{"id":8773,"date":"2017-03-31T09:05:37","date_gmt":"2017-03-31T09:05:37","guid":{"rendered":"http:\/\/www.devopsonline.co.uk\/?p=8773"},"modified":"2017-03-31T09:05:37","modified_gmt":"2017-03-31T09:05:37","slug":"netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application","status":"publish","type":"post","link":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/","title":{"rendered":"Netflix open sources ChatOps tool for GitHub management and user focused security web application"},"content":{"rendered":"<p>Netflix has announced two large projects that have been open sourced in 2017 so far.<\/p>\n<h2>New ChatOps tool<\/h2>\n<p>Writing in the streaming service\u2019s <a href=\"http:\/\/techblog.netflix.com\/\">tech blog<\/a>, senior engineers Michael Grima, Andrew Spyker and Jason Chan, introduced <a href=\"http:\/\/techblog.netflix.com\/2017\/02\/introducing-hubcommander.html\">HubCommander<\/a>, a ChatOps tool for GitHub management.<\/p>\n<p>Netflix uses GitHub extensively for both open source and internal projects. The engineering team at Netflix highlighted some key challenges, particularly related to user management.<\/p>\n<p>\u201cManagement of many users on GitHub can be a challenge without tooling. We needed to provide enhanced security capabilities while maintaining developer agility.\u201d<\/p>\n<p>\u201cTo reduce complexity, we enforce a consistent permissions model across all of our organizations. This allows us to develop tools to simplify and streamline our GitHub organization administration.\u201d<\/p>\n<h2>Why ChatOps?<\/h2>\n<p>The Netflix approach leverages ChatOps, which utilises chat applications for performing operational tasks.<\/p>\n<p>Increasingly popular amongst developers, ChatOps leverages chat tools that are ubiquitous, provide a single context for what actions occurred when and by whom, and also provide an effective means to provide self-serviceability to developers.<\/p>\n<h2>Security in GitHub organisations<\/h2>\n<p>Security is paramount for Netflix, and the company follows a permissions model that applies the principle of least privilege, but is still open enough so that developers can obtain the access they need and move fast.<\/p>\n<p>\u201cWhile we permit our developers to have write access to all of our repositories, we do not directly permit them to create, delete, or change repository visibility.\u201d<\/p>\n<p>Additionally, all developers are required to have multi-factor authentication enabled. All of our developers on GitHub have their IDs linked in our internal employee tracking system, and GitHub membership to our organizations is removed when employees leave the company automatically (we have scripts to automate this).\u201d<\/p>\n<p>Netflix also enables third-party application restrictions on its organisations to only allow specific third party GitHub applications access to its repositories.<\/p>\n<h2>Contributions from the developer community<\/h2>\n<p>\u201cIf you\u2019d like to extend these features, we\u2019d love contributions to our <a href=\"https:\/\/github.com\/Netflix\/hubcommander\">repository on GitHub<\/a>,\u201d the Netlix engineers said.<\/p>\n<h2>Stethoscope, Netflix\u2019s first project following a user focused security approach<\/h2>\n<p>In another <a href=\"http:\/\/techblog.netflix.com\/2017\/02\/introducing-netflix-stethoscope.html\">blog post<\/a>, Jason Chan, Director of Engineering &#8211; Cloud Security at Netflix, discusses the open sourcing of Stethoscope, a web application that collects information for a given user\u2019s devices and gives them clear and specific recommendations for securing their systems.<\/p>\n<p>\u201cThe notion of \u2018User Focused Security\u2019 acknowledges that attacks against corporate users (e.g., phishing, malware) are the primary mechanism leading to security incidents and data breaches, and it\u2019s one of the core principles driving our approach to corporate information security. It\u2019s also reflective of our philosophy that tools are only effective when they consider the true context of people\u2019s work,\u201d Chan said.<\/p>\n<h2>Education, not automatic enforcement<\/h2>\n<p>The reasoning behind Stethoscope is primarily education\u00a0and helping employees stay safe from phishing, malware, and other exploits on personal devices \u2013 outside of Netflix\u2019s direct control.<\/p>\n<p>\u201cIf they fall for a phishing attack on their personal laptop, that may be the first step in an attack on our systems here at Netflix,\u201d Chan said.