GitHub

GitHub is a web service for hosting and co-developing IT projects. GitHub is positioned by its creators as a social network for developers. As of September 30, 2015, the number of users of the service was 11 million people, and the company's staff was 350 people.

2023:10% staff cut

On February 9, 2023, GitHub, a web service for hosting and co-developing IT projects, announced a change in the work model. As a result of the reorganization, the staff of this site, owned by Microsoft, will be reduced by about 10%.

The changes were announced by Thomas Dohmke, CEO of GitHub. According to him, the company seeks to reduce operating costs, which is especially important in a difficult economic situation. GitHub plans to focus its efforts on the areas that best meet the goals and maximize customer satisfaction.

Sustainable growth is important for any business. Today we announce a number of difficult decisions, including a farewell to some employees and the introduction of new budget adjustments designed to protect the short-term health of our business, as well as provide us with the opportunity to invest in a long-term strategy. I understand that it will be difficult for all of you, and we will approach this period with the utmost respect for every employee, "Domke said.

As of early February 2023, GitHub had about 3,000 employees. Thus, approximately 300 people will be fired. They will receive severance pay and employment support in a new place. In addition, the company will refrain from accepting new specialists. The reorganization also provides for the transition to completely remote work. GitHub will reportedly close all of its offices as the premises lease expires. This is partly due to the fact that many employees already prefer to perform their duties remotely. In addition, closing offices will provide significant cost savings. Another measure aimed at reducing costs was to increase the cycle of updating laptops from three to four years.^[1]

2022

Slack data breach after cyber attack

On December 31, 2022, a corporate messenger Slack reported a hacker attack, as a result of which attackers gained access to some private repositories of the service on GitHub. More. here

Okta sources stolen due to hacking of closed repositories on GitHub

On December 21, 2022, the provider of identification and multifactor authentication solutions Okta reported that its private source code repositories on GitHub were hacked by unknown attackers. Read more here.

"Bookmarks" from the Iranian group

The government-linked Cobalt Mirage group Iran uses malware Drokb for various attacks organizations, USA using GitHub as a Dead Drop cache. This became known on December 12, 2022.

Dead Drop Resolver is an attack technique in which attackers place on legitimate web services content with built-in malicious domains or - IP addresses, trying to hide their intentions. The malicious code does not contain a C&C address -servers instead, the program addresses a post published on a public service and reads a string of characters from it that at first glance seem meaningless. In fact, this is the one encrypted information that serves to activate the next stage of the attack.

Drokbk malware is written in.NET and consists of a dropper and payload. It is used to install a web shell on a compromised server, after which additional tools are deployed during lateral movement.

According to researchers at Secureworks Counter Threat Unit (CTU), Drokbk provides hackers with remote access and an additional attack vector, along with Fast Reverse Proxy (FRP) and Ngrok tunneling tools. Moreover, Drokbk is little understood and can be quietly in the networks of companies right now.

The CTU advises organizations to implement the following protections:

• fix systems with output to, Internet since Cobalt Mirage exploits known vulnerabilities ProxyShell and Log4Shell;
• search for compromise indicators (IOC) to detect possible intrusion by hackers;
• maintain relevance; anti-virus ON
• Deploy EDR- and XDR-based solutions for full network and cloud monitoring.

Secureworks analysts have already faced Cobalt Mirage attacks targeting organizations in,,, and Israel USA. To Europe Australia Then experts noted that Cobalt Mirage created 2 completely different sets of attacks to invade systems. The first set of attacks contains ransomware and legitimate tools - BitLocker and DiskCryptor, and its main goal is to get a ransom. The second set of attacks is used to steal confidential data^[2]

Stealing accounts with fake notifications

On September 26, 2022, it became known that attackers were stealing GitHub accounts by forging notifications from CircleCI. The goal malefactors is to steal credentials data and codes. two-factor authentication

Earlier, GitHub issued a warning about a phishing campaign aimed at stealing user credentials and two-factor authentication (2FA) codes. The start of the campaign became known on September 16, 2022, when users began to receive fake messages allegedly from CircleCI.

Attackers try to deceive the victim in two ways:

• The message says that the user has expired the CircleCI session, and to renew it, you need to log in using the credentials from your GitHub account by clicking on the link attached to the message.
• The message tells the victim about changes in privacy policy and terms of use that must be accepted by clicking on the attached link and logging into the GitHub account.

