In the complex and rapidly evolving landscape of financial services, when it comes to accessing Open  Source Git repositories, large enterprises are increasingly facing the challenge of navigating the tightrope of maintaining robust security and compliance without sacrificing operational efficiency.  This is where the Git Proxy Project from FINOS, Citi and RBC emerges as a game-changer, offering an Open Source solution tailored to meet these stringent requirements. 

NatWest Group Taking First Git Proxy Steps

Git Proxy stands out as an innovative tool designed specifically for organisations like NatWest Group that require secure and efficient access to Open Source Git repositories while adhering to strict security protocols and regulatory standards. It serves as an intermediary layer between the users and the Git repositories, ensuring that all operations comply with the necessary security measures and compliance requirements. This approach not only enhances security but also streamlines workflow efficiency, making it a valuable asset for financial services enterprises. 

"NatWest's engineering approach is driving modern tooling, rapid customer value and a collaborative culture - like most organisations we are built on and proud to contribute to Open  Source projects. Our Open Source group are making it easier for our talented engineers to share,  build and collaborate with others across industries in a safe and controlled way whilst allowing us to  recognise and celebrate those individuals.", Declan O'Gorman, Head of Enterprise Engineering,  Natwest Group 

At its core, Git Proxy is built with a developer-first mindset, focusing on minimising friction and maximising productivity. It stands out by providing custom push protections and policies directly on top of Git, offering a highly configurable framework tailored to meet the unique workflow, security needs, and risk appetites of the engineering teams of large enterprises. 

By acting as a proxy in the Git communication, in case of compliance or security issues, it relays simple, straightforward remediation instructions directly to the CLI/Terminal. This approach ensures that developers can remain focused on what truly matters: committing and pushing code securely and efficiently. 

"Allowing NatWest engineers to access and collaborate on Open Source projects safely is essential for evolving NatWest's Digital X engineering efficiency and reuse strategy.  

NatWest is leveraging Git Proxy and our FINOS partnership to run an accelerated proof of concept to determine if Git Proxy can provide a joined up Open Source engineering experience for our teams",  James McLeod, NatWest Open Source Program Lead. 

By integrating seamlessly with existing Git environments, Git Proxy empowers teams to maintain their speed and agility while ensuring that every code push aligns with their organisation's security and compliance standards.

sequenceDiagram 

 actor Developer 

 Developer->>+Git Server: git clone 

Developer->>Workstation: git remote add proxy <proxy-server>  Developer->>+Git Proxy: git push proxy 

 Git Proxy-->>-Developer: Failed license check 

Developer->>Workstation: git commit -m 'fix license issue'  Developer->>+Git Proxy: git push 

 Git Proxy-->>-Git Server: Approved

Source: Git Proxy repository


The Open Source Challenge in Large Banks

Large enterprise banks, like NatWest Group, grapple with several security and compliance challenges  when contributing to Open Source Git repositories: 

• Compliance: Understanding and enforcing appropriate use of Open Source licences.
• Intellectual Property Protection: Ensuring the confidentiality and integrity of proprietary code and information. 
• Access Control: Managing and monitoring access to Open Source repositories from inside the organisation. 
• Audit Trails: Maintaining comprehensive logs for all Git operations to support auditing and compliance verification. 
• Security Vulnerabilities: Protecting against potential security threats that could exploit Git operations.

Git Proxy aims to address some of these challenges by providing a controlled and secure environment for Git operations, thereby ensuring that enterprises like NatWest can meet their security and compliance obligations effectively.

Benefits and Applications of Git Proxy

The adoption of Git Proxy brings several benefits to large enterprises, particularly in the financial services sector. The project represents a significant advancement in the realm of Open Source Git repository management and this is why NatWest is excited to evaluate the project for a wider rollout across their engineering teams.  

"By integrating Git Proxy's push protections and policies directly into the Git workflow, NatWest engineers can collaborate and adopt industry best practices whilst giving back to the global FOSS engineering community.  

This is a big step forward for NatWest and our engineering reuse, excellence and collaboration culture", Miklos Sagi, NatWest Lead Principal Engineer, Identity Services. 

By addressing specific security and legal challenges, NatWest is looking forward to enhancing our operational efficiency whilst maintaining strict security and regulatory standards.  

As the industry continues to evolve, Open Source tools like Git Proxy will play a crucial role in shaping the future of secure and efficient Open Source Git repository management in banks. 

Get involved:

• Read the Git Proxy docs
• Visit the FINOS project, check out the roadmap and open issues on GitHub
• Join the FINOS bi-weekly Monday meeting (soon to be public; for now, email help@finos.org to get invited)

Article by Miklos Sagi, NatWest Lead Principal Engineer. 

Edited by James McLeod, NatWest Open Source Program Lead.

Interested in this FINOS open source project, or any of our other projects? Click the link below to see how to get involved in the FINOS Community.