Blog archive

GitHub Beefs up its Enterprise Cred with U2F, LFS, New Tools Directory

GitHub last week announced a new partnership with Yubico to expand its authentication system, unveiled a new directory of integrated applications, and made an extension for large binary files available on all repositories on GitHub.com.

CEO and co-founder Chris Wanstrath made the Yubico partnership announcement at his company's GitHub Universe event in San Francisco on Thursday. Yubico is a co-creator (with Google) of the Universal 2nd Factor (U2F) open authentication standard hosted by the FIDO (Fast IDentity Online) Alliance. U2F relies on USB-like tokens that generate login codes unique to the users and the applications being accessed. Yubicomakes the tokens, and the company's CEO and founder, Stina Ehrensvard, was on-hand at the event to give away about 1,000 of them to attendees.

GitHub isn't the first code-hosting site to support two-factor authentication. Both Google and DropBox have partnered with Yubico, and GitLab announced in May the addition of two-factor authentication to its open-source GitHub alternative. GitHub has, in fact, been using YubiKey internally since December 2014, said GitHub app security engineer Ben Toews in an e-mail, and began using FIDO-approved U2F YubiKeys internally in June 2015.

I talked with Sam Lambert, GitHub's director of systems, during the GitHub Universe event about the Yubico partnership. The decision by DropBox, Google, and others to adopt FIDO U2F publicly, he said, helped to validate that standard. He described the partnership as "hugely important" and explained how GitHub is now encouraging developers who use the popular social coding site to build FIDO U2F support into their own applications.

GitHub Universe is at Pier 70 Warehouse in the San Francisco Industrial District
[Click on image for larger view.] GitHub Universe is at a Pier 70 Warehouse in the San Francisco Industrial District (source: John K. Waters)

GitHub's expansion of its authentication system is likely to do two things: further the adoption of the FIDO U2F standard among developers and make GitHub look more enterprise-friendly. The social coding site claims 11 million registered users and more than 36 million unique visitors every month, so its potential influence is clear. But providing U2F security also means that more enterprise dev teams will be able to convince management that GitHub is a safe place.

"The truth is, we're making great strides in the enterprise," Lambert said. "Look around [the conference] and you'll see GE, John Deere, Ford Motor Company, Pixar, Etsy -- even NASA uses GitHub. Thousands of developers are working on single GitHub Enterprise instances. And there's more to come for the enterprise next year."

GitHub's decision to support the integration of large binary files into Git workflows is another enterprise-friendly move, and one that addresses a well-known weakness. "Distributed version control systems like Git have enabled new and powerful workflows," writes the mysterious Technoweenie on the company's blog, "but they haven't always been practical for versioning large files. Git LFS (Large File Storage) provides an open source extension that replaces large files (video, big datasets, graphics) with text pointers within Git; the contents of the files are stored on remote servers, such as GitHub.com or GitHub Enterprise. Git LFS was actually released to early adopters in April. Version 1.0 is now generally available.

GitHub also unveiled its new Integrations Directory, which showcases a bunch of developer tools that work with GitHub. It's not as enterprise-oriented as the other two announcements, but it's a very cool resource.

"The Integrations Directory exposes a nicely curated set of applications that are really well integrated with GitHub -- some of them with literally one-click functionality added straight through into your organization's application," Lambert said.

As the less mysterious Kyle Daigle writes in another company blog post, the directory is a collection of developer tools that integrate with GitHub and "let you build sophisticated ChatOps workflows, allow you to deploy software directly from your GitHub repositories, and make it easy to track analytics, customer feedback, performance issues, and runtime errors back to a line of code and the context for code changes."

Since it was launched in 2008, GitHub, which is based on the Git distributed version-control system developed by Linux kernel creator Linus Torvalds, has become one of the world's most popular social coding sites. The service has enjoyed endorsements from the likes of the Eclipse Foundation, which allows the hosting of its projects on GitHub to attract new and maturing projects.

Posted by John K. Waters on October 6, 2015