<\/p>\n<p>&nbsp;<\/p>\n<p>Edited from sources by <a href=\"https:\/\/plus.google.com\/u\/0\/115822809293912579733\/posts\">Cecilia Rehn<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Netflix has announced two large projects that have been open sourced in 2017 so far. New ChatOps tool Writing in the streaming service\u2019s tech blog, senior engineers Michael Grima, Andrew Spyker and Jason Chan, introduced HubCommander, a ChatOps tool for GitHub management. Netflix uses GitHub extensively for both open source and internal projects. The engineering&#8230;<\/p>\n","protected":false},"author":123458,"featured_media":8774,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","pmpro_default_level":"","footnotes":""},"categories":[1],"tags":[512,70,658,524,999,1000,112],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Netflix open sources ChatOps tool for GitHub management and user focused security web application - DevOps Online North America<\/title>\n<meta name=\"description\" content=\"Netflix has announced two large projects that have been open sourced in 2017 so far.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Netflix open sources ChatOps tool for GitHub management and user focused security web application - DevOps Online North America\" \/>\n<meta property=\"og:description\" content=\"Netflix has announced two large projects that have been open sourced in 2017 so far.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/\" \/>\n<meta property=\"og:site_name\" content=\"DevOps Online North America\" \/>\n<meta property=\"article:published_time\" content=\"2017-03-31T09:05:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/03\/netflix-code.png\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Yashesh Patel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@DevOpsAmerica\" \/>\n<meta name=\"twitter:site\" content=\"@DevOpsAmerica\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Yashesh Patel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/\"},\"author\":{\"name\":\"Yashesh Patel\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/person\/1183cef5fa13624c55f3faf81f391435\"},\"headline\":\"Netflix open sources ChatOps tool for GitHub management and user focused security web application\",\"datePublished\":\"2017-03-31T09:05:37+00:00\",\"dateModified\":\"2017-03-31T09:05:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/\"},\"wordCount\":527,\"publisher\":{\"@id\":\"https:\/\/devopsnews.online\/#organization\"},\"image\":{\"@id\":\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/03\/netflix-code.png\",\"keywords\":[\"ChatOps\",\"Cloud\",\"Github\",\"malware\",\"Netflix\",\"phishing\",\"security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/\",\"url\":\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/\",\"name\":\"Netflix open sources ChatOps tool for GitHub management and user focused security web application - DevOps Online North America\",\"isPartOf\":{\"@id\":\"https:\/\/devopsnews.online\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/03\/netflix-code.png\",\"datePublished\":\"2017-03-31T09:05:37+00:00\",\"dateModified\":\"2017-03-31T09:05:37+00:00\",\"description\":\"Netflix has announced two large projects that have been open sourced in 2017 so far.\",\"breadcrumb\":{\"@id\":\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#primaryimage\",\"url\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/03\/netflix-code.png\",\"contentUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/03\/netflix-code.png\",\"width\":640,\"height\":400,\"caption\":\"netflix open source\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devopsnews.online\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Netflix open sources ChatOps tool for GitHub management and user focused security web application\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devopsnews.online\/#website\",\"url\":\"https:\/\/devopsnews.online\/\",\"name\":\"DevOps Online North America\",\"description\":\"by 31 Media Ltd.\",\"publisher\":{\"@id\":\"https:\/\/devopsnews.online\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devopsnews.online\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/devopsnews.online\/#organization\",\"name\":\"DevOps Online North America\",\"url\":\"https:\/\/devopsnews.online\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png\",\"contentUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png\",\"width\":198,\"height\":64,\"caption\":\"DevOps Online North America\"},\"image\":{\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/DevOpsAmerica\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/person\/1183cef5fa13624c55f3faf81f391435\",\"name\":\"Yashesh Patel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7133dcc024275e35cf81ef202ce76441?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7133dcc024275e35cf81ef202ce76441?s=96&d=mm&r=g\",\"caption\":\"Yashesh Patel\"},\"sameAs\":[\"https:\/\/devopsnews.online\"],\"url\":\"https:\/\/devopsnews.online\/author\/yashesh-patel\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Netflix open sources ChatOps tool for GitHub management and user focused security web application - DevOps Online North America","description":"Netflix has announced two large projects that have been open sourced in 2017 so far.