After two years at your job, you’re ready for a change. Maybe you want to grow within your current organization. Or maybe you’re seeking employment elsewhere. Whatever your ambition, LinkedIn is your first destination in attaining it. From job listings and networking opportunities to articles and online courses, LinkedIn puts the resources to navigate the ever-changing world of work at your fingertips.
Maintaining a platform used by more than 756 million people is a massive undertaking. LinkedIn employs thousands of developers to build the apps and services that help you excel.
Three years ago LinkedIn’s developers realized they could be more effective. “Our engineers wanted better collaboration tools,” says Senior Technical Program Manager Veronica Sun. “It was the number one most talked about issue in the engineering organization. It had been a while since LinkedIn revamped developer experience, so this was a time for us to revisit that and modernize it.”
Before they began migrating to GitHub, LinkedIn self-hosted their own Git and subversion repositories. Many LinkedIn engineers used GitHub for open source projects or at other positions and knew there were better ways to work. “Our developers have been asking for GitHub for a long time,” says Principal Staff Engineer Jacek Suliga. “But first we had to look at the market and determine what the best fit for the organization would be. We went through a very detailed process of capturing requirements, talking to the customers, and evaluating the workflows.”
After evaluating all the relevant products and services available, LinkedIn decided GitHub Enterprise best fit their use cases. “Usability was one major deciding factor,” Sun says. “Others were extensibility and security.”
“The idea is to create end-to-end workflows, ensuring that developers know exactly what action to take next,” says Joyce Wang, Senior Engineering Manager leading the GitHub migration. “That’s why we’ve been conducting usability studies, we want developers to be able to complete their workflows as fast as possible.”
Switching to GitHub has helped LinkedIn streamline their development process, Suliga says. “We used to need to switch between a lot of different tools when we made the equivalent to pull request,” he says. “There were several tools and processes you needed to check. Now we’ve integrated most of that information into the pull request itself.”
“The idea is that you want your proposed change to ‘fire and forget’,” he continues. “You submit it, CI happens, testing happens, review happens, and if everything is good it should just land in the target branch and you’re done, instead of going back and forth refreshing screens.”
LinkedIn also uses GitHub Advanced Security to run other code scans to improve code quality and reduce risk. “One thing we’re able to do with GitHub is surface information earlier, shifting left so to speak, by automatically running tests to catch bugs and vulnerabilities earlier in the cycle, before things get out into production,” Sun says.
LinkedIn now runs CodeQL static analysis automatically when developers open a pull request, surfacing security issues before they’re merged. “In our old tooling, people would push a change and then have it rejected because validations happened after the push,” Wang says. “Now you can find out shortly after a PR is created if your code change passes the necessary checks. GitHub surfaces all that information much sooner.”
This makes LinkedIn’s code both better and more secure. “It’s much easier to integrate security scans into our pipeline than it was before,” says Senior Staff Information Security Engineer Luke Young. “The previous systems were difficult to integrate with. There was limited static analysis that happened in our review pipeline because it was so hard to make issues visible in a way that was both intuitive and helpful to developers.”
“Developers are used to finding things after the fact, so they’re pleasantly surprised when we catch things early,” Young says. “It’s significantly easier to fix an issue at the time of a pull request, rather than after it’s in production. If it’s in production, you have to make the change, test it, deploy it. It could take a long time, and all the while that vulnerability is out there. It’s better to prevent the problem from being introduced in the first place.”
LinkedIn has written several custom queries and has even contributed some for the Scala framework Play upstream. “We are running many of the base rules, but we’re definitely building out our own library of LinkedIn-specific alerts and concerns,” Young says. “Some are very broad and apply to every product, but others are very specific, looking at particular libraries in specific applications.”
CodeQL has already proven useful in rooting out vulnerabilities through variant analysis. “When people report things through our Bug Bounty program, we use CodeQL to find variants that we might have missed previously or that certainly would have taken a lot more manual effort to uncover,” Young says. “The great thing is that once you find a variant, it’s only a few more steps and now every single PR is checked for that variant so it can’t get introduced again in the future.”
Migrating to GitHub was a big change for LinkedIn. “We had to make sure we got the usability right since teams would have to start using new workflows,” Sun says. “Even if they use GitHub for personal projects, they might have a different experience at LinkedIn because of all of our customizations.”
The team opted to migrate to GitHub in waves. The migration team served as “Wave Zero,” moving their projects to GitHub ahead of anyone else. “Wave One” involved neighboring teams working on internal projects.
Then they moved to “Wave Two,” which included the product teams responsible for the company’s flagship product, LinkedIn.com. “It may seem backwards to migrate the flagship team so early in a migration,” says Wang. “But we learned from previous migration experiences that we should focus on the most difficult use cases. We wanted to provide assisted support to the engineers we onboarded, so we can ensure the platform meets their needs.” LinkedIn now has over 2,900 developers using GitHub Enterprise.
LinkedIn uses lots of custom infrastructure, including built in-house software to power its CI/CD pipeline. In GitHub, they saw something that was not just easy to integrate with, Suliga says, but a platform they could build new things upon. “Our developers couldn’t really build much on top of internal infrastructure before,” Suliga says. “I think because GitHub is an extensible platform, we’re expecting to see them build quite a bit on top of it and integrate more and more of our apps and features. Which will take some work off our shoulders.”
The migration team started by focusing on integrations. “We’re leveraging GitHub’s REST and GraphQL APIs, as well as reacting to webhooks,” Suliga says. “We’re really happy with that experience. The documentation is great.” The company is also exploring using GitHub Actions instead of LinkedIn’s custom CI/CD tools.
These new experiences are being met with enthusiastic support from LinkedIn developers. Wang says satisfaction with GitHub among early adopters is 4.8 out of 5, compared to 3.4 for the previous solution.
“What would have taken an entire quarter in our previous system we can do in two days,” Young says. “My developer experience on GitHub has been awesome.”