Both methods lead to the same page, similar to the GitHub login page. It is used by attackers to steal credentials and one-time passwords generated using the Time-based one-time Password (TOTP) algorithm, which allows you to bypass 2FA.

Having gained access, attackers follow one of two scenarios:

• Create personal access tokens (PATs), authorize OAuth applications, and add SSH keys to access victims' accounts even after changing the password;
• Download the contents of private repositories and add other accounts to the organization repository if they have sufficient privileges.

GitHub experts report that they have already reset the passwords of the affected users and notified them of what happened. Accounts created by attackers were removed from corporate repositories^[3].

Wave of forks with malicious changes

GitHub revealed activity in the mass creation of forks and clones of popular projects, with the introduction of malicious changes in copies, including a backdoor. This became known on August 4, 2022. A search by hostname (ovz1.j19544519.pr46m.vps.myjino.ru), which is accessed from malicious code, showed that GitHub has more than 35 thousand changes present in clones and forks of various repositories, including forks of crypto, golang, python, js, bash, docker and k8s projects.

The attack is aimed at the fact that the user will not track the original and will use code from a fork or clone with a slightly different name instead of the repository of the main project. At the beginning of August 2022, GitHub had already removed most of the forks with a malicious insert. Users who come to GitHub from search engines are advised to carefully check the association of the repository with the main project before using the code from it.

The malicious code added sent the contents of the environment variables to an external server with the expectation of stealing tokens to AWS and continuous integration systems. In addition, a backdoor has been integrated into the code, launching shell commands returned after sending a request to the attacker's server. Most malicious changes were added in July 2022, but there are separate repositories in which malicious code has been traced since 2015^[4] has been^[5].

Malicious code in trusted repositories

Trusted GitHub repositories contain malicious code. This became known on July 19, 2022.

Security researchers at Checkmarx have warned of another supply chain attack tactic involving falsifying commit metadata to present GitHub's malicious repositories as trustworthy. This attack method allows an attacker to trick developers into using malicious code.

In the version control system, Gut Comitas are important elements because they capture every change in the document and those who have made changes. Moreover, each commit has a unique hash or identifier.

Researchers have determined that a cybercriminal can change commit metadata to make the repository look older than it actually is. Also, an attacker can deceive developers by promoting repositories as reliable (since they are supported by trusted participants). You can also fake the identity of the committer and attribute the fixation of the genuine GitHub account.

This method of deception is difficult to detect, experts said.

An attacker can get the victim's email ID, which users usually hide in the settings. With certain commands, an attacker can replace the original email address and username with a fake version in the Git CLI command line interface to improve the reputation of the repository.

The user will not be notified that his identity is being used for malicious purposes. To present a project as trusted, a threat actor can include known and respected users in the repository members section and make the project legal and trusted.

To prevent an attack, Checkmarx researchers urged developers to sign their commits and use "Vigilant mode" to ensure optimal code ecosystem security. Vigilant mode displays the status of the commit check, which is a defense against an attack on the supply chain^[6]

Mandatory Two-Factor Authentication Transition Plan

On May 5, 2022, it became known that GitHub is going to transfer all users of the GitHub.com service involved in code development to the mandatory use of two-factor authentication (2FA) by the end of 2023. According to GitHub, cybercriminals gaining access to repositories as a result of account hijacking is one of the most dangerous threats, since in the event of a successful attack, hidden changes to popular products and libraries used as dependencies can be substituted.

This requirement will strengthen the protection of the development process and protect repositories from making malicious changes as a result of leaked credentials, using the same password on a compromised site, hacking the developer's local system, or using social engineering methods. According to GitHub statistics, as of May 2022, only 16.5% of active users of the service use two-factor authentication. By the end of 2023, GitHub intends to ban the ability to send changes without applying two-factor authentication^[7].

Stopping Enterprise Server sales in Russia and expanding sanctions restrictions to other territories

On May 1, 2022, GitHub announced that it had stopped selling Enterprise Server in Russia since April 30 and expanded sanctions restrictions on other territories in the world.

GitHub Enterprise Server and other paid platform services have become unavailable for purchase in countries such as Cuba, Iran, North Korea, Syria, Russia and Belarus. This restriction also applies to Crimea and now the LPR and DPR.

GitHub clarified that it allows restricting access to its public repositories and private services of paid user accounts from countries under sanctions. For example, repositories can be put into read-only mode.

