
spaces,
dependency
review.
All
of
that
is
there
as
well
just
to
make
your
job
as
developers
so
much
easier.
So
folks,
coming
up
on
day
two
because
I've
made
my
own
schedule
is
that
in
the
enterprise
channel
we
have
managing
test
environments
with
you
know:
github,
git,
ops
and
github
actions.
M
How
we
at
github
actually
use
github
to
plan
and
track
work.
We
have
a
great
presentation
from
you
know
the
people
at
home
depot
over
on
the
developer
channel.
We
have
getting
traction
with
github
actions.
I
love
github
action,
so
I'm
to
go.
Watch
that
replay
later
on,
we
have
observability
superpowers
for
developers
and
then
also
a
little
session
on
how
to
keep
secrets
and
manage
secrets
in
your
infrastructure
pipeline
over
on
the
play
channel,
we've
got
seeing
the
data
around
us.
M
We
have
rapid
prototyping
for
developers
and
then
we
have
a
bit
of
a
fireside
chat.
You
know
how
to
disrupt
when
disruption
actually
comes
for
you
now.
Folks,
if
you
didn't
make
your
own
schedule
today,
you
can
make
one
for
tomorrow
by
going
to
the
universe
website
and
checking
out
each
channel.
Getting
an
itchy
nose
must
be
getting
to
the
end
of
the
day.
Now,
if
you
have
made
one
share
it
on
social
media
to
let
everybody
else
know
what
you're
doing,
and
I
want
to
thank
our
sponsors
again.
M
You
know
they've
done
great
demos,
great
giveaways.
They
just
want
to
help
you
use.
You
know
github
enterprise
sorry
get
up
and
make
as
much
out
of
it
as
you
possibly
can.
I
also
want
to
give
a
shout
out
to
cason
our
stage
manager
who's
been
doing
this
job
now
for
17
hours.
Today
he
started
off
with
the
with
the
the
north
american
session
and
he's
now
with
us
working
in
the
apex
session.
So
dude
we
love
you.
Thank
you
so
much
and
finally,
divya
take
us
to
the
final
session
for
today.
N
Yeah
plus
one
fun
to
take
case
in
so
at
github,
we
start
with
one
and
we
end
with
fun.
So
what
we're
bringing
in
as
a
love
session
is
reaps
one
aka,
harry,
yeah,
fun
fact.
Actually
damien,
I
don't
know.
If
you
know
harry,
has
a
tournament
chess
player
and
turned
beat
boxer
he's
actually
recently
completed
an
artist
residency
with
howard,
as
well
as
part
of
the
experiment
in
art
and
technology
program
at
bell
labs.
N
What's
going
to
be
really
interesting,
is
in
this
session
reaps
one
would
have
no
control
over
the
ai
replies,
so
he
has
to
continuously
adapt
and
improvise.
So
it's
a
conversation
with
audio
like
no
other
blurring
the
lines
between
music
and
dialogue
created
specially
for
all
of
you
all
of
us
here
at
github
universe,.
N
A
A
A
A
A
A
A
A
A
A
A
A
A
AD
A
A
A
A
A
A
T
AD
AD
AD
A
A
A
A
A
S
S
A
A
A
A
A
AC
A
A
A
A
X
X
Hello,
everybody
and
welcome
to
the
github
universe
highlight
show
I'll,
be
your
host
kyle
daigle
over
the
next
15
minutes.
I'll
be
sharing.
Some
of
the
highlights
from
today,
including
our
huge
keynote
in
all
of
its
announcements,
highlights
from
the
17
talks
that
you
definitely
can't
miss
are
absolutely
killer,
play
track
and,
of
course,
I'll.
Have
you
completely
ready
to
go
for
tomorrow's
session
of
github
universe
which
kicks
off
at
9
00
a.m?
Pacific.
X
I
know
it's
a
little
fast
to
be
worrying
about
tomorrow,
but
I
don't
want
you
to
miss
out
on
any
of
our
totally
virtual
github
universe
this
year,
but
before
we
worry
about,
what's
coming,
let's
sink
our
teeth
into.
What's
already
happened,
kicking
off
today,
nat
neha,
ryan,
diana
and
brian
gave
us
a
jam-packed
overview
of
what
it's
like
to
use.
