If software is the cornerstone of the era of digital intelligence, then source code is the soul of the era of digital intelligence. All software consists of (compiled) source code. Therefore, to a certain extent, the source code is the core digital asset of a modern enterprise. How to manage the source code safely and efficiently is one of the things that every modern enterprise manager needs to consider.

The so-called source code management is mainly to track and version control source code changes, so that developers can collaborate around a set of source codes, avoid overwriting other people's codes, and at the same time perform security audits on all changes. With the acceleration of the digital transformation of enterprises in recent years, the market for source code hosting has also increased. According to the source code management software market analysis report given by Acumen, the size of the source code hosting market in 2021 is $611.2 M, and by 2030, this market will soar to $1,289.4 M, and from 2022 to 2030, this The compound annual growth rate (CAGR) of the market is 8.7% .

Therefore, creating a single trusted source code hosting platform can not only lay a solid foundation for the digital transformation of enterprises, but also "take a share" of this sufficiently large market.

What elements should be included in a single source of truth hosting platform

A mature and stable single trusted source code hosting platform should contain three main factors: security, efficiency, and convenience .

Safety

Security is at the heart of a source code hosting platform. The loss of source code will directly bring economic losses to the enterprise. For example, if the code of the core product is obtained by competitors due to leakage, similar products may enter the market, thereby intensifying competition; or the leakage of the code will cause customers’ concerns ( In case the code is obtained by illegal organizations, find the loopholes in it, and attack customers), serious cases may lead to the loss of customers. Therefore, security is the key element to be considered first when building a source code hosting platform.

The security of the source code hosting platform is a three-dimensional protection security system: the platform itself is safe, it can guarantee the security of the hosting code, and the application built from the source code is safe.

➤ The security of the platform itself

First of all, it is necessary to ensure that the platform is safe, because the platform is the base, and the security of the base can ensure the security of the managed code.

This requires the R&D team of the platform to pay enough attention to security, and requires a dedicated security team to constantly dig out the security issues of the platform itself, and then perform timely patch repairs. This process may require some other processes to cooperate, such as a complete release process (preferably automated), so that releases can be made frequently (including official versions and security patches); a transparent notification process, when a security problem is discovered , in addition to the need for quick repair, it is also necessary to notify the corresponding users (or customers) in time to remind users (or customers) to perform patch repairs in time to avoid major security risks.

In addition, the platform also needs to have a complete and highly secure account management system, such as multi-factor authentication, password complexity and other security functions commonly used in the industry, and perform security checks on the login and use of the platform.

➤ Managed code security

Second, the security of the managed code needs to be guaranteed, which is the core of the source code hosting platform.

Generally speaking, the source code is hosted and managed based on the project (Project or Repo) as the basic unit, and projects can also be further combined to simplify hosting and management. In this process, it is necessary to follow the principle of least privilege to conduct fine-grained permission management on managed code to ensure that only authorized users can perform specific operations (such as reading, writing, etc.) on authorized resources.

In addition, it is necessary to implement corresponding security controls for project branches, code submissions, etc. This can not only effectively prevent unsafe code from being merged into the warehouse and prevent code explosion, but also help the team build a secure coding process and build a safe team Culture; security event auditing, for example, anyone should keep an audit log for any operation on the code warehouse, so that security auditors can audit and trace related events.

➤ Application security built from source code

Finally, it is also necessary to ensure that the applications built by managed code are safe, because the built applications need to be delivered to users (or customers), which is the most valuable link.

Therefore, the source code hosting platform is not only a code storage warehouse, but also should have some application security testing capabilities, such as traditional SAST, DAST, etc. In this way, multiple built-in security testing methods can be used to mine as many potential security risks in the code as possible, reduce the attack surface of the application after it goes online, and improve the overall security.

In short, a safe and reliable source code hosting platform needs to have multiple security protection capabilities, and finally build a three-dimensional protection system to truly ensure the security of the hosted source code. This is the core mission of Single Trusted Source Code Hosting Platform.

efficient

The source code hosting platform is to facilitate R&D personnel to complete software research and development through collaboration, so efficiency has become a factor that has to be considered, especially as the scale of R&D personnel expands, and even when R&D personnel collaborate across regions and time zones, efficient Collaboration is the key to software development. The efficiency here should also be multi-dimensional.

➤ Efficient code warehouse management

The organizational structure of an enterprise is often a tree structure, and as the scale of the enterprise expands and the number of product lines increases, there will be more levels in the tree structure. In this case, there will inevitably be a large number of code warehouses, and how to effectively manage a large number of code warehouses becomes particularly important. This is not only related to efficient collaboration within the team, between teams, and even between departments, but also has a major impact on the establishment of a security system, such as the authority management of code warehouses, user authority management, etc.