The restrictions for ordinary users from sanctioned territories are that they remain given unlimited access to public repositories of open projects, gist notes and free Action processors, subject to personal use, and not for commercial purposes. Otherwise, user accounts will be restricted.

OpenNet explained that "export USA legislation prohibits the provision of commercial services or services to residents of sanctioned countries that can be used for commercial purposes. At the same time, GitHub applies, as far as possible, a soft legal interpretation of the law (export restrictions do not apply to publicly available ones), open-label software which allows not to restrict the access of users from sanctioned countries to public repositories and does not prohibit personal communications. "

"GitHub continues to ask US regulators to provide an opportunity to give full access to the platform for developers in sanctioned regions such as Syria, Crimea and others, including access to private repositories. GitHub believes that the provision of all services contributes to human progress, international communication and the constant US foreign policy to promote freedom of speech and free dissemination of information, "- summed up GitHub in Comita.

Blocking accounts of Russian companies

On April 15, 2022 American , the web service for hosting IT GitHub projects blocked the accounts of Russian companies: "," "Sberbank and Alfa-Bank some individual developers from Russia. The company linked its actions with Western sanctions.

GitHub, like any company operating in the United States, is forced to comply with the requirements of the authorities and may restrict access to accounts for users who have come under blocking sanctions (SDN-list) or who use GitHub on behalf of the parties who have come under blocking sanctions, the service said in a statement.

Blocking accounts of Russian companies

On April 6, 2022, the US Treasury Department imposed blocking sanctions against Sberbank and Alfa Bank. The sanctions provide for the freezing of bank assets and the introduction of a ban on US citizens and companies from doing business with them. The accounts of Sberbank-Technology, Sberbank-ai-lab, Alfa-laboratory were also blocked.

Researcher Sergei Bobrov, who, according to Cointelegraph, has no ties with any of these firms, said that his account was suspended on April 15, 2022, and then immediately restored. The work account was restored without some projects on it.

Шаблон:Quote 'My GitHub account has been suspended without notice. Perhaps because I am ethnically Russian! GitHub's vision is to be home to all developers, no matter where they reside... ERROR 404!, - said individual developer Vadim Yanitsky (Vadim Yanitsky). After several Russian developers contacted GitHub about the suspension, they received a response explaining the reasons for the suspension of their activities with the addition of a link for which they could appeal. Some blocked users have already received a letter stating that their account can be managed from the sanctions territory, namely from the countries:, Libya,, Myanmar,, Somalia,, South Sudan Sudan Iraq Lebanon Liberia,,,, Burundi, Iran Syria Belarus CAR,,, Kot-d,, DPRK DR Congo Moldova,, Russia Zimbabwe Yemen,,,,,. Also from Cubes Venezuela Serbia Montenegro the regions of the Luhansk People's Republic and the Donetsk People's Republic on. To Ukraine

Blocking the accounts of individual developers raised many questions from the IT community, according to Cointelegraph, especially when the GitHub platform promised to ensure the availability of free open source services for everyone, including developers in Russia.^[8]

Refusal to block Russian developers

GitHub refused to block Russian developers. This became known on March 3, 2022.

Users of the service argued for a week about the need to block Russian users.

GitHub is a home for all developers, wherever they are, the service said in a statement. - We take our duty to follow government decrees extremely seriously to ensure that our users and customers will not be restricted in their work. This includes protecting open cooperation and the free flow of information in our interconnected community to support communications, humanitarian action and the organization of change.

During the discussion of possible blocking, one party insisted that the highest value is freedom of access, and blocking will not bring tangible results, and sanctions and incitement to hatred do not contribute to the establishment of peace. Their opponents said that Russian developers should be forced to extreme measures, while blocking the service in any case would not cause a humanitarian catastrophe.

Github services are prohibited in, To the Crimea,,, and To Cuba Iran. North Korea Syria For Iran, GitHub is licensed by the Office of Foreign Assets Control U.S. Treasury Department (OFAC) to provide services to cloudy developers who are or otherwise reside in this. to the country GitHub, Cloud services both free and paid, is also mainly available to developers based in Cuba. GitHub^[9]

2021

A fine of 1 million rubles for refusing to remove content prohibited in the Russian Federation

On December 23, 2021, the Moscow Magistrate's Court fined GitHub 1 million rubles for refusing to remove content prohibited by Russian law. This is the first such punishment of a service for joint software development in the Russian Federation.