X
Github
these
days,
we've
made
quite
a
few
changes
in
the
past
few
years
that
make
github
more
useful
day-to-day
easier
to
get
your
daily
work
done
and
hopefully,
a
little
bit
more
enjoyable
too
kicking
off
the
keynote.
We
announced
that
github
discussions
is
now
available
in
public
beta
to
help
you
and
your
communities.
Collaborate
together.
E
Can
I
catch
up
with
my
favorite
communities?
Github
discussions
makes
this
so
easy.
We
announced
it
a
few
months
ago
as
a
great
place
for
q,
a
and
open-ended
conversations,
and
today
we're
announcing
that
every
open
source
community
can
try,
get
up
discussions
with
our
new
public
beta
just
head
to
your
repo
settings
and
turn
it
on
right
now.
E
X
X
F
G
H
X
These
new
improvements
are
so
good
at
github.
We're
able
to
use
auto
merge
to
get
pull
requests
into
their
action
workflows
faster
than
ever
for
some
projects
and
for
parts
of
the
app
that
need
a
little
bit
more
review
manual.
Approvals.
Allow
us
to
check
our
test
deployments
before
letting
our
continuous
deployment
workflows
take
over
for
us.
Github
actions
is
now
a
full-featured
ci
and
cd
platform
ready
for
you
to
use.
X
I
can't
wait
to
get
these
features
into
your
hands
because
sometimes
it's
the
little
things
that
make
the
biggest
difference
and
finally,
if
you
use
github
on
premises,
we're
bringing
all
these
amazing
features
to
github
enterprise
server,
with
our
new
release,
github
enterprise
server
3.0,
including
github
actions,
packages,
code
scanning
and
more
we'll
catch
up
with
maya's
talk
covering
all
of
these
new
features.
In
just
a
few
minutes,
you
can
learn
more
about
enterprise
at
enterprise.github.com,
oh
and
one
more
thing,
let's
shine
a
huge
light
on
something:
that's
a
little
dark,
github,
dark
mode.
X
I
gotta
up
my
slipper
game
after
watching
that
I
know
you've
been
asking
begging,
pleading
for
this
feature
for
a
while
and
we're
happy
to
announce
that
it's
here,
github,
dark
mode
is
available
now
today,
right
this
minute,
either
use
your
system
settings
or
the
settings
within
github
to
quickly
enjoy
the
dark,
dark
bliss
of
a
much
darker
coding
experience.
I
promise
as
soon
as
I'm
out
from
behind
all
these
lights
I'll
be
turning
on
dark
mode
2.
and
you
all
love
the
announcements
that
much
is
clear.
X
Let's
take
a
dive
into
your
hot,
takes
on
social
media
and
see
what
you
all
thought
about
the
keynote:
I'd
love
for
you
to
share
what
you're,
loving
or
finding
exciting
about
github
universe.
All
you
need
to
do
is
tag
it
with
the
hashtag
github
universe,
and
your
tweets
and
instagrams
might
show
up
in
our
highlight
show
as
well
all
right.
Let's
take
a
look
at
what
you
thought.
First
of
all,
meet
bruno
a
cat
programmer
who
seems
to
really
be
enjoying
or
maybe
is
utterly
confused
by
the
play
track
performance.
X
I'm
not
sure
I
love
seeing
where
you
all
were
watching
from
home
today
and
bruno.
Please
stick
around
for
day.
Two
moving
on
brady's
family
was
a
little
confused
by
his
big
excitement
for
get
up
dark
mode.
Listen.
I
think
I
could
hear
all
of
you
from
my
house
and
this
room
is
pretty
sound
proofed.
I
assume
you
explained
to
them
the
utter
importance
of
dark
mode,
brady
and
finally
sunny
caught
a
line
from
nat
in
the
keynote
about
how
github
sponsors
can
let
open
source
developers
work
for
the
internet.
X
We
already
have
many
developers
on
github
sponsors,
making
six
figures
full
time,
which
is
awesome
and
maybe
not
quite
a
cat
and
mouse
duo.
But
now
we
have
boris
watching
github
universe
from
miles
house
and
I
think
he's
taken
a
liking
to
martin
and
dana
boris
should
meet
bruno
and
then
mona
feels
like
we
have
a
whole
programming
cartoon
on
our
hands
share
what
you're
thinking?