Therefore, whether the source code hosting platform can map the management of the code warehouse with the organizational structure of the enterprise or the product line structure, and can perform refined authority management is an effective means for the efficient management of the code warehouse.

➤ Efficiency of code pull and push

Code pull and push are the two most basic operations closely related to R&D personnel, and their experience is also the most test of R&D personnel's mind. Especially when the code warehouse reaches GB or more than a dozen GB, if the experience of pulling the code (clone) is very poor (for example, the network speed is poor, such as too many operators, resulting in slow response of the code hosting server, etc.), it may cause R&D personnel are unwilling to frequently pull codes to keep the local warehouse consistent with the remote warehouse. In this case, if the code is pushed to the remote warehouse, it is very easy to cause conflicts.

In addition, branch management (creation, merging, deletion, etc.) is also an important means to improve collaboration efficiency when the branch development model is commonly practiced.

➤ Efficiency of code on-line production

The source code is just a bunch of static content, and its real value (for users or customers) is to turn it into a running application, that is, from source code to online, from static to dynamic, this process is Involving source code management, construction, testing, deployment, etc., if you want to efficiently implement the entire process, the best way is to simplify these steps or processes with automation, and this is what is often called CI/CD now.

Therefore, a mature source code hosting platform should have some built-in CI/CD capabilities, or at least have the ability to integrate with third-party tools to achieve CI/CD. This will not only enable developers to quickly see the effect of code changes after submitting the code and determine whether it meets expectations, but also enable rapid software delivery from idea to production, making "fail fast, fix fast, feedback fast" truly Landing practice can also truly realize the sensitive development and delivery of modern software.

convenient

The convenience here should have multiple meanings:

➤ Convenient installation and configuration

For users, simple installation and convenient configuration can greatly reduce the threshold for using the source code hosting platform. For example, users can download the corresponding installation package on the official website (according to OS, version requirements, etc.), and then complete the installation with one click. If the configuration needs to be modified in later use, the simple reload function can be used to update the changes in a short time after the modification, thereby avoiding long-term impact on the business.

➤ Easy to learn and use

Ease of use of the platform is also very important. This includes not only the user-friendly experience of the platform interface, but also detailed documentation. When users first log in to the platform interface, they only need to simply explore (such as clicking the page button) to understand the main functions of the platform. And if users want to learn in depth, the platform should have detailed documentation, which introduces the use of all the functions of the platform, so that users can learn and practice while following the documentation. These conveniences will greatly reduce the user's learning and use costs, greatly improve the user experience, and easily expand the user community.

➤ Convenience of ecological integration

The source code hosting platform should have some extended functions, such as the ability to integrate with third-party tools, so as to create some ecology based on source code. The most typical example is DevOps, which is popular now. The source code needs to go through automated construction, testing, security scanning, and finally deployed to the production environment and delivered to users (this is what the legendary CI/CD does). The whole process requires the cooperation of multiple tool chains, and these tool chains are developed around the source code or other binary files generated from the source code, which requires so many tool chains to be highly integrated with the source code hosting platform, and then Facilitate process automation, data visualization, etc. And this kind of integration is often realized through API, which means that the source code hosting platform needs to have rich APIs to help build a rich software delivery ecosystem.

Simplify complexity: the advantages of Jihu GitLab's single trusted source code hosting platform

GitLab is a well-known open source source code hosting software. It has been 12 years since the first line of code was written in 2011, and it continues to maintain the frequency of monthly releases, with a large number of updates each time Functions related to source code hosting have developed into a source code hosting platform that is easy to use, safe and efficient, with more than 30 million users worldwide.

As the distribution version of GitLab in China, Jihu GitLab is another version of GitLab (referred to as JH version) except CE and EE. It mainly focuses on providing first-class source code hosting products and services for domestic users. At the same time, Jihu GitLab complies with the best concept of the open source community: upstream first and upstream GitLab conduct open source collaboration to ensure that the latest functions of the upstream are followed at all times, and at the same time contribute the needs of many domestic users to the upstream, benefiting global users.

Jihu GitLab is completely open source and open, with a complete source code hosting function, which is safe, efficient and convenient.

Security of GitLab

Jihu GitLab is a "default security" source code hosting product. Its security has both depth and breadth, and it has built a defense-in-depth system. Moreover, many security functions are built-in and ready-to-use out of the box, without user integration or installation of third-party products, and can be used simply by opening them.

