GitHub has published a public roadmap, offering users a glimpse of what to expect from the popular code-sharing platform in the coming months. New capabilities in the works range from code scanning to workflow and security enhancements.
The GitHub roadmap covers a multitude of release phases, ranging from alpha to general availability, for feature areas including planning, code-to-cloud devops, collaboration, security and compliance, client applications, repos, pull requests, and gists. Timelines are included, with the first marking the current quarter of this year.
Some features noted in the GitHub roadmap include code scanning for the cloud, with GitHub’s CodeQL semantic code analysis engine. Analysis results will be shown in the repository and pull request experiences. This improvement is slated to appear this quarter.
Other offerings include Codespaces, providing instant dev environments hosted in the cloud, leveraging Microsoft’s Visual Studio Code editor. Developers will be able to get up and running quicker, reducing time-to-first-commit. Enterprises gain secure, cloud-hosted environments to maintain code in the cloud. Codespaces are due to be generally availability in the fourth quarter of 2020.
Meanwhile, GitHub Actions on GitHub Private Instances, due in the first quarter of 2021, bring GitHub workflow capabilities to GitHub Private Instances.
Delving deeper, dependabot security updates, due in the first quarter of 2021, promise to keep projects secure by opening pull requests that update dependencies to a non-vulnerable version. This extends the security updates to Enterprise Server.
Furthermore, GitHub Enterprise Server support for Google Cloud Storage is also on offer, in which Google Cloud can be a blob storage provider for Actions on Enterprise Server. This feature is listed as a future capability with no target date yet cited.
Rounding off the new features is PHP dependency management support for GitHub Packages, via the Composer PHP dependency manager. GitHub Packages users will be able to publish public and private packages within their organisations. This capability is slated as a future improvement, with no date for delivery yet.