What
was
your
favorite
part
of
universe,
use
the
getup
universe,
hashtag
I'd
love
to
feature
you
in
the
show.
X
I
wanted
to
share
a
few
of
my
favorite
moments
from
the
talks,
but
you
can
see
all
the
talks
on
replay
by
going
to
githubuniverse.com,
as
you
saw
in
the
keynote
code,
spaces
is
the
best
way
to
both
edit
and
run
your
code
with
the
power
of
vs
code
right
inside
your
browser.
Earlier
today,
bailey
matthew
and
allison
shared
how
you
can
start
writing
new
code
run.
Your
tests
run
your
actual
application
and
then
deploy
to
production
from
almost
any
browser.
X
Personally,
I'm
looking
forward
to
not
fumbling
around
when
I
set
up
a
new
code
base
and
I'm
really
excited
to
be
able
to
use
my
laptop
or
an
ipad
to
develop,
while
linked
to
a
vm
in
the
cloud
be
sure
to
check
out
both
the
replays
from
both
the
code
spaces
talks
to
learn
more
or
just
go
and
sign
up.
Today,
you
can
find
the
link
at
slash,
codespaces
or
just
head
on
over
to
github.com.
X
Okay,
now
we
have
a
new
feature
that
is
very
important
related
to
security.
Now,
what
is
one
thing
that
basically,
every
new
feature
has
it's
code
and
what
does
almost
every
piece
of
code
eventually
have
security
vulnerabilities
during
today's
talks,
a
bunch
of
our
speakers
shared
how
github
their
companies
and
many
open
source
communities
are
trying
to
make
it
easier
to
write
secure
code
much
much
earlier
in
the
process.
Here's
maya
sharing
how
github
can
help
make
it
even
easier.
X
Y
Feature
this
is
kind
of
like
the
faucet
that
you
go
to
or
the
sink
that
you
may
go
to
and
when
you
turn
that
left
knob,
you
expect
the
water
to
be
hot.
That's
universally
true,
you
didn't
have
to
ask
anyone
for
it
and
you
didn't
have
to
tell
the
plumber
to
install
it
that
way.
It's
just
the
way
that
that
operates,
and
so
in
a
lot
of
ways.
That's
the
way
that
people
think
of
security
today
is.
X
Now,
maya,
william
shared
how
we
can
keep
vulnerabilities
out
of
our
code
and
keith
talked
about
the
importance
of
security
as
a
feature.
What
happens
when
you
know
you
leak
a
production
secret
into
the
code
base?
Look,
don't
judge
me,
you've
done
it.
I've
definitely
done
it,
but
luckily
for
us,
sasha
shares
how
github
code
scanning
protects
us
from
getting
into
this
big
mess
at
all.
J
X
You're,
not
mining
any
bitcoin
on
my
dime
I'll.
Tell
you
that
all
the
many
tokens
I've
pushed
up
have
already
been
revoked
by
github
and
its
partners,
thanks
to
computers
being
both
wonderful
and
completely
and
utterly
terrible
spencer
from
the
metasploit
project
spoke
about
how
to
write
an
exploit
module
and
then
check
it
against
targets
for
vulnerabilities,
here's
spencer,
describing
why
he
finds
working
on
metasploit
so
interesting.
AE
I
mean
I,
I
talked
a
lot
about
like
writing
the
exploits,
and
that's
that's
really
where
it's
at.
I
always
find
that
incredibly
exciting,
because
you're
you're
tinkering
with
things
and
it's
oftentimes.
You
know
a
puzzle
where
you're
trying
to
create
content
to
leverage
functionality
or
a
feature
or
a
bug
in
a
way
that
wasn't
originally
intended
to
be
leveraged.
X
X
There's
more
where
that
came
from,
though,
just
to
name
a
few:
we've
got
github
actions
on
premises,
automated
code
and
secret
scanning
alerts,
conditional
access
policies
to
better
lock,
down
your
environment
and
extended
branch
protection
rules
that
are
environment.
Aware,
there's
too
much
for
me
to
cover
here.
