GitHub adds more security and automation features to Enterprise Server

Microsoft Corp’s GitHub unit. today updated its GitHub Enterprise Server platform with an array of new features designed to streamline software development projects.

GitHub, which was acquired by Microsoft in 2018, operates a popular open source software hosting service. The Microsoft unit generates revenue by providing commercial development tools to companies. One of its flagship offerings is GitHub Enterprise Server, a version of the GitHub platform that companies can use to host their internal software projects.

GitHub Enterprise Server 3.5, the new release introduced today, features over 60 improvements. Many of the most important upgrades are aimed at helping developers ensure their code is free of vulnerabilities.

Enterprise applications often include external code components from the open source ecosystem. If a security flaw is discovered in one of the open-source components used by an application, the application can potentially become vulnerable to cyberattacks. GitHub Enterprise Server 3.5 will make it easier for companies to address these vulnerabilities.

The platform comes with a cybersecurity tool called Dependabot which GitHub obtained through a Acquisition of start-ups in 2019. According to the Microsoft unit, Dependabot can automatically alert developers if a security flaw is detected in one of the open-source components used by an application. The tool also provides functionality that enables software teams to quickly upload patches as they become available.

To help developers write more secure apps, GitHub has created a system called CodeQL that can scan code for common vulnerabilities. GitHub Enterprise Server 3.5 offers an improved version of the system. CodeQL now scans code for vulnerabilities faster and can detect more than half a dozen new types of security flaws.

Hackers often attempt to reverse engineer the code of applications in an effort to find opportunities to launch cyberattacks. Therefore, developers should take steps to ensure that their code does not contain sensitive data such as encryption keys and passwords. To make it easier, GitHub Enterprise Server can now automatically block code updates if they contain data such as encryption keys.

The new version of the platform allows companies to track how well their application projects adhere to cybersecurity best practices. There is a feature that provides an overview of security issues detected by GitHub’s CodeQL and Dependabot tools. For more metrics, the Microsoft unit has added the ability to collect 41 types of metrics on how a company’s GitHub Enterprise Server deployment is being used by developers.

The platform’s cybersecurity tools represent one element of a larger feature set designed to streamline software development for businesses. Another important part of GitHub Enterprise Server’s value proposition is GitHub Actions, a workflow automation tool. It allows developers to create workflows to manage the process of deploying new code to production.

GitHub Enterprise Server 3.5 makes it easier to reuse GitHub Action automation workflows across projects. Meanwhile, developers building software container apps have access to a new container registry. It allows developers to store frequently used application components in a centralized repository.

GitHub is also rolling out a series of other enhancements with GitHub Enterprise Server 3.5. Microsoft Unity has added parameters that can be used to deploy code to production faster. The settings are complemented by an improved auditing capability, as well as an array of new configuration options that can be used to optimize platform deployments.

Image: GitHub

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.