We announced the public beta of the open source, Electron-built version of GitHub Desktop a year ago, giving the GitHub community a unified GitHub experience for macOS and Windows. With every release, including the version 1.0 in September 2017, we’ve seen more people using GitHub Desktop to improve their workflows. Less than six months after 1.0 was released, more Desktop users were using the Electron-based version than both the classic versions for Mac and Windows combined.
Since its initial release, we’ve added more features to GitHub Desktop, including support for additional external editors, syntax highlighting support for additional languages, support for adding co-authors to commits, and the ability to view and checkout pull requests from collaborators or forks. Many of these new features were contributions from the open source community.
Starting today, if you’re still using the classic app, you’ll see in-app notifications suggesting an upgrade to the new GitHub Desktop with information on what’s changed. If you are still using GitHub for Mac or GitHub for Windows, or if you’ve never used our desktop apps, try out the new GitHub Desktop.
By December 1 and shortly after we launched, over 450,000 identified vulnerabilities were resolved by repository owners either removing the dependency or changing to a secure version. Since then, our rate of vulnerabilities resolved in the first seven days of detection has been about 30 percent. Additionally, 15 percent of alerts are dismissed within seven days—that means nearly half of all alerts are responded to within a week. Of the remaining alerts that are unaddressed or unresolved, the majority belong to repositories that have not had a contribution in the last 90 days.
In other words, for almost all repositories with recent contributions, we see maintainers patching vulnerabilities in fewer than seven days. With the recent launch of our regular vulnerability digest emails, we’re working to make this even easier for maintainers and security teams.
Security alerts are opening the door to new ways we can improve code checking and generation by combining publicly available data with GitHub’s unique data set. And this is just the beginning—we’ve got more ways to help you keep code safer on the way!
Last year, GitHub brought 24 million people from almost 200 countries together to code better and build bigger. From frameworks to data visualizations across more than 25 million repositories, you were busy in 2017—and the activity is picking up even more this year. With 2018 well underway, we’re using contributor, visitor, and star activity to identify some trends in open source projects for the year ahead.
Some of the projects that experienced the largest growth in activity were focused on cross-platform or web development. For example, Angular/angular-cli had 2.2 times more contributors in 2017 than in 2016. You contributed more, visited more often, and starred projects related to Angular/Angular, Facebook/React, and Electron/Electron. These projects simplify the development process, shortening the time from start to deployment across desktop and mobile platforms.
You’ve also been rallying around deep learning projects. Across multiple industries, artificial intelligence is solving a host of complex and interesting problems. You’ve helped drive that interest by upping your contributions to and visits to projects like Keras-team/Keras and Mozilla/DeepSpeech. TensorFlow/TensorFlow had 2.2 times more visits in 2017 than in 2016, and TensowFlow/models had 5.5 times more visits!
How did we discover these trends? We looked at three different types of activity. First, we identified the top 100 projects that had at least 2,000 contributors in 2016 and experienced the largest increase in contributors in 2017. We also identified the top 100 projects that received the largest increase in visits to the project’s repo in 2017. Finally, we identified the top 100 projects that received the most new stars in 2017. Combining these lists, we categorized projects into broad communities and looked at the communities that were the most represented at the top of the lists.
We were impressed with the range of creative projects that emerged. You scratched the itch to keep track of your favorite NBA teams from the command line while you code, and you still found time to create an Android app for journalists and activists to securely monitor their homes and offices. Well done!
If you’d like to see a lot more data covering what the GitHub community was up to from September 2016 through September 2017 including the most forked projects, the most social projects, and the most reviewed projects, check out the report we released at Universe: The State of the Octoverse.
You can also see who top contributors to open source in 2017 were in Felipe Hoffa’s analysis on Medium.
And head over to our redesigned Explore experience to find the latest project collections and trending topics on GitHub.
Whether your projects are private or public, security alerts get vital vulnerability information to the right people on your team.
Enable your dependency graph
Public repositories will automatically have your dependency graph and security alerts enabled. For private repositories, you’ll need to opt in to security alerts in your repository settings or by allowing access in the Dependency graph section of your repository’s Insights tab.
Set notification preferences
When your dependency graph is enabled, admins will receive security alerts by default. Admins can also add teams or individuals as recipients for security alerts in the dependency graph settings.
Respond to alerts
When we notify you about a potential vulnerability, we’ll highlight any dependencies that we recommend updating. If a known safe version exists, we’ll select one using machine learning and publicly available data, and include it in our suggestion.
Vulnerabilities that have CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) will be included in security alerts. However, not all vulnerabilities have CVE IDs—even many publicly disclosed vulnerabilities don’t have them. We’ll continue to get better at identifying vulnerabilities as our security data grows. For more help managing security issues, check out our security partners in the GitHub Marketplace.
Earlier this year, we launched topics, a new feature that lets you tag repositories with descriptive words or phrases. Topics help you create connections between similar GitHub projects and explore them by type, technology, and other characteristics they have in common.
All public repositories show topic suggestions, so you can quickly tag repositories with relevant words and phrases. These suggestions are the result of some exciting data science work—in particular, a topic extraction framework based on text mining, natural language processing, and machine learning called repo-topix.
Now when you add or reject topics, you’re doing more than keeping projects organized. Every topic will contribute to surfacing connections and inspiring discovery across GitHub. Repository names, descriptions, and READMEs from millions of public projects serve as the very start of an ever-evolving knowledge graph of concepts. Eventually, the graph will map how these concepts relate to each other and to the code, people, and projects on GitHub.
Topics is part of a greater effort to use our public data to make meaningful improvements to how people discover, interact, and build on GitHub. We’ll be sharing more ways that data can improve the way you work at Universe—our flagship product and community conference.