"GitHub Inc." was found guilty of committing an administrative offense under Part 2 of Article 13.41 of the Administrative Code of the Russian Federation ("Failure by the owner of the site of information if the obligation to remove such information is provided for by the legislation of the Russian Federation").

GitHub first fined in Russia for refusing to remove prohibited content

In accordance with the law, the fine for each administrative case on the basis of the protocol Roskomnadzor in this case can be from 800 thousand to 4 million rubles. If a repeated violation is detected, the service may receive a fine under paragraph 4 of Art. 13.41 of the Administrative Code of the Russian Federation, which is already more serious - from 3 to 8 million rubles. In case of non-payment of fines, the department may slow down or block access to GitHub in the Russian Federation. According to the law, GitHub has 60 days to pay a fine from the moment the court's decision on it comes into force.

As previously specified in court, Roskomnadzor's claims against GitHub are related to the publication by the Smart Voting data service and their failure. In September 2021, Roskomnadzor blocked this service, explaining that it is used to continue the activities of the Anti-Corruption Fund (recognized as Russia extremist and banned) and is included in the register of information prohibited in the Russian Federation, transmits Interfax"." Earlier Apple Google , they removed the Smart Voting service from their application stores at the request of Roskomnadzor.

In early December 2021, it was reported that GitHub was threatened with a fine of up to 4 million rubles for non-removal of content banned in Russia. In 2021, Russian and foreign IT companies were issued fines in the total amount of more than 200 million rubles for refusing to remove prohibited content.^[10]

Mikhail Mishustin urged to create an analogue of GitHub in Russia

On September 21, 2021, the head Governments of the Russian Federation Mikhail Mishustin proposed creating a Russian platform for the joint development of IT projects similar to GitHub. Detailed. here

Launch your organization to create Open Source mobile software development tools

In early March 2021, the Linux Foundation launched the Mobile Native Foundation, designed to encourage the creation of open source tools for mobile application development. Read more here.

Resumption of work in Iran and plans to return to Crimea

On January 5, 2021, GitHub announced the complete resumption of work in Iran after blocking the service due to US sanctions. The company obtained appropriate approval from OFAC (Office of Foreign Assets Control, a division of the US Treasury Department responsible for sanctions enforcement).

Thus, GitHub received a license to work with Iranian developers directly from the American government. Now they have access to all GitHub services, both paid and free, although previously they only had access to public repositories. Restrictions have been lifted for both private developers and companies working with GitHub.

GitHub resumed work in Iran and promises the same in Crimea

We were able to demonstrate that the use of GitHub by developers contributes to the progress of humanity, international communication and the constant US foreign policy to promote freedom of speech and the free flow of information, - said the head of GitHub Nat Fridman, commenting on the resumption of the service in Iran.

According to him, the process of restoring full access to the accounts of Iranian programmers will take some time. Fridman added that by early January 2021, GitHub is working to restore service in Syria and Crimea.

We want every developer to be able to work with GitHub, and we are working with the US government to provide similar permissions for developers in Crimea (IT blockade of Crimea) and Syria, Friedman wrote on the official GitHub blog.[11]

Earlier, the United States imposed broad sanctions against several countries, including Iran. These sanctions prohibit any American company from doing business with anyone in a sanctioned country. Those sanctions could also apply to non-U.S. companies whose operations are directly or indirectly linked to the U.S., including simply payments that go through U.S. banks or payment mechanisms like Visa.

2020

GitHub Code Scanning Announcement - Automatic Vulnerability Scanner for Software Developers

In early October 2020, GitHub launched a new feature called GitHub Code Scanning, which automatically finds vulnerabilities in software developer projects. This addition will not only make GitHub's feature set more competitive, but potentially increase the security of the open source ecosystem as a whole. Read more here.

GitHub users are attacked by phishers

On April 18, 2020, it became known that the incident response team (SIRT) of the GitHub platform warned users phishing about a campaign in which attackers steal accounts data through landing pages issued by them as GitHub authorization pages.

During the campaign, called Sawfish, cybercriminals not only hack into other people's accounts, but immediately upload the entire contents of their repositories.

{{quote "If an attacker successfully steals a GitHub user's credentials, he can quickly create access tokens or authorize OAuth applications in order to maintain access to the account in case the user changes his password, SIRT reports. }}

The attack begins with the victim receiving a phishing email, the authors of which try in various ways to force her to click on a malicious link. Some emails report that unauthorized access was obtained to the user account, while others notify about repositories and changes in account settings.

