GitHub is looking for a software engineer to help improve and expand Dependabot's package ecosystem support. The majority of the work will take place in dependabot-core, a public project that contains the core logic to generate dependency update pull requests. We're looking for someone who's excited by the prospect of working across a variety of programming language ecosystems, and is also interested in curating and managing community contributions.
In 2019, practically all software is built on open-source: from beginners’ hack projects to mission-critical software built by huge enterprises. New versions of dependencies are published every minute, some of them containing critical security patches to keep users’ applications safe and secure, others containing new features, bug fixes, and performance improvements. How do we help our users keep up with the constant flow of updates? Our answer is Dependabot!
Dependabot powers Automated Security Fixes which are being rolled out to all GitHub users, as well as non-security updates for users who want them (currently in beta). Even at < 10% rollout that's a lot of pull requests; Dependabot created more than 3% of all the pull requests merged on GitHub in July.
- Add support for new ecosystems to Dependabot Core.
- Maintain and improve support for existing ecosystems, responding to user feedback and ensuring we’re generating the right updates for our users.
- Drive improvements in the way we construct dependency update pull requests. How could we produce our updates 5x faster than we currently do? How could we make it quicker and easier to add support for more languages in the future?
- Manage contributions from our community both pragmatically and empathetically.
- Significant experience working in Ruby. While dependabot-core handles many programming language ecosystems, the majority of the project is written in Ruby.
- Experience with other programming langauages, and an appetite to work across a diverse range of language ecosystems.
- Strong communication skills. This is particularly important given the community-management aspect of this role.
The Dependabot team is currently distributed across the UK and North America. We expect candidates to be comfortable with working in remote teams, and to be based in North America or Europe to ensure sufficient timezone overlap with other team members.
- Experience managing open source projects. Some of the contributions we receive are excellent but need some help getting over the line. Others don't fit within the scope of the project, and need to be closed down delicately.
- Experience working with package management tools, or software in the dependency management ecosystem.
- Knowledge of Python, PHP, Java, and .NET, and the popular dependency management systems in those ecosystems would be a plus.
- Experience working in remote teams.
Who We Are:
GitHub is the developer company. Over 36 million people use GitHub to build amazing things together across 100 million repositories. We make it easier for developers to be developers: to work together, to solve challenging problems, to create the world’s most important technologies. We foster a collaborative community that can come together—as individuals and in teams—to create the future of software and make a difference in the world.
- Customer Obsessed
- Trust by Default
- Ship to Learn
- Own the Outcome
- Growth Mindset
- Global Product, Global Team
- Anything is Possible
- Practice Kindness
Why You Should Join:
At GitHub, we constantly strive to create an environment that allows our employees (Hubbers) to do the best work of their lives. We've designed one of the coolest workspaces in San Francisco (HQ), where over half of our Hubbers work, snack, and create daily. The other half of our Hubbers work remotely in 18 countries across the globe.
We are also committed to keeping Hubbers healthy, motivated, focused and creative. We've designed our top-notch benefits program with these goals in mind. In a nutshell, we've built a place where we truly love working, we think you will too.
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!
Please note that benefits vary by country, if you have any questions, please don't hesitate to ask your Talent Partner.