You
should
check
out
maya's
whole
talk
as
a
replay
and
best
of
all
these
features
will
all
be
available
to
you
in
a
release
candidate
starting
next
week
in
our
third
track
of
sessions.
X
The
university
track
had
sessions
today
aimed
at
student
developers
like
a
talk
from
emoji
miller,
technical
advisor
to
the
ceo
about
the
myth
of
innate
technical
ability
and
a
talk
from
mike
swift,
ceo
and
co-founder
of
major
league
hacking
about
how
everything
you
think
you
know
about
tech.
Internships
is
wrong.
If
you're
a
student
and
interested
in
diving
in
yourself,
head
on
over
to
the
university
track
to
prep
for
day
two
and
few,
if
three
tracks
of
talks
and
sessions
weren't
enough
for
you,
did
you
take
a
look
at
the
play
track.
X
The
play
track
has
some
of
the
coolest
most
artistic
uses
of
technology
that
we
could
find,
and
we
are
so
excited
to
bring
you
more
this
year
and
check
this
out.
This
is
sarah
davis,
who
also
goes
by
dj
dave
on
spotify,
go
check
that
out.
She's
live
coding.
This
amazing
track
that
helped
kick
off
github
universe.
The
github
team
was
so
loving
every
second
of
this
performance.
In
so
were
you
on
twitter,
be
sure
to
check
out
her
performance
and
all
of
the
amazing
performances
on
the
play
track
tomorrow
I
promise
you.
X
They
are
worth
a
watch
and
listen
all
right.
We've
covered
the
keynote,
the
talks,
the
four
tracks
and
all
the
performances
from
today.
How
about
we
take
a
look
at
what's
coming
tomorrow
to
help
us
out
with
that
I've
invited
liz,
saling
director
of
software
engineering,
to
tell
us
a
little
bit
about
what
she'll
be
helping
to
present
tomorrow.
Hey
liz,
hey
kyle!
X
AF
Absolutely
I
am
so
excited
to
share
with
you
how
we
coordinated
the
efforts
of
dozens
of
engineering
teams
and
hundreds
of
engineers
to
pay
down
technical
debt
here
at
github
that
we
were
able
to
significantly
invest
in
the
state
of
our
software
and
our
systems
and
making
it
faster
and
easier
to
build
and
ship
github.
And
even
I
was
in
the
middle
of
it
right.
Well,
it
happened
and
I
love
seeing
what
we
put
in
place
to
keep
improving
on
this
new
and
improved
state.
AF
So,
if
you're
interested
in
how
we
do
devops
here
and
the
metrics
that
we
watch
to
know
how
we're
doing
and
frankly,
if
you
just
want
to
hear
from
a
couple
of
the
amazing
engineering
leaders
that
I
get
to
work
with,
come
hang
out
with
us
tomorrow.
As
we
talk
about
how
we
came
together
to
tackle
our
technical
debt.
X
Well,
liz:
there
is
snow
on
the
ground
here
in
connecticut,
but
in
your
honor
I
put
on
my
nerdiest
hawaiian
shirt.
I
hope
you're
in
a
much
warmer
situation
than
I
am
today.
AF
I
am
it's
a
it's
a
balmy,
let's
see
79
degrees
here
in
kona,
maybe
that'll
be
my
talk
for
next
year.
At
universe
is
how
we
can
all
work
from
amazing
paradisical
locations.
X
Now
you're
talking,
thank
you
so
much
liz.
You
bet
and
you
can
watch
liz
keith
and
kk's
talk
about
reducing
get
up's
technical
debt
tomorrow
on
the
developer
track
at
10
30
a.m:
pacific,
along
with
liz's
talk.
There
are
a
bunch
of
great
talks
for
you
to
check
out
tomorrow
at
9
30
a.m.
Pacific.
You
can
learn
more
about
visual
tests
on
every
pull
request
from
angie
jones
at
10
a.m.
X
X
Thank
you
so
much
for
joining
me
for,
for
today's
github
universe,
highlight
show
I'd
love
to
hear
your
highlight
from
today.
Use
the
hashtag
github
universe
and
feel
free
to
mention
me
kdaegel
and
you
might
end
up
in
tomorrow's
show.
Github
universe
will
also
kick
off
a
rebroadcast
with
live
hosts
at
9
30
a.m.
India
standard
time.