How can the newest updates to GitHub Enterprise Server help you and your team commnicate and collaborate better? We spoke with GitHub's Melody Mileski about GitHub Discussions, the new Pull Request File Tree view, Server Statistics, how GitHub is investing in better security for the npm ecosystem, and plans 2FA.

devmio: Thanks for taking the time to answer our questions. GitHub Discussions is now officially available on the GitHub Enterprise Server 3.6. Could you tell us more about GitHub Discussions and what it offers teams? What are some of its most helpful features?

Melody Mileski: GitHub Discussions is a way for teams to collaborate together, no matter what team they are on or where they are located. It enables a dedicated place for team members across the organization to ask questions, share ideas, and build connections with each other - all right next to their code.

Originally built for open source communities, we’ve taken those benefits and turned it into a secure space to host internal conversation and collaborate better together. Some helpful features include highlighting the most helpful answers in a thread, converting discussions into issues, pinning announcements, starting polls, and creating custom categories and labels to organize team conversation.

[GitHub Discussions] enables a dedicated place for team members across the organization to ask questions, share ideas, and build connections with each other - all right next to their code.

devmio: Are there any additional features planned for GitHub Discussions that you can share with us? Is there anything currently in beta? What does the roadmap look like?

Melody Mileski: Discussions are now generally available for GitHub Enterprise Server.

devmio: How can teams use the new Pull Request File Tree view?

Melody Mileski: Teams can use the new Pull Request File Tree view to review large or complex pull requests, making it easier for developers to jump between files and understand the scope of a review more quickly.

devmio: Open source security has been a hot topic lately, especially when it comes to npm packages. What has GitHub done lately to ensure npm packages are safe and secure?

Melody Mileski: As stewards of the npm registry, GitHub is committed to investing in the security of the npm ecosystem. We recently announced a number of enhancements to not only strengthen authentication but also to make 2FA adoption easier for developers – account security is significantly improved by adopting 2FA but if the experience adds too much friction, we can’t expect users to adopt it. Those enhancements include a streamlined login and publishing experience on the npm CLI, the ability to connect GitHub and Twitter accounts, and a new npm CLI command to audit package integrity.

GitHub has also made a commitment to roll out 2FA across GitHub by the end of 2023, in support of securing our user's accounts and the software supply chain.

GitHub has also made a commitment to roll out 2FA across GitHub by the end of 2023, in support of securing our user's accounts and the software supply chain.

devmio: How do audit logs work and how do they help teams remediate security vulnerabilities earlier?

Melody Mileski: Audit logs help security by giving security teams visibility into changes across GitHub, including added or removed users, or changed permissions. GitHub Enterprise Server 3.6 brings the ability to stream audit logs to a dedicated log collection system. With streaming, security teams can be sure they will never lose an audit log event, while using the SIEM systems they’re most comfortable with to conduct investigations, and build real-time threat detection and response. We are emphasizing the importance of protecting your IP and keeping your account and organization compliant. With these features with a heavy focus on security and compliance, audit logs are one of the changes that allow administrators to have more visibility and insight into the account.

With streaming, security teams can be sure they will never lose an audit log event, while using the SIEM systems they’re most comfortable with to conduct investigations, and build real-time threat detection and response.

devmio: Could you tell us more about the newly added Server Statistics? What kind of statistics can it aggregate and show teams?

Melody Mileski: Server Statistics gives you the power of shared data. By adding this new visibility layer, administrators can see how teams and projects across their enterprise are being utilized. Server Statistics collects key aggregate metrics from across server instances. That includes aggregate metrics such as the number of issues, users, commit comments and pull requests - which can be crafted into insights to help companies understand how their teams work, and show the value the company gets from GitHub Enterprise Server.

41 of these metrics are available for administrators to download via their connected GitHub Enterprise Cloud accounts.

devmio: How is data security, data collection, and data retention handled in Server Statistics?

Melody Mileski: We respect your data. GitHub will not transmit these statistics from GitHub Enterprise Server instances unless a customer has configured GitHub Connect and enabled the Server Statistics feature.

GitHub does not collect any personal or user identifiable data via Server Statistics. We also don't collect any GitHub content, such as code, issues, comments, or pull request content. Data retention is in line with GitHub’s privacy policy, and customers can request their data be deleted at any time. Further information about data security and retention for Server Statistics can be found in our documentation.

Only owners of the connected enterprise account or organization on GitHub Enterprise Cloud can access the data.