At RhodeCode, we’ve built the world’s most secure version control system for enterprises and I am the creator of the RhodeCode project. As co-founder of the company RhodeCode I helped to make the project available and ready for production deployments in enterprises. All that started in 2010 as I first came up with the idea for RhodeCode while working inside an enterprise and it spread from then through many other enterprises I was working helping with a sophisticated version control system. As time passed, my architectural philosophy diverged from other companies. Many other people make great distributed version control system (DVCS) tools, but I decided to really focus on the enterprise and build best enterprise tool I could. Part of that meant building the most secure tool available.
I’ll explain five things I learned that you need to prepare for as your enterprise DVCS scales. Regardless of what system you use, these lessons will help you prepare for scale before problems erupt and later hit you in the face.
Scale
Scaling for the production of hundreds or thousands of developers is key in a typical enterprise so we designed RhodeCode Enterprise 3 for tens of thousands of users and thousands of repositories. To keep things secure at scale, we added IP restrictions and permission delegation to apply security policies to teams or even groups of teams without compromise.
Fine-grained control
The administrators for an enterprise DVCS need fine-grained control over security and permission levels for each employee. This is usually required by company guidelines in order to keep in compliance with regulations to protect valuable intellectual property. Also the integration with existing authentication systems is important to avoid manual work across multiple systems. Everything needs to be synced for a secure version control system.
Compliance reports
Enterprises require compliance audits and need to secure thousands of repositories under a single view to build compliance reports. RhodeCode Enterprise 3 provides full audit logs and permission reports that enable you to see detailed access controls for every user. Although there is no standard for DCVS compliance like Sarbanes-Oxley, each company will have their own guidelines. For example, in electronics companies, it is common to have policies where certain developers are not allowed to touch certain functions in a code base. For accountability, the company may require that only one person at a time have access to a key function. Anything outside of this
needed to be recorded in a report. Secure version control comes is a mix of compliance, strict permissions and secure workflows.
Search
RhodeCode Enterprise 3 can search through large numbers of users for specific information. For example, you can search for a specific user and show what he and she did last month or in any timeframe you specify. RhodeCode Enterprise 3 also has full text search. You can easily search all your commit messages and files. More and more, companies are requiring full text search for auditing purposes. For example, they may search for certain functions and where the functions are used.
Notification
Enterprises require a highly flexible notification system. For example, if a user changes a protected section of code, an alert needs to be automatically sent to a supervisor. Notifications also need to be able to trigger automated processes. For example, if an employee is moved into another group, permissions need to be changed for the duration of the project and then changed back to a more restrictive set when they leave the group.
It's universal
I encourage you to plan for these five requirements of an enterprise DVCS. Regardless of whether you use Git, Mercurial, Subversion, Rational or another version control system, these are issues you’ll need to address as your company scales or you move up in your career to bigger and bigger responsibilities. You can create your own tools for many of these features yourself. Of course, I hope that you’ll choose to learn from my hard-earned lessons, download RhodeCode Enterprise 3 for free, use it in your enterprise, and go back to creating astonishing products.