GitHub Explains Fundamentals Program
Written by Kay Ewbank   
Tuesday, 13 February 2024

GitHub has been explaining the work of its Engineering Fundamentals Program and how this is being used to ensure GitHub's 100 million users across the world have "uninterrupted access to GitHub's products and services on a platform that is always available, secure, and accessible."

The Fundamentals program aims to ensure that there is clear prioritization of the work needed in order for GitHub to guarantee the success of their platform and products.


The goal of the Fundamentals was to help GitHub "address tech debt, improve reliability, and enhance observability of our engineering systems". 

This is a tall order, but GitHub says the program is used to make sure that work is prioritized to ensure GitHub can meet its goals of running a successful platform. This relies on looking at the accessibility, security and availability of the platform.

Fundamental Scorecards are used to provide measurements of progress against these goals. The scorecards show whether a service or feature in GitHub has reached some expected level of performance against the GitHub standard. GitHub expects that some scorecards will eventually become concrete technical controls, at which point any deviation will be treated as an incident and other automated safety and security measures may be taken, such as freezing deployments for a particular service until the issue is resolved.

Each service has a set of attributes that are captured in a YAML file, such as a service tier (tier 0 to 3 based on criticality to business), quality of service (QoS values include critical, best effort, maintenance and so on based on the service tier), and service type. The Fundamental scorecards read the service's YAML file and start monitoring the applicable services based on their attributes. If the service does not meet the requirements, an action item is generated with an SLA for effective resolution. A corresponding issue is automatically generated in the service's repository to tie into the developer's workflow.

Among the scorecards in use, code scanning is used to track security vulnerabilities in GitHub software, using CodeQL to detect vulnerabilities during development. Other scorecards are used to track secrets in GitHub's repositories; and to measure incident readiness.

blog post describing the Fundamentals program is available now.



More Information

GitHub Developers Blog Explaining Engineering Fundamentals

Related Articles

GitHub Announces AI-Powered Changes

GitHub Releases Innovation Graph

GitHub Sees Exponential Rise In AI

GitHub Enterprise Server Adds Projects Support

GitHub Enterprise Adds Centralized User Accounts

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


JetBrains Announces TeamCity Pipelines

JetBrains has released a public beta of TeamCity Pipelines, a cloud-based Continuous Integration/Continuous Deployment (CI/CD) service for small and medium-sized engineering teams.

Amazon Ending Alexa Skills Payments

Amazon has told developers who are signed up to the Alexa Developer Rewards Program that their monthly payments will end at the end of June. The announcement follows a decision to end the program unde [ ... ]

More News

raspberry pi books



or email your comment to:

Last Updated ( Tuesday, 13 February 2024 )