End-to-end innersourcing and secure development with GitHub
Conference (BEGINNER level)
Room 7
Score 0.11
Score 0.14
Score 0.18
Score 0.19
The match becomes increasingly accurate as the similarity score approaches zero.

Many of you may be familiar with GitHub for your own Open Source (OSS) projects. But, did you know that you can run your end-to-end development within your organization using GitHub Enterprise?

Join Chris for a whistle-stop tour in the day-in-the-life of a developer with GitHub Codespaces, GitHub Copilot, GitHub Actions and GitHub Advanced Security, showing how you can bring Open Source best practices into your day-to-day work (also known as InnerSource)!

Chris Reddington

Chris is an Enterprise Advocate at GitHub - Helping enterprises ❤️ GitHub. He has previously worked at Microsoft as a Cloud Solution Architect, and DevOps practice lead for FastTrack for Azure, setting their global DevOps strategy, readiness plan and partnering with Azure Engineering Teams on product improvement. Chris works with developers, data scientists, system admins, engineering leads and technology execs across startups and enterprises on cloud adoption and software development practices.

Chris also runs his own blogging, podcasting and content platform for the community. Check out Chris' latest work over at

Generated Summary
WARNING: This summary was generated using GPT based on the transcript, as a result spelling mistakes and more importantly hallucinations can be present.

GitHub for Open Source and Internal Development
This talk is about how to use GitHub for both open source and internal development. Chris Reddington explains that GitHub is home to many major open source projects, and has 4 million organizations and 83 million developers contributing to it. He discusses how open source communities have solved many challenges related to working asynchronously and removing silos to make contributions easier. He then talks about how Enterprises often have friction when developing something due to their organizational structures, creating inefficiencies and tension. GitHub focuses on providing a great developer experience by taking open source practices and applying them to internal development. This includes things like open repositories and instant messaging, but not necessarily instant replies. By doing this, it allows teams to collaborate and makes it easier for teams to make pull requests into the Central repository. Security is also a key focus, as research shows that more lines of code are written but the rate of vulnerabilities found in those lines of code is not slowing down.
GitHub Code Spaces
In this talk, we will explore ways to use GitHub for open source and internal development projects. This includes using GitHub repositories as well as GitHub Code Spaces, an on-demand development environment that allows users to define the environment they need to be productive. Additionally, internal repositories can be used to remove silos and allow collaboration within an organization. Finally, a readme file can be used to provide an explanation of the project and how to contribute. GitHub Code Spaces is an on-demand development environment built using containers, which is an alternative to the traditional process of cloning a repository, installing needed frameworks and tools, and then beginning development. It includes a Dev Container JSON file which acts as a cookie cutter of what the environment should look like and a Docker Compose file. GitHub Code Spaces provides a Visual Studio Code-like experience with code, terminal, and extensions all ready to go. It also includes tasks to help get started quickly.
GitHub Co-Pilot
GitHub co-pilot is an AI pair programmer that helps to write boilerplate code and methods based on the user's language pattern preferences. This extension can be installed in the Visual Studio Code environment, and it can be synchronized with GitHub Code Spaces. The GitHub co-pilot extension can help to quickly create a pull request, build a Docker file, and run tests. It also has the ability to provide methods for filtering books by author or title.
GitHub Actions for CI/CD and Automation
This is a guide to using GitHub Actions for CI/CD and automation. It explains how to create pull requests, check code quality, and detect security issues. It also introduces the open source community of actions available, which can be used to react to events like creating an issue or pushing a release. Finally, it shows how to create workflows in the .GitHub folder using yaml files. GitHub Actions are a powerful tool which allows users to build on open source code and use actions provided by third-party providers. In addition, GitHub also provides reusable workflows which can be used internally by organizations to build and publish containers, as well as build and push Java applications to the GitHub Container Registry.
Security is also important, and GitHub focuses on three areas: dependencies, code scanning, and secret exposure. Penderbot is a tool to help manage dependencies when using GitHub for projects. It can help with bumping the latest version of a dependency and alerting security issues. It is integrated with GitHub, so everything is easy to access and manage within the same window. Penderbot also has code scanning capabilities and allows for third-party scanning tools to be integrated into GitHub. This makes it a one-stop shop for all of a developer's needs. This article discusses two tools, Code QL and Gripe, which detect issues in code. These tools can be integrated into the Code Scanning Alerts UI. Code QL is particularly clever in that it takes the code base and converts it into a database so that queries can be written to detect certain scenarios. GitHub also has a Secret Scanning feature which detects certain patterns and alerts the vendor if a secret is leaked. If using GitHub Advanced Security, it is up to you to take action on the alerts.
Inner Source
Chris Reddington discussed the importance of inner source, a practice of using open source principles and practices internally within an organization. He went over the various tools that can be used to facilitate inner source, such as GitHub Code Spaces, Co-Pilot, and GitHub Actions. He also covered the importance of security and how to create custom security policies to avoid false positives. Reddington encouraged people to connect with him to learn more and get some GitHub stickers. No questions were asked, but if anyone wants to ask anything on a one-to-one basis, please come down to the booth downstairs where a few of us will be available to answer questions.
We look forward to seeing what you do with GitHub. Thank you. Chris Reddington offered a comprehensive overview of using GitHub for open source and internal development. He discussed the importance of inner source and outlined the various tools that can be used to facilitate it. Additionally, he highlighted the importance of security and how to create custom security policies to avoid false positives.
You can also ask questions on the complete talk using Devoxx Insights