Open Source Trends Report and New AI Security Products


GitHub Advanced Security good points AI options, and GitHub Copilot now features a chatbot choice. GitHub Copilot Enterprise is anticipated in February 2024.

GitHub Copilot app on smartphone with AI security on background.
Image: Adobe/sdx15

At the GitHub Universe convention held in San Francisco and nearly on Nov. 8 and Nov. 9, 2023, the corporate revealed its new open supply traits report in addition to modifications to GitHub Copilot and AI enhancements for GitHub Advanced Security.

GitHub Copilot and GitHub Advanced Security can be found globally. However, some GitHub providers, together with Copilot, are topic to U.S. commerce controls and should not out there within the sanctioned nations listed right here.

Jump to:

Generative AI is in style amongst open supply initiatives

Open supply generative AI initiatives joined GitHub’s checklist of the highest 10 hottest open supply initiatives by contributor depend in 2023. In 2022, about 17,000 builders on GitHub labored on generative AI initiatives; in 2023, that quantity rocketed to round 60,000. AI initiatives have gotten extra mainstream, GitHub stated.

More organizations are more likely to begin utilizing pre-trained AI fashions sooner or later as builders turn into extra acquainted with them, GitHub predicted.

GitHub discovered builders are more and more utilizing the Git model management system for declarative languages utilizing Git-based infrastructure as code workflows.

The examine additionally discovered higher standardization in cloud deployments and a pointy improve within the price at which builders have been utilizing Dockerfiles and containers, infrastructure-as-code and different cloud-native applied sciences. Use of Hashicorp Configuration Language (HCL), which is an indicator for operations and infrastructure-as-code work, grew 36% year-over-year.

The variety of new builders on GitHub grew by 26%, with India having the fastest-growing inhabitants of builders. GitHub defines a developer as anybody with a non-spam GitHub account.

Commercially-backed open supply initiatives draw consideration

Commercially-backed open supply initiatives had the most important variety of contributions and the most important variety of first-time contributors. The variety of personal initiatives grew 38% yr over yr.

Securing dependencies and branches are in style initiatives

In phrases of safety in open supply, extra builders are turning to automation to safe dependencies, and open supply maintainers are paying shut consideration to defending their branches.

Front-end improvement reveals promise

Front-end improvement is a quickly rising kind of undertaking amongst open-source builders.

GitHub Copilot Chat and GitHub Copilot Enterprise revealed

At GitHub Universe, the corporate introduced GitHub Copilot Chat (Figure A), which is a generative AI assistant that explains code in pure language, and GitHub Copilot Enterprise. GitHub Copilot Chat will likely be out there in December 2023 to prospects with present particular person or organization-wide GitHub Copilot subscriptions.

Figure A

Screenshot of Github Copilot chat explain.
GitHub Copilot Chat explains code in pure language. Image: GitHub

GitHub Copilot Enterprise, custom-made for enterprise use, is coming in February 2024 at a value of $39 USD per person per 30 days. Compare this to Copilot Business, which prices $19 per 30 days and is accessible now.

Additional AI options added to GitHub Advanced Security

Three extra AI-powered options are coming to GitHubAdvanced Security: code scanning autofix, secret scanning for generic secrets and techniques and a daily expression generator.

SEE: GitHub isn’t the one model management and collaboration platform. See GitHub options which can be flourishing in 2023. (TechRepublic) 

“Developers need the ability to proactively secure their code right where it’s created,” GitHub VP of product administration, Asha Chakrabarty, and director of product advertising at GitHub safety lab and platform safety, Laura Paine, wrote in a weblog put up.

Code scanning autofix

Code scanning will now suggest AI-generated fixes proper within the pull request, enabling builders to immediately repair vulnerabilities whereas they code; this may result in sooner remediation time. AI-generated fixes will be created for CodeQL, JavaScript and TypeScript alerts. This works by GitHub querying a big language mannequin within the background to seek out fixes for any new alerts, that are then posted as code strategies throughout the pull request.

Autofix is accessible for code scanning inside GitHub Advanced Security now.

Secret scanning

Secret scanning with generative AI, which is now in restricted public beta, is designed to scale back false positives that usually crop up when trying to find probably lively leaked passwords (Figure B).

Figure B

Screenshot of GitHub secret scanning.
Secret scanning alerts customers to a password that will have been uncovered. Image: GitHub

Regular expression generator

The common expression generator enhances builders’ choices in relation to secret scanning, letting them create customized patterns with common expressions created with a couple of natural-language queries despatched to the generative AI. It is designed to make writing common expressions sooner, and allows builders to carry out dry runs in actual time to verify the whole lot works earlier than saving the sample.

Regular expression era is accessible now.

More new options in GitHub Advanced Security

Other new options of GitHub Advanced Security embrace authoring customized patterns with generative AI and a brand new safety overview dashboard. Interested safety personnel can be a part of a waitlist for these options.


Please enter your comment!
Please enter your name here