"We love Visual Studio Code because it's so easy to use," says Aleixo. "It's lightweight, it's open-source, and it's the most powerful IDE available for coding in Python. Best of all, it's extensible. We use a lot of Visual Studio code extensions for developing in Python—for example, to detect coding errors and help us work more quickly."
Adds Resplande, "I didn't use Visual Studio Code before I joined Mr. Turing last year. When I joined the company, everybody told me ‘Use Visual Studio Code… you're going to love it.' I started using Visual Studio Code a year ago and now I'm addicted. It's the future."
Source code resides in GitHub Enterprise, which also hosts the company's CI/CD pipeline. Within that pipeline, the company is using GitHub Actions for automation—including deployment to Azure. "We need to keep our code safe, and GitHub lets us lock it down against unauthorized access," says Aleixo. "We're using GitHub Actions to create automated pipelines that we can run to test our code quality and perform other tasks that we need to repeat every time a change is made."
Moving forward, Aleixo plans to adopt GitHub Advanced Security to create a modern ‘DevSecOps' environment that puts security front-and-center throughout the software supply chain. Security scans performed by GitHub Advanced Security include:
- Code scanning - searching for potential vulnerabilities and coding errors, such as vulnerability to a SQL injection attack. These scans are powered by CodeQL, an industry-leading semantic code analysis engine developed by GitHub.
- Secret scanning - checking for keys, tokens, and other secrets that may have been checked into a repo.
- Dependency review - showing the full impact of changes to dependencies and the details of any vulnerable versions—including automated fixes to many vulnerable dependencies. (Dependency review also covers open source, as described in this article.)
"We use a lot of open-source packages, so we need to follow each version of each package to make sure that we don't install any malicious code," says Aleixo. "Having such automated security checks baked-into our workflows will be a huge benefit; we're planning to use all that GitHub Advanced Security has to offer."
Together, the combination of Visual Studio Code and GitHub provide a powerful collaboration tool-set for developers at Mr. Turing—including features like integrated pull requests, commenting, and issue tracking from within Visual Studio Code. "I love how it lets me do everything I need to do remotely, which is important because I live 300 miles away from our office," says Resplande. "Half of our developers live in other states within Brazil, and we can still function as a single team, collaboratively edit documents, and more."
Developers' favorite feature, however, is GitHub Copilot, an AI assistant that helps them work faster by providing suggestions for code completion. Powered by Codex, the powerful new GPT-3 based machine learning model from OpenAI, GitHub Copilot is trained on billions of lines of public code and is accessed via an extension for Visual Studio Code. In addition to its autocomplete features, GitHub Copilot helps developers convert comments to code, can produce long repetitive code patterns given a few examples, can suggest tests to match code, and can even provide multiple options for developers to evaluate.
"As a startup, we need to work quickly," says Aleixo. "GitHub Copilot not only helps us write code faster, but it also helps us ensure code quality. It's the best coding assistant I've ever seen."