If the victim clicks on the link presented in the letter, she will go to the fake GitHub authorization page, which sends the input credentials to servers controlled by the attackers. If the victim uses the TOTP mobile application, the fake real-time landing page also collects codes for two-factor authentication. That is, even accounts protected by two-factor authentication based on TOTP technology can become victims of the attack. However, accounts protected with hardware keys are not vulnerable to this attack.

The campaign is still ongoing, SIRT reported. Cybercriminals only target active accounts belonging to employees of technology companies around the world. Attackers receive email addresses for sending malicious emails from open GitHub commits.

Phishing emails are sent from legitimate domains ones - either from pre-hacked mail servers, or using stolen API providers service credentials. In email order to hide the URL address of a fake page, attackers use services to reduce links^[12]

The Ministry of Economy decided to allocate 2.1 billion rubles for the creation of an analogue of GitHub

On January 20, 2020, it became known about the proposal of the Ministry of Economic Development to create in Russia an analogue of the world's largest platform for joint software development GitHub. For these purposes, the department plans to spend 2.1 billion rubles.

The creation of a Russian alternative to GitHub is mentioned in the latest version of the federal project "Artificial Intelligence," developed by the Ministry of Economic Development and Sberbank, writes Kommersant. According to the newspaper, the authorities want to create an analogue of the service due to the risk of disconnecting Russia from foreign code stores "due to reputation and sanctions risks."

The proposal of the Ministry of Economic Development to create in Russia an analogue of the world's largest platform for joint software development GitHub

The Ministry of Economic Development confirmed to the publication that the idea of ​ ​ the Russian analogue of GitHub is relevant. According to the ministry, the platform is planned to be used in the creation of open libraries AI as part of the implementation of the national strategy for the development of artificial intelligence until 2030.

It is proposed to copy the most popular programs from foreign open sources to the Russian repository. It follows from the project that the Russian analogue of GitHub may appear by 2021, and by 2024 there should be five such repositories.

According to Alexei Smirnov, General Director of BASEALT, an analogue of GitHub can be useful only if the results of software development are necessarily published in it for budget money, and under an open license. Renat Lashin, executive director of the Domestic Software Association, agrees with this opinion and adds that such a platform would significantly reduce the costs of supporting and developing software, as well as developing new programs due to the possibility of reusing the code.

Andrey Krekhov, Deputy Director for Special Programs at ICL Services, doubts the success of the project. The Russian analogue of GitHub will "resemble the situation when the table was set and decorated, and the guests did not come," he said.^[13]

2019

Github user data in the public domain

On November 24, 2019, it became known that American security researcher Vinny Troia discovered an accessible one database containing more than 4 TB - information a total of 1.2 billion records, including from data the profiles of hundreds of millions of users, and social networks Facebook Twitter LinkedIn Github. More. here

Microsoft printed all the source code of projects with GitHub and hid in the Arctic

In mid-November 2019, it became known that Microsoft printed all the source code of projects with GitHub and hid it in the Arctic in case of the end of the world.

The project includes the monumental Arctic Code Vault. It was placed in a former coal mine on the Svalbard archipelago in the permafrost zone beyond the Arctic Circle. The storage is located at a depth of 250 meters. The data is stored on Piql film coils, the life of which exceeds 1000 years.

In mid-November 2019, it became known that [Microsoft printed all the source code of projects with GitHub and hid in the Arctic in case of the end of the world

You can read the data using a regular magnifying glass, or, for example, a magnifying glass. Now, even if all recording and reading devices on the planet are missing, the archive will help restore the loss of valuable information.

The saved asset includes active public repositories and something from the archives. The collection contains fragments of source code for Linux and Android, programming languages ​ ​ Python, Ruby and Rust, web platforms Node, V8, React and Angular, cryptocurrency software for Bitcoin and Ethereum, AI tools TensorFlow and FastAI, as well as much more.

The sources are uploaded data center to Piql, known as the Arctic World Archive. It also contains historical data from the European Space Agency, Vatican manuscripts, documents, Siemens copies of the Act of Independence Mexico and much more. There is also a Global Seed Repository.

Meanwhile, Microsoft has unveiled Project Silica, a device for ultra-long storage of data in cold conditions that looks like a transparent square piece of glass. In conventional optical discs, information is recorded as an etched and non-etched track area, denoting one or zero. In the new device, the information is encoded by a whole or deformed nanogrid in quartz glass.^[14]

80% of developers on GitHub do not live in the USA

In November 2019, GitHub published an annual report on the results of the service. It turned out that only 20% of developers who use GitHub live in the United States.

