GitHub announced on Tuesday that it has secured a licence to allow developers based in Iran to use its full range of services. Prior to procuring the licence, Iranian developers only had limited access to GitHub due to sanctions enforced by the US.
These sanctions prohibit any US company from doing business with anyone in a sanctioned place, GitHub CEO Nat Friedman said in a blog post. GitHub confirmed in mid-2019 that it had restricted accounts based in Iran, Crimea, Cuba, North Korea, and Syria which all face US sanctions, meaning developers from those places were blocked from gaining access to private repositories.
For developers in these sanctioned places, GitHub has only provided limited information about what can be accessed.
"For individual users, who are not otherwise restricted by US economic sanctions, GitHub currently offers limited restricted services to users in these countries and territories. This includes limited access to GitHub public repository services for personal communications only," GitHub said when the blocks were first confirmed.
GitHub also notes on its page about US trade controls that US sanctions apply to its online hosting service, GitHub.com, but its paid-for on-premise software -- aimed at enterprise users -- may be an option for users in those circumstances.
"Users are responsible for ensuring that the content they develop and share on GitHub.com complies with the US export control laws, including the EAR (Export Administration Regulations) and the US International Traffic in Arms Regulations (ITAR)," GitHub says on the page.
With the announcement, at least for developers in Iran, the company will now roll back all restrictions and reinstate full access to affected accounts.
The procurement of the licence took two years, Friedman said, and entailed "a lengthy and intensive process of advocating for broad and open access" to the US Office of Foreign Assets Control.
He added the company would now work with the US government to secure similar licences for developers in Crimea and Syria.
Last month, GitHub rolled out a new security assessment for pull requests called dependency review. The new tool will give developers an overview of which dependencies are added or removed from a project, when they are updated, how many other projects lean on a dependency, along with any vulnerability information associated with them, GitHub said.