GitHub Community
GitHub seamlessly enhances IT developers’ coding experience! #28796
Replies: 7 comments 5 replies
This comment was marked as disruptive content.
This comment was marked as disruptive content.
-
|
Sees good let see what happens. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
fvh;av\77 uao44fud] 9u9w |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
This comment was marked as disruptive content.
This comment was marked as disruptive content.
This comment was marked as disruptive content.
This comment was marked as disruptive content.
-
|
/rg[ |
Beta Was this translation helpful? Give feedback.
-
|
感谢您的来信,我会尽快查看的。
|
Beta Was this translation helpful? Give feedback.
-
|
5056160009663539 |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
There is often an expectation that every junior developer, by default, knows about source code management and security analysis of source code at the beginning of their career. But in reality, many developers come from different backgrounds. For instance, I received my campus placement after completing my engineering degree in Electronics and Communication, with basic C++ knowledge. In my university days, I had friends with Computer Science and IT Engineering degrees, but a sizable portion of them had diverse backgrounds, like Mechanical, Civil, Electrical, and even Chemical Engineering, with basic knowledge of popular computer languages, along with a spirit to succeed. We were lucky to have amazing mentors during the early part of our careers, who introduced the difference between coding in isolation vs coding for an enterprise, and I am sure this is the story of millions of developers across the world!
Thinking back to the early days in my career, I wanted to share a few thoughts and questions I had, specifically in the areas where GitHub really shines.
1.) Why do I have to push code to GitHub every time, instead of updating the code in production?
The above question is a classic one that many new developers have on their mind while working in an enterprise. Let's imagine a fictional scenario, where a developer has created an application for an insurance company. Unfortunately, there is a bug in the application and it has resulted in the calculation of a higher premium for automobile insurance. We all are human and errors happen. But the impact of one person’s error can adversely affect millions of families, unless fixed. This is where source code management systems like GitHub come into picture, and can be the greatest resource for developers. GitHub helps identify the changes in each version of your code and passes these versions to others who may be working on said code (ie: Testing teams, DevOps Engineers, Security Engineers) via different stages (like functional tests, performance tests, security tests) before sending them to the production environment. This also ensures that even in the worst case scenarios where you are not available, other members of your team can pitch in and make sure that customers will not pay additional money due to a simple calculation mistake during the code creation!
2.) I am fine with the testing team verifying my code but why is everyone talking about DevSecOps?
Now that you understand the value of GitHub in managing your source code, let's talk about some of the other people you might interact with on a regular basis during your code promotion cycle. Two of the most common are Developers and Testers. However, looking at an even larger landscape of the code cycle, we can consider a couple of other personas you might regularly interact with:
Now the big question is why do we need them? Before discussing the term DevSecOps, let's take a look at each of these roles individually.
DevOps Engineers - You might be more than happy to move your code from a developer environment to production yourself. But in practice, DevOps Engineers ensure that enough checks and balances are in place while moving code to production. They typically do this at scale and in an automated fashion. In areas of critical importance like financial services, telecom, government etc, it is a routine affair to have a third party team handle all the operational aspects with proper governance in place. DevOps Engineering ensures operational stability is maintained during code promotion, by using automated tools like GitHub Actions.
Security Engineers - They make sure that your code is not vulnerable to security breaches. Their main objective is to make sure that the enterprise infrastructure is not compromised due to code vulnerability.
Traditionally the above two roles work in isolation without much collaboration with each other, which has resulted in friction between the teams and loss of productivity in the enterprises. So the world has moved to a more collaborative method of working between the developers; DevOps engineers and Security engineers, making the term DevSecOps popular among IT circles.
3.) If the above concepts and roles are there to help me, why is everyone still asking to fix the code ASAP?
If developers fix the code themselves during the development stage, then overhead costs can be mitigated. Let's assume that you are a developer working in banking software. In your code, you accidentally introduce a bug and during the verification stage, you find and rectify it. You may have done this within minutes or hours.
As shown above, when your bug is moved further towards the right, it requires time and effort from more people to identify and fix said bug. More people working on identifying an issue, means additional accrued costs for things like salary, test execution time in various code promotion stages, associated server running costs, code movement time, etc. Even with all these verification processes, some bugs may still get into production. This may result in breaches and potentially millions of dollars getting lost as part of the breach. This is why enterprises prefer to identify problems early on: dealing with the issue swiftly and quickly, and keeping costs at a minimum.
4.) I understand the need for different checkpoints and the need to fix issues early, but it's affecting my productivity!
This is a common and logical thought; the more people who are involved, the longer it may take. But fear not, let's talk about the productivity part and how GitHub can help you. Yes, in normal cases, productivity may take a hit if the above personas work in isolation.
However, GitHub enables teams to break silos and work collaboratively. It also ensures that security issues are addressed at an earlier stage of the code development cycle, so that the cost of fixing those issues will be automatically reduced. The security testing and remediation steps of GitHub happens in the same workflow that the developer uses to build the code. This means that instead of a productivity roadblock, GitHub acts as a booster to increase productivity and helps developers fix security-related issues during earlier stages of the software development life cycle.
Now that we have solved some of the basic queries which may arise in a new developer’s mind, we would love to hear your thoughts and experiences related to DevSecOps and GitHub. In the next episode of this blog series, we will discover more about GitHub Advanced Security(GHAS) and various elements of GHAS namely code scanning, secret scanning, Dependabot, and Security Overview.
Beta Was this translation helpful? Give feedback.
All reactions