2021. What an interesting year. With the world turned upside down by a pandemic that seemingly had its sights set on...
Why git is Essential
Greeting a new sunrise!
We have all heard me going on at length about how great git is – unsurprising, as NSGit provides direct access to git capabilities to GUARDIAN users, and NSGit is my baby. But sometimes it feels a bit like The Eagle’s epic song: Hotel California. I can never seem to get away from version control systems, no matter how hard I have tried for more than three decades.
But does that make git essential? Is version control the only reason, or even the primary reason, to make git your corporate standard? Is there more to git than preventing you from:
waking you up in the middle of the night
Just to hear them say…
(the system crashed, and we’re in fright!)
The reality of what git contributes to your company is far beyond just version control.
Management in a Good Way
There are so many important management facilities out in the world at large that you might not know where to start. We have artificial intelligence code scanners that detect bugs – we actually use them internally for some of our code; code scanners that identify malware vulnerabilities like buffer overruns and memory reuse threats; object scanners that look for virus patterns that might get introduced accidentally in your pipelines; team performance optimization software that presents seriously amazing graphical summaries of human factors. And none of them run on a NonStop either in GUARDIAN or OSS. So how to you use these for your NonStop code? You move your code into git and then clone the code onto a Linux, Mac, Windows, Cray, or Raspberry Pi4 machine where the code analysis tools run and let them do their magic so you can benefit from their capabilities. You can automate this process flow using any of the cool Continuous Integration (CI) tools on any platform over SSH. Simple. Almost trivial in fact. Not to mention common off the shelf.
We are increasingly putting more open-source code into our applications or integrating with them. Why? Because other people are solving problems we need to solve and putting their solutions out there. Because open-source code is now receiving scrutiny from organizations like NIST that are capturing and managing critical vulnerabilities and exposures (CVEs) and dedicating more resources to finding problems than most of us can afford. And because some components, like OpenSSL, are so pervasive that we need them and writing those components ourselves just does not make sense. But to use these products in our applications and maintain regulatory compliance, whether you are in the financial, insurance, telco, or medical device sectors, means you have to know where changes come from right to the developer’s desk where the change originated – and that means getting your open-source code from git. Taking a snapshot from some tarball is no longer effective and sometimes not permitted; you need to know who made the change and why. And scary as that sounds to all of us (myself included), some OpenSSL code has my name on it. And you need to know that. Your auditors expect you to know the identities of everyone who contributes to your application. And git will show you the way.
Sharing the Proper Way
As we expand the reach of our applications because we invested so much in them over the past decades that we really need to keep benefiting from all the time and money we spent, interfaces to our applications have to be pushed reliably to where they are used, and consistently when they change. git is the path to do that. A key part of git’s core functionality is 100% fidelity code transport from one place to another. Being able to share header files or token definitions between platforms is exceptionally easy with git, so why are we still using FUP DUP or sftp to do things manually when git can do all of that automatically.
The last section of my soapbox comes down to maintaining the integrity of critical definitions, like your tokenization files. Imagine that you have communicating applications where one side tokenizes critical data while another side does not. There’s a potential exposure that you cannot simply ignore. And the implication is that either the application stops working or worse, publishes my credit card number – Please do not use my credit card.
For these compelling reasons, git is more than a version control tool. It is a core part of the critical corporate infrastructure that is no longer optional. It is the means to slay the business-critical problems of reliable deployment, enable malware detection, manage tickets, issues, and projects. Version control is just the candle git has to show you the way to a much broader solution to more effectively managing your development and operations environment and NSGit brings all of these benefits to GUARDIAN.