For the year to November 2019, 44 million new repositories were created in the service , and the number of developers who created their first repository increased by 44%. Almost 1.4 million users took part in the development and transferred their changes to open source projects.

The number of companies represented on GitHub increased from 2.1 to 2.9 million. And GitHub Enterprise Cloud accounts belong to development teams from 70 different countries. 

More than 3.6 million repositories are associated with dependencies with 50 top open source projects. For example, millions of dependencies have projects such as rails, jest, and axios. The average number of dependencies per repository is 203. The largest number of dependencies was noted for NPM packets (3.5 million), RubyGems (737 thousand), Maven (167 thousand), NuGet (94 thousand) and pip (78 thousand).

The ranking of the fastest growing repositories is headed by: AspNetCore, flutter, vsts-docs, istio, amplify-js, charts and Proton.^[15]

GitHub began blocking developers from countries subject to US sanctions

At the end of July 2019, it became known that the GitHub service began to block developers from countries that fell under US sanctions.

The fact that GitHub disables accounts from regions subject to American sanctions was one of the first to write the ZDNet edition. As an example, journalists cited 21-year-old Russian Anatoly Kashkin, who lives in Crimea. This developer hosts GitHub its site and launcher for Linux, which combines Steam, GOG and Humble Bundle games into one user interface.

GitHub began to restrict access to residents of Crimea and other regions under US sanctions

Kashkin is most worried about his GameHub project, for which there is a certain demand. The developer does not see a better place to host and support GameHub, since thanks to GitHub, users easily find a launcher and just as easily report bugs if they detect them.

According to GitHub, the service restricts services to users in Crimea, Iran, North Korea, Syria, Cuba and other regions that have come under sanctions. Such developers can use the service of joint development of IT projects for personal communications.

GitHub refers to a document that describes measures to control trade. The administration of the service noted that it is subject to American laws and regulates information posted by users in accordance with the US Export Administration Regulations.

GitHub Enterprise Server is a commercial mass market product that has been assigned an export control classification number. And while it can be exported to most destinations without a license, there are exceptions.

Developers from Crimea and Iran massively report that their access to GitHub has been limited. For example, an Iranian user said in his Medium post that his Git repository is disabled and he cannot download his data. The developer hopes that the situation will be resolved, because he liked the service.^[16]

• IT blockade of Crimea
  
• Foreign sanctions against Russian citizens and companies
  
• Sanctions of Ukraine against Russia
  
• US and EU sanctions on Russian oil and gas sector
  
• Sanctions against Huawei
  

We were considered antichrists. Why Microsoft Wanted but Didn't Buy GitHub in 2014

In early June 2019, the head of Microsoft's cloud division, Scott Guthrie, revealed why Microsoft wanted but did not buy GitHub in 2014.

Guthrie understood that at that time Microsoft was simply not ready to acquire a popular web service for hosting IT projects and their joint development. According to Guthrie, the developers of GitHub would simply rebel - many of them saw Microsoft as the No. 1 enemy due to the company's attacks on freely distributed open source software.

Microsoft wanted to acquire GitHub a few years before the deal, but then the company was not ready

The open-source project world rightly considered us an antichrist, says Guthrie. - The developers of such projects did not trust us at all. At the time, Microsoft was still largely focused on software entirely built in-house and owned by the company.

Since then, Microsoft has grown into one of the largest open source software developers and convinced customers to trust applications built with competing tools and programs, as well as the cloud computing service Microsoft Azure. More than 60% of the Microsoft team that develops cloud applications gained a position thanks to their rich experience with programming tools or third-party cloud services.

In June 2018, Guthrie and Microsoft CEO Satya Nadella finally submitted an agreement to acquire GitHub. Despite some outrage in the developer community, the deal did not become a reason for war. Most GitHub users simply continued to post their code on the portal. Microsoft has taken many years to build a benevolent relationship with the open source community, and those efforts haven't gone awry.^[17]

Transfer all Apache projects to GitHub

On April 29, 2019, the Apache Software Foundation, a nonprofit organization considered to be the world's largest open source software development community, announced it was moving all of its projects to GitHub. Read more here.

Private repositories have become available to free users

In January 2019, private repositories on GitHub became available to users who only work with free features. Previously, non-public or non-public projects could be developed only for money.

