GitHub Universe: Open Source Trends Report and New AI Security Products


GitHub Advanced Security gains AI features, and GitHub Copilot now includes a chatbot option. GitHub Copilot Enterprise is expected in February 2024.

Image: Adobe/sdx15

At the GitHub Universe conference held in San Francisco and virtually on Nov. 8 and Nov. 9, 2023, the company revealed its new open source trends report as well as changes to GitHub Copilot and AI enhancements for GitHub Advanced Security.

GitHub Copilot and GitHub Advanced Security are available globally. However, some GitHub services, including Copilot, are subject to U.S. trade controls and are not available in the sanctioned countries listed here.

Jump to:

Generative AI is popular among open source projects

Open source generative AI projects joined GitHub’s list of the top 10 most popular open source projects by contributor count in 2023. In 2022, about 17,000 developers on GitHub worked on generative AI projects; in 2023, that number rocketed to around 60,000. AI projects are becoming more mainstream, GitHub said.

More organizations are likely to start using pre-trained AI models in the future as developers become more familiar with them, GitHub predicted.

GitHub found developers are increasingly using the Git version control system for declarative languages using Git-based infrastructure as code workflows.

The study also found greater standardization in cloud deployments and a sharp increase in the rate at which developers were using Dockerfiles and containers, infrastructure-as-code and other cloud-native technologies. Use of Hashicorp Configuration Language (HCL), which is an indicator for operations and infrastructure-as-code work, grew 36% year-over-year.

The number of new developers on GitHub grew by 26%, with India having the fastest-growing population of developers. GitHub defines a developer as anyone with a non-spam GitHub account.

Commercially-backed open source projects draw attention

Commercially-backed open source projects had the largest number of contributions and the largest number of first-time contributors. The number of private projects grew 38% year over year.

Securing dependencies and branches are popular projects

In terms of security in open source, more developers are turning to automation to secure dependencies, and open source maintainers are paying close attention to protecting their branches.

Front-end development shows promise

Front-end development is a rapidly growing type of project among open-source developers.

GitHub Copilot Chat and GitHub Copilot Enterprise revealed

At GitHub Universe, the company announced GitHub Copilot Chat (Figure A), which is a generative AI assistant that explains code in natural language, and GitHub Copilot Enterprise. GitHub Copilot Chat will be available in December 2023 to customers with existing individual or organization-wide GitHub Copilot subscriptions.

Figure A

Screenshot of Github Copilot chat explain.
GitHub Copilot Chat explains code in natural language. Image: GitHub

GitHub Copilot Enterprise, customized for business use, is coming in February 2024 at a price of $39 USD per user per month. Compare this to Copilot Business, which costs $19 per month and is available now.

Additional AI features added to GitHub Advanced Security

Three more AI-powered features are coming to GitHubAdvanced Security: code scanning autofix, secret scanning for generic secrets and a regular expression generator.

SEE: GitHub isn’t the only version control and collaboration platform. See GitHub alternatives that are flourishing in 2023. (TechRepublic) 

“Developers need the ability to proactively secure their code right where it’s created,” GitHub VP of product management, Asha Chakrabarty, and director of product marketing at GitHub security lab and platform security, Laura Paine, wrote in a blog post.

Code scanning autofix

Code scanning will now propose AI-generated fixes right in the pull request, enabling developers to instantly fix vulnerabilities while they code; this will lead to faster remediation time. AI-generated fixes can be created for CodeQL, JavaScript and TypeScript alerts. This works by GitHub querying a large language model in the background to find fixes for any new alerts, which are then posted as code suggestions within the pull request.

Autofix is available for code scanning within GitHub Advanced Security now.

Secret scanning

Secret scanning with generative AI, which is now in limited public beta, is designed to reduce false positives that often crop up when searching for possibly active leaked passwords (Figure B).

Figure B

Screenshot of GitHub secret scanning.
Secret scanning alerts users to a password that may have been exposed. Image: GitHub

Regular expression generator

The regular expression generator enhances developers’ options when it comes to secret scanning, letting them create custom patterns with regular expressions created with a few natural-language queries sent to the generative AI. It is designed to make writing regular expressions faster, and enables developers to perform dry runs in real time to make sure everything works before saving the pattern.

Regular expression generation is available now.

More new features in GitHub Advanced Security

Other new features of GitHub Advanced Security include authoring custom patterns with generative AI and a new security overview dashboard. Interested security personnel can join a waitlist for these features.



Source link