GitHub 101
What year was GitHub founded?
2008
What are security vulnerability alerts?
Threat detection powered by ML
Identifes vulnerabilities in code dependencies
Support: Javascript, Python, Ruby, Java, .Net
https://help.github.com/en/articles/about-security-alerts-for-vulnerable-dependencies
What is GitHub Actions?
GitHub Actions allow you to implement custom logic without having to create an app to perform the task you need. You can combine GitHub Actions to create workflows using an action defined in your repository, a public repository on GitHub, or a published Docker container image. GitHub Actions are customizable and can use the GitHub API and any publicly available third-party APIs to interact with a repository. For example, an action can publish npm modules, send SMS alerts when urgent issues are created, or deploy production ready code. You can discover, create, and share your GitHub Actions with the GitHub community.
Serverless DevOps
Trigger workflows by GitHub events
Automated workflows as code
Flexible and scalable container execution
https://developer.github.com/actions/
Why GitHub? What is your elevator pitch?
This depends on the person but:
- Home of Open Source
- Collaboration
- Ecosystem + Automation + Actions
- Developer first
I want to buy GitHub but I need to be able to have both an on prem and cloud environment. Is that possible with GitHub? If so, how?
GitHub Enterprise is the new unified product for Enterprise Cloud (formerly GitHub Business Cloud) and Enterprise Server (formerly GitHub Enterprise). Organizations that want the flexibility to use GitHub in a cloud or self-hosted configuration can now access both at one per-seat price. And with GitHub Connect, these products can be securely linked, providing a hybrid option so developers can work seamlessly across both environments.
https://github.blog/2019-01-07-new-year-new-github/
Name 3 Resources that can help someone become more familiar with Git and GitHub
Does GitHub encrypt at rest?
Does the answer to this question require an NDA signed?
GitHub it currently working on beginning to encrypt the data that resides on GitHub.com. This will initially apply to user data (Git data, ElasticSearch and MySQL).
As this process involves moving data, encrypting disks and re-provisioning servers, the process will take several months to complete. We will be assessing performance along the way to ensure that the encryption process doesn’t impact your GitHub experience. We will be taking a phased approach to rolling out encryption at rest and is largely dependent on performance that we see during the rollout.
Customers on GHE-S control the infrastructure where GitHub runs and thus have the ability to run encryption if they choose.
Release FAQ:https://github.com/github/releases/blob/master/release-faq/encryption-at-rest.md
FAQ: https://github.com/github/product-team/blob/master/sales-faqs/encryption-at-rest.md
What is GitHub Connect?
Unified contributions (GA) - Developers are coding, reviewing and commenting within within their company’s GitHub Enterprise account but those contributions do not get recognized on their GitHub.com public profile. With unified contributions, developers can connect their GitHub Enterprise account with their GitHub.com account and showcase Enterprise contribution counts on their GitHub.com public profile.
Unified Search (GA) - We’re expanding the functionality for unified search in GitHub Enterprise 2.15 with Business Cloud support for private repository search and advanced search interface and prefixes. Previously, developers were able to search public repositories from their GitHub Enterprise instances. Now you can also search private repositories within your company’s Business Cloud instance from Enterprise--opening communication across organizations using both cloud and on premise repositories. And with the ability to use the advanced search interface and prefixes, you have greater access to the search tools you need.
Why GitHub over BitBucket?
Name 4 virtualization platforms that GHE-S can be installed on
AWS
Azure
Google Cloud Platform
Hyper-V
OpenStack KVM
VMware
XenServer
What is an Outside Collaborator? Does it take up a seat license?
Yes!
How can I automatically provision and deprovision users to my GitHub Org?
SAML single sign-on with selecy IdPs enables automatic provisioning and deprovisioning via System for Cross-domain Identity Management—otherwise known as SCIM.
SCIM allows you to conveniently and automatically send invitations when you assign your organization’s GitHub app in your IdP, and automatically removes members from your organization when you unassign the app or otherwise deactivate the user.
What is Token Scanning? How can this help me?
When you push commits to a public repository, or switch a private repository to public, GitHub scans the contents of the commits or repository for tokens issued by the following service providers:
When GitHub detects a set of credentials, we notify the service provider who issued the token. The service provider may revoke the token, issue a new token, or reach out to you directly.
Private repository token scanning is in beta.
I need to be able to automatically forward all audit logs for my organization. How can I do that on GHE-S?
GitHub Enterprise uses syslog-ng to forward system and application logs to the server you specify in the Management Console settings.
https://help.github.com/en/enterprise/2.16/admin/installation/log-forwarding
The GitHub flow
Create a Branch
Add commits
Open a PR
Discuss and review code + CI/CD
Deploy
Merge code and maybe delete branch
What IdPs does our SCIM API officially support?
These identity providers are compatible with the GitHub SCIM API. For more information, see SCIM in the GitHub API documentation.
What is Draft PRs?
With draft pull requests, you can clearly tag when you’re coding a work in progress. Now when you open a pull request, a dropdown arrow appears next to the “Create pull request” button. Toggle the dropdown arrow whenever you want to create a draft instead.
A draft pull request is styled differently to clearly indicate that it’s in a draft state. Merging is blocked in draft pull requests. Change the status to “Ready for review” near the bottom of your pull request to remove the draft state and allow merging according to your project’s settings. Also, if you have a CODEOWNERS file in your repository, a draft pull request will suppress notifications to those reviewers until it is marked as ready for review.
https://github.blog/2019-02-14-introducing-draft-pull-requests/
How can I make sure my IP/proprietary code is secure on GitHub Enterprise Cloud?
Our customers are reassured around protecting their proprietary code through the following controls that are available on GitHub Enterprise Cloud:
Restrict users from being able to create Public repositories within your org
Prevent users from forking Private repositories from your org
Protect branches to prevent accidental merges
Enforce SAML SSO: When SAML SSO is enforced,any organization members without a SAML linked identity will be removed. From that point on, new members must link a SAML identity with their GitHub.com account before they're able to join your organization.
Use the GitHub GraphQL API to map a member's GitHub username and their SAML identity. If this was run periodically you could store the results in a separate system to reference once members are removed in the future.
Regardless, if you give somebody read access to your code you always accept the risk that they could copy and paste it elsewhere even without Git and GitHub. We protect our customers of this through our DMCA takedown process.
Can I set up multiple instances of GitHub using the same license key?
Our GitHub Enterprise License agreement outlines that with the standard license, we issue a license to install and use a single production license of GitHub Enterprise Server and a number and type of seats. You can create and run multiple instances with your license for staging, testing, failover, etc.. as long as you have only one production instance active at any time.
What is the difference between a fork and a branch in GitHub?
Can I sync my SAML groups with GitHub teams?
ONLY share if the customer is under NDA:
We are working on team sync between GitHub and Azure AD. We are creating the ability connect Azure AD groups to a GitHub team.
What is GitHub Pages? How can I use it?
GitHub pages are designed to host your personal, organization, or project pages from a GitHub repository.
It is a public landing page for your project or even personal website.
How is my private code safer on GitHub vs. another platform?
Security Vulnerability Alerts
Token Scanning
...