However, the innovation was adopted with a limitation. Free private repositories can include no more than three members. Thus, the innovation is designed mainly for conducting small personal projects, and not for group development of serious software products. For example, private repositories can be used to conduct non-public experiments before release, to individually conduct closed employer projects, or to work with code that is not subject to disclosure.

GitHub members who use a free tariff plan can create private repositories in unlimited quantities. The limit is set only on the number of users involved in the project.

On GitHub, private repositories have become free

If you need to connect more than three users to the repository, you will have to switch to a paid tariff. At the same time, there is no such restriction in the competing service - GitLab. Thousands of developers migrated to it after the sale of GitHub to Microsoft.

Microsoft explained the introduction of the ability to work with private repositories for free subscribers by the desire of many developers to work on third-party projects without unnecessary problems. At the same time, the company also added new opportunities for corporate subscriptions.

Another innovation on GitHub was the universal GitHub Enterprise tariff, which combined the options of GitHub Enterprise Cloud (formerly known as GitHub Business Cloud) and Enterprise Server (formerly called GitHub Enterprise). Now teams that want the flexibility to use GitHub in a cloud or standalone configuration can access both at the same price.

By the end of 2018, GitHub had more than 100 million repositories. How many of them are private was not specified.^[18]

2018

Thousands of developers switch to GitLab after GitHub sale

In early June 2018, thousands of developers began moving their projects to the GitLab platform with GitHub after the latter was purchased by Microsoft.

The massive migration to GitLab is due to developer concerns that Microsoft may close some third-party open source projects and develop its own developments.

Users transferred more than 40,000 projects to Gitlab amid GitHub and Microsoft deal

However, Microsoft CEO Satya Nadella promised that the company will not impose restrictions on programming languages, technologies and cloud services that developers will use on GitHub. According to Nadella, Microsoft will continue to develop GitHub and leave the platform open.

According to GitLab's own data, the number of new users of the service increased fivefold on June 4, 2018, when Microsoft announced its takeover of GitHub. More than 41 thousand projects were imported to the site, and the number of new projects exceeded 75 thousand.

By the beginning of June 2018, there were about 80 million projects and over 28 million developers on GitHub. The audience of GitLab is not disclosed, the company only talks about "millions" of users.

For 24 hours, there was a real madness. We've seen thousands of developers translating their projects and reporting it on Twitter, "GitLab CEO Sytse Sijbrandij told Reuters.

According to him, since the announcement of the sale of GitHub by June 5, more than 100 thousand projects have been transferred to GitHub, and the number of orders has grown sevenfold.

More than 1,000 tweets quickly appeared online with the hashtag# movingtogitlab, and GitLab offered a 75% discount on its tariff plans to "sweeten" the deal and speed up the transition from GitHub.

Mark Sami, vice president of SPR consulting company, believes that the user base of GitHub will not be significantly reduced, and cited the Yammer service as an example, the audience of which grew significantly after the sale of Microsoft.^[19]

Microsoft buys GitHub for $7.5 billion

On June 4, 2018, Microsoft announced that it had reached an agreement to acquire the GitHub web service, which has an audience of more than 28 million developers as of May 2018. Thanks to the deal, the corporation expects to expand the number of users of its tools and services for developers.

Under the terms of the agreement, the acquisition cost will be $7.5 billion. The deal is expected to close by the end of 2018 after meeting all necessary conditions and receiving regulatory approval.

At the conclusion of the deal, GitHub will continue to operate independently, providing an open platform for developers from a wide variety of industries, according to Microsoft. In addition, developers, as before, will be able to give preference to any programming languages, tools and operating systems when developing their projects.

The CEO of GitHub will be Nat Friedman, Microsoft vice president, founder of Xamarin and an expert in open source solutions. In turn, the current head of GitHub, Chris Wanstrath, will become a Microsoft technician reporting to Executive Vice President Scott Guthrie and will be responsible for developing strategic software development initiatives .

According to Microsoft estimates, the acquisition of GitHub will have an accretive effect on the corporation's non-GAAP operating profit for fiscal 2020.^[20]

The largest DDoS attack in history

In March 2018, it became known about the strongest hacker attack in history, which collapsed GitHub. On the evening of February 28 and the night of March 1, a well-known service for hosting IT projects and their joint development coped with DDoS traffic, which at its peak reached 1.35 Tbit/s. 

The attack was carried out from more than a thousand different autonomous systems through tens of thousands of unique endpoints. The so-called Memcached servers were used. According to the researchers, the implementation of the UDP protocol in such servers is incorrect, and anyone can carry out a large DDoS attack without any problems. 