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/","og_locale":"en_US","og_type":"article","og_title":"Netflix open sources ChatOps tool for GitHub management and user focused security web application - DevOps Online North America","og_description":"Netflix has announced two large projects that have been open sourced in 2017 so far.","og_url":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/","og_site_name":"DevOps Online North America","article_published_time":"2017-03-31T09:05:37+00:00","og_image":[{"width":640,"height":400,"url":"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/03\/netflix-code.png","type":"image\/png"}],"author":"Yashesh Patel","twitter_card":"summary_large_image","twitter_creator":"@DevOpsAmerica","twitter_site":"@DevOpsAmerica","twitter_misc":{"Written by":"Yashesh Patel","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#article","isPartOf":{"@id":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/"},"author":{"name":"Yashesh Patel","@id":"https:\/\/devopsnews.online\/#\/schema\/person\/1183cef5fa13624c55f3faf81f391435"},"headline":"Netflix open sources ChatOps tool for GitHub management and user focused security web application","datePublished":"2017-03-31T09:05:37+00:00","dateModified":"2017-03-31T09:05:37+00:00","mainEntityOfPage":{"@id":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/"},"wordCount":527,"publisher":{"@id":"https:\/\/devopsnews.online\/#organization"},"image":{"@id":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#primaryimage"},"thumbnailUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/03\/netflix-code.png","keywords":["ChatOps","Cloud","Github","malware","Netflix","phishing","security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/","url":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/","name":"Netflix open sources ChatOps tool for GitHub management and user focused security web application - DevOps Online North America","isPartOf":{"@id":"https:\/\/devopsnews.online\/#website"},"primaryImageOfPage":{"@id":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#primaryimage"},"image":{"@id":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#primaryimage"},"thumbnailUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/03\/netflix-code.png","datePublished":"2017-03-31T09:05:37+00:00","dateModified":"2017-03-31T09:05:37+00:00","description":"Netflix has announced two large projects that have been open sourced in 2017 so far.","breadcrumb":{"@id":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#primaryimage","url":"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/03\/netflix-code.png","contentUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2017\/03\/netflix-code.png","width":640,"height":400,"caption":"netflix open source"},{"@type":"BreadcrumbList","@id":"https:\/\/devopsnews.online\/netflix-open-sources-chatops-tool-github-management-user-focused-security-web-application\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devopsnews.online\/"},{"@type":"ListItem","position":2,"name":"Netflix open sources ChatOps tool for GitHub management and user focused security web application"}]},{"@type":"WebSite","@id":"https:\/\/devopsnews.online\/#website","url":"https:\/\/devopsnews.online\/","name":"DevOps Online North America","description":"by 31 Media Ltd.","publisher":{"@id":"https:\/\/devopsnews.online\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devopsnews.online\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/devopsnews.online\/#organization","name":"DevOps Online North America","url":"https:\/\/devopsnews.online\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/","url":"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png","contentUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png","width":198,"height":64,"caption":"DevOps Online North America"},"image":{"@id":"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/DevOpsAmerica"]},{"@type":"Person","@id":"https:\/\/devopsnews.online\/#\/schema\/person\/1183cef5fa13624c55f3faf81f391435","name":"Yashesh Patel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devopsnews.online\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7133dcc024275e35cf81ef202ce76441?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7133dcc024275e35cf81ef202ce76441?s=96&d=mm&r=g","caption":"Yashesh Patel"},"sameAs":["https:\/\/devopsnews.online"],"url":"https:\/\/devopsnews.online\/author\/yashesh-patel\/"}]}},"_links":{"self":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/posts\/8773"}],"collection":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/users\/123458"}],"replies":[{"embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/comments?post=8773"}],"version-history":[{"count":0,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/posts\/8773\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/media\/8774"}],"wp:attachment":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/media?parent=8773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/categories?post=8773"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/tags?post=8773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}