|GitHub Strengthens Team Working|
|Written by Kay Ewbank|
|Monday, 11 May 2020|
At its virtual conference Satellite 2020, GitHub announced several improvements for developers working in teams, including a discussion tool for chatting outside the codebase, and improved code scanning.
GitHub also gave more details about Codespaces, the renamed Microsoft Visual Studio Online programming environment which is available on GitHub. Codespaces provides a cloud-hosted dev environment directly within GitHub, meaning developers can can start contributing to a project without leaving GitHub. Codespaces can be configured to load your code and dependencies, developer tools, extensions, and dotfiles.
As we reported last week in VS Online Rebranded As Codespaces, Codespaces is what used to be called Visual Studio Online, and is based on VS Code. Codespaces in GitHub includes a browser-based version of the full VS Code editor, with support for code completion and navigation, extensions, and terminal access. GitHub says pricing for Codespaces hasn't been finalized yet, but it will be free to use during the limited beta.
Another new tool for GitHub users is Discussions. This widens the options for talking to other developers, providing an alternative to conversations linked to issues and pull requests. Discussions live in a project repository, and have a threaded format to make it possible to start, respond to, and organize unstructured conversations. Where a thread is to answer a question, it can be marked as answered.
The next announcement introduces tools for GitHub-native code scanning, though only as betas at the moment. When code scanning is enabled, every 'git push' is scanned for new potential security vulnerabilities, and results are displayed directly in your pull request. The scanning is based on the semantic analysis engine, CodeQL, which GitHub says has "an unmatched record finding real vulnerabilities". The new tool will be free for open source, and any public project can sign up.
At the same time, secret scanning (what used to be called token scanning) is being expanded to cover private repositories - until now it's only been available for public repositories.
or email your comment to: firstname.lastname@example.org