GitHub survived the most powerful DDoS attack in history, its power reached 1.35 Tbit/s

According to Wired, the DDoS attack lasted more than eight minutes, but its power was apparently the largest of all time - at least among all incidents reported publicly. For comparison, the former largest attack was considered the one that the DNS service provider survived in 2016. Dyn Then a large number of large sites suffered, and the attack power reached 1.2 Tbit/s.

Thus, GitHub got off easily, because the service was not available for only about 10 minutes. The company explained that its IT infrastructure was created with such consideration that it could withstand five times more traffic than in the largest DDoS attack before.

In addition, to mitigate the consequences of the cyber attack, the GitHub administration turned to the startup Akmai Prolexic, which specializes in clearing traffic of "garbage" packets, redirecting them bypassing the attacked service.

According to Hardik Modi, Senior Director of Information Security Development and Threat Response  at Arbor Networks  of NetScout, the use of Memcached does not require addressing huge botnets. GitHub has become the largest target for such attacks, but this may only be the beginning before attacks on other large companies, the expert warns.^[21]

2016: Microsoft's leadership in the popularity of Open Source projects among developers

In September 2016, the developer service ON GitHub published statistics related to the work of the portal for the year. The report noted leadership Microsoft in the number of participants in open projects.

In 2016, Microsoft ranked first in the number of GitHub users participating in Open Source projects of companies. The software giant has 16,419 developer users of the service. In second place in this indicator is Facebook with 15,682 users.

Microsoft ahead of Google and Facebook in popularity of Open Source projects among developers

The top three was 14,059 Docker  developers involved in the company's projects on the GitHub portal. Google The number of such users has reached 12,140 .

According to the head and founder of GitHub, Chris Wanstrath, Microsoft is truly interested in participating in the Open Source community. In an interview with Fortune, Vanstrath noted the following:

In the big one . The NET project involves more people on the outside than people who work for Microsoft.

By September 2016, 5.8 million active users, 331 thousand organizations and 19.4 million repositories were represented in GitHub. Microsoft vscode (Visual Studio Code project repository) ranked sixth in the list of repositories with the highest number of participants (5855). In the first position is Font-Awesome (10,654 developers; Font Awesome project - icon font and CSS toolkit).

Microsoft's commitment to Open Source projects is being pursued as part of a strategy the company calls Microsoft loves Linux. The IT giant is trying to adhere to this principle in everything: in 2016, almost a third of the virtual machines in the Azure cloud run Linux, SQL Server for Linux was released, and.NET source code was opened. Microsoft is actively involved in various Open Source projects, including OpenSSH, FreeBSD, Mesos, Docker, Linux, etc.

GitHub statistics also say that in the 12-month period, the end of which fell on September 2016, Russia ranked fourth in terms of the growth in the number of users of the service - they increased by 74%. The largest rise occurred in China (+ 97%).^[22]

2015: GitHub officially comes to Russia

On November 12, 2015, GitHub's official entry into the Russian market was announced. The partner of this service for hosting IT projects and their joint development in Russia is the distribution company VDEL.

Within the framework of the concluded partnership agreement, VDEL will deal with the technological and commercial development of the GitHub business in such areas as localization, cooperation with technical institutes and universities, technological development for use in government agencies and the introduction of rapid programming methodologies.

Social network for developers GitHub found a partner in Russia

In addition, VDEL will promote a paid corporate product GitHub Enterprise in Russia and the CIS. Thanks to this, the customers of the service will not need to "worry about the latest legislative changes regarding the storage of personal data in Russia," the executive director of VDEL Milan Prohaska told Kommersant.

"We got a strong ally," says GitHub regional manager Marko Berkovic. "Russia is one of the most active countries in Europe in using GitHub to work on open source projects."

Independent mobile application developer Oleg Ovechkin, who uses GitHub mainly to store the code of mobile applications, told the newspaper that he had no idea why the service needed Russian localization, since many developers were used to reading and writing in English.

The head of Postgres Professional Oleg Bartunov explains the appearance of a GitHub representative in Russia as a "political situation." He recalled that GitHub's competitor, the American resource SourceForge , has blocked access to users from Crimea since February 1, 2015 due to US sanctions.

"This may be why GitHub wants to localize. Or they believe that the sanctions will be lifted, "Bartunov said^[23]

Notes