{"id":8773,"date":"2017-03-31T09:05:37","date_gmt":"2017-03-31T09:05:37","guid":{"rendered":"http:\/\/www.devopsonline.co.uk\/?p=8773"},"modified":"2017-03-31T09:05:37","modified_gmt":"2017-03-31T09:05:37","slug":"netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application","status":"publish","type":"post","link":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/","title":{"rendered":"Netflix open sources ChatOps tool for GitHub management and user focused security web application"},"content":{"rendered":"
Netflix has announced two large projects that have been open sourced in 2017 so far.<\/p>\n
Writing in the streaming service\u2019s tech blog<\/a>, senior engineers Michael Grima, Andrew Spyker and Jason Chan, introduced HubCommander<\/a>, a ChatOps tool for GitHub management.<\/p>\n Netflix uses GitHub extensively for both open source and internal projects. The engineering team at Netflix highlighted some key challenges, particularly related to user management.<\/p>\n \u201cManagement of many users on GitHub can be a challenge without tooling. We needed to provide enhanced security capabilities while maintaining developer agility.\u201d<\/p>\n \u201cTo reduce complexity, we enforce a consistent permissions model across all of our organizations. This allows us to develop tools to simplify and streamline our GitHub organization administration.\u201d<\/p>\n The Netflix approach leverages ChatOps, which utilises chat applications for performing operational tasks.<\/p>\n Increasingly popular amongst developers, ChatOps leverages chat tools that are ubiquitous, provide a single context for what actions occurred when and by whom, and also provide an effective means to provide self-serviceability to developers.<\/p>\n Security is paramount for Netflix, and the company follows a permissions model that applies the principle of least privilege, but is still open enough so that developers can obtain the access they need and move fast.<\/p>\n \u201cWhile we permit our developers to have write access to all of our repositories, we do not directly permit them to create, delete, or change repository visibility.\u201d<\/p>\n Additionally, all developers are required to have multi-factor authentication enabled. All of our developers on GitHub have their IDs linked in our internal employee tracking system, and GitHub membership to our organizations is removed when employees leave the company automatically (we have scripts to automate this).\u201d<\/p>\n Netflix also enables third-party application restrictions on its organisations to only allow specific third party GitHub applications access to its repositories.<\/p>\n \u201cIf you\u2019d like to extend these features, we\u2019d love contributions to our repository on GitHub<\/a>,\u201d the Netlix engineers said.<\/p>\nWhy ChatOps?<\/h2>\n
Security in GitHub organisations<\/h2>\n
Contributions from the developer community<\/h2>\n
Stethoscope, Netflix\u2019s first project following a user focused security approach<\/h2>\n