Bulletproof, Military Grade Security – Visualizing the Access Control Mechanisms of Your SCM Solution

Who-can-access-What

Why visualize? Access control is probably not the most sexy or intuitive part of any SCM (source code management) solution. However, understanding how access control mechanisms work is crucial for any enterprise that has to protect its intellectual property. What makes things tricky is that any SCM solution on the planet claims to have proper, powerful, “military grade”, “bulletproof” access controls in place. Looking at the specifics, there are huge differences that can give you a competitive business advantage (or disadvantage). A framework that helps you to visualize the differences in the fine print is a way better approach to …

Read More »

Feature Hat-trick: Three new Git features for TeamForge in a week

hattrick

The rule of three The rule of three also seems to apply to new TeamForge Git features. Last week, I blogged about the top three Git features coming with the new TeamForge 8.0 release.  In the same post, I already announced that another three Git features will be released immediately after the launch, so let’s inspect how this hat-trick looks like.   1. Assign an entire TeamForge Team to a Code Review with One click TeamForge 8.0 introduced teams as a native concept. If you like to add all team members to a Gerrit change (Git Code Review) at once, you can …

Read More »

Top 3 Git Features coming in TeamForge 8.0

gerritlogo

CollabNet just released TeamForge 8.0 and with it some significant new features for our Git/Gerrit integration. Without further ado, let’s have a look into the top three. Define Git permissions globally: Site-wide role support for Gerrit As described in detail in my previous blog post, TeamForge project roles control access to all tools integrated in your development process, no matter whether you use Git, Subversion or both, how many servers you use or what your favorite issue tracker is. What happens if you like to define permissions across TeamForge projects on a global basis? Let’s say you have a group …

Read More »

Enterprise Open Source Git and ALM Merging – Share Your Views with Our Git Survey

We’ve all gone to Target to buy something cheap, right?  Pretty traditional – lots of racks of clothes and cashiers, right?  Well, Target, like the rest of the world, is changing.  Last month, they acquired a Pittsburgh software company in order to bring “an Amazon-like shopping experience” to in-store customers. The product uses mobile technology, location data, and machine learning to connect a retailer’s app to the in-store shopping experience, and it uses the store’s layout and product locations to deliver customized recommendations and messaging to customers. Has Target shifted from a retail company to a software company? Absolutely. Gone …

Read More »

Scaling Compliance with Git: What Your PCI-DSS Guy Will Not Tell You, Part 3

I would like to continue exploring the PCI-DSS 3.0 requirements and their relevance for Git administration. Development tools and processes were not in the focus of the PCI-DSS 3.0 before, but in the 3.0 version of the standard, there are some implications. In my previous two blog posts I shared a story of my friend who is currently exploring the possibility of migrating from Subversion to Git and is in the process of understanding the impact of PCI-DSS on their SCM technology choice and the project scope. As their project progressed, they found that what they initially thought to be …

Read More »

Exploring Task-based CI with SVN and Git

CI is frequently implemented as a dev process and not tied to the rest of the software development life cycle, resulting in a lack of real time visibility across all stakeholders at the project level.  Simply moving CI away from an isolated dev discipline is difficult, let alone scaling CI across an enterprise. One major challenge is achieving the high frequency of integrations while tying the CI process to the business needs and ensuring functional completeness, such as features that span multiple builds. Other challenges in scaling CI are governance and Ops.  CI tooling and adoption is often driven at …

Read More »

Unexpected Pitfalls of CI/CD Automation: What Your PCI-DSS Guy Will Not Tell You, Part 2

As I promised in my last blog post, I would like to continue the topic of PCI-DSS 3.0, which has been in effect since January 2014. As the January 2015 deadline for meeting the 3.0 requirements rapidly approaches, many companies are working to address areas of the standard that were somewhat neglected in the 2.0 version, such as development tools and processes. It is important to continue developing a better understanding of the standard and its effect on use of development technologies in highly regulated industries. Let’s take a closer look at additional PCI-DSS 3.0 requirements. In my last blog …

Read More »

Migrating from Subversion to Git: What Your PCI-DSS Guy Will Not Tell You, Part 1

It is the time of the year when consumers begin to open their wallets. Retail and credit card processing industries are busily preparing their systems to handle the projected volume of credit card transactions leading up to Black Friday through the New Year.  It is no wonder IT folks are now revisiting their compliance with the infamous PCI-DSS (Payment Card Industry Data Security Standard) to ensure that their companies develop and store code dealing with credit cards in a secure way. If you are not familiar with PCI-DSS, in a nutshell, is a rigorous set of standards for protecting cardholder …

Read More »

Considering a Migration from ClearCase to Git, Gerrit or Subversion?

Git

Open Source Software offers compelling benefits, including affordability, security & stability, speed of innovation and flexibility.  This especially is evident with OSS source code management software such as Git and Subversion. In this Webinar we will provide a proven framework to guide your decision – when to move, and if OSS is the right answer. We will present a proven path for migration from ClearCase or other proprietary SCM systems that has helped over 30,000 users to make the switch. This webinar will present an actionable strategy, covering the phases of discovery and planning, and  a practical guide for the …

Read More »

Summary of the first Berlin Gerrit Hackathon

Hacking the Gerrit

Between 8th and 12th of September 2014, first Berlin based Gerrit Hackathon took place. It was joined effort of CollabNet, Elego and Aservo to host it. Our event attracted 16 people from various companies, including four Gerrit maintainers. Here is full list of participants: Dave Borowitz (maintainer) (Google), David Pursehouse (maintainer) (Sony Mobile), Saša Živkov (maintainer) (SAP), Edwin Kempin (maintainer) (SAP), Sven Selberg (Sony Mobile), Gustaf Lundh (Sony Mobile), Khai Do (OpenStack / IBM), Christian Aistleitner (Individual), David Ostrovsky (Individual), Deniz Türkoglu (Spotify), Carlos Martín Nieto (Elego), Eryk Szymanski (CollabNet), Jacek Centkowski (CollabNet), Johannes Nicolai (CollabNet), Dharmesh Sheta (CollabNet), Dariusz …

Read More »