In the relevant evaluations by Gartner and Forrester, GitLab's security capabilities are in the leading position.

The Efficiency of Jihu GitLab

The efficiency of Jihu GitLab is mainly reflected in the following aspects:

➤ Efficient management of code warehouse

Jifox GitLab uses Group to organize and manage projects/warehouses. Groups can realize multi-level nesting, which realizes the mapping between the organizational structure level and the code warehouse hosting level, making code warehouse management clear and simple. It is also possible to map organizational personnel information and project members to complete role-based access control, so that only the corresponding personnel of the corresponding department can have specific operation authority for the code warehouse of the department.

In addition, some configurations can be made on the project, such as prohibiting certain files from being pushed to the warehouse (such as zip, pdf, war, etc.), and limiting the size of the files pushed to the warehouse (such as those above 1M cannot be pushed), these can It effectively prevents the code warehouse from bursting and facilitates the continuous maintenance of the warehouse.

➤ Efficient multi-person cross-regional collaboration

Jihu GitLab also has a high-availability architecture. For organizations of different sizes, different high-availability architectures can be installed and configured to meet the collaboration of hundreds, thousands, or even tens of thousands of people. This leads to poor platform usage efficiency and experience. At the same time, in order to solve the problem of efficient collaboration between cross-regional (especially multinational) teams, GitLab's unique GEO architecture not only allows cross-regional teams to experience the same Git-related operating experience (clone, pull, push, etc.) ), can also realize disaster recovery backup of data.

In addition, with the help of GitLab's flexible branch management, the branch-based R&D model can be implemented, allowing multiple people to collaborate based on the same set of code, avoiding code conflicts, preventing main branches from being blocked, and further improving R&D efficiency.

➤ The efficiency of code quality improvement

Code Review is an important means to improve the quality of source code and build an enterprise quality built-in culture. Jihu GitLab's Code Review can assign multiple reviewers to each MR, and can directly embed some data in CI/CD Pipeline, such as code specification scan, test report, security scan and other reports, into MR to provide code review Personnel provide data support, speed up the review of code changes, and shorten the MR merger cycle. At the same time, you can customize some code access rules to further improve the code access threshold, such as code coverage check, security access, multi-person approval, etc. On the premise of ensuring code quality, these functions have also greatly improved the efficiency of research and development.

The Convenience of Jifox GitLab

The convenience of Jihu GitLab is also reflected in the following aspects:

➤ Simple installation and configuration

Jihu GitLab provides SaaS and privatized deployment. Since Jihu GitLab itself is open source and open, its privatized deployment not only supports multiple installation methods, such as installation packages, container images, cloud native, etc., but each method is very Simple, almost "one-click" installation, the whole process does not need to contact the GitLab team of Jihu, you can obtain the corresponding installation package, container image, Helm Chart or Operator, etc. on the official website, and build it within a few minutes according to your own situation Create an available Jifox GitLab instance. And this simple installation method is also one of the key elements for Jihu GitLab to gain a large number of users.

➤ Quick start, low learning cost

Jihu GitLab is a standardized product. There are no obscure features in the product. Users of any level can quickly get started with the features they want to use. If you have doubts about the use of certain features, you can directly refer to the official documents for details. to practice learning.

If you want to migrate from other similar products, the official also provides many migration tutorials, and you can complete the migration of the code warehouse in just a few simple steps.

➤ Easy integration and easy innovation

Jihu GitLab has rich API functions, all of which are open source and open, and the use of each API is described in detailed documents. Users can integrate Jihu GitLab with other tools based on open APIs to create a richer ecosystem and further improve the efficiency of software development (such as integrating Jenkins to implement CI/CD, integrating Slack to implement ChatOps, etc.). More importantly, users can use these APIs to build some new applications (such as grabbing data submitted by some codes for analysis and then providing data support for improving R&D efficiency, such as integrating with some IM tools, creating ChatOps, and realizing work flow automation, etc.), making innovation easy.

Of course, Jihu GitLab is not only a source code hosting platform, but also extends project management, CI/CD, DevSecOps, ChatOps, GitOps and other functions around the source code platform. These out-of-the-box functions not only It greatly simplifies the user's installation and operation of the tool chain, saves a lot of time and labor costs, and maximizes the value of the source code. From the user side, it greatly improves the research and development efficiency and accelerates the software release; from the user ( or customers) side, see the value of the product faster and achieve a win-win situation.

How to Build a Single Source of Trust Hosting Platform

foreword