Code: Code Repositories
Code: Code Repository Tool Guidance
A code repository tool is a third-party software tool that enhances a basic code version control system. EPA uses a variety of code repository tools to store code when developing and collaborating with internal and external teams, including:
While all three code repository tools offer similar code storage functionality (e.g., storage, change and bug tracking, etc.), EPA’s implementation of each tool provides specific functionality that may or may not be useful for your code development project.
The following provides descriptions of each tool’s capabilities as implemented at EPA as well as guidance to help inform the decision on which code repository tool to use to support development and collaboration on code development projects.
Bitbucket is best suited for private, internal collaboration among EPA development teams including credentialed contractors. It is intended to be used as the repository to store Agency-owned source code or a backup location for any applications released in the EPA production environment.
Other considerations to be aware of about Bitbucket include:
- Integrates seamlessly with the other tools in the Atlassian suite such as JIRA and Confluence. Bitbucket works with JIRA and Confluence to locate code errors and has branch permissions to ensure the appropriate team members can correct errors and make changes to your code.
- Is hosted at the Agency’s National Computer Center (NCC) inside the firewall and has all the security approvals and failover capabilities built-in so users do not need to worry about security reviews when using Bitbucket.
GitHub is best suited for collaborating with outside stakeholders and Agency partners (e.g., public, universities, contractors) especially other agencies that use GitHub. GitHub is the best space for projects that use open-source code, crowdsource, and citizen science code development. GitHub is made for public code sharing and has a similar implementation to that of social media to facilitate sharing and dissemination of EPA code development projects. EPA uses GitHub Enterprise Cloud.
Other considerations to be aware of about GitHub include:
- Is a cloud hosted software as a service with its own ATO managed by OMS. OMS manages the services, but responsibility is federated down to Org Owners in each program and region to manage their own users and repositories.
- Is used as the primary source for open-source code at EPA. GitHub is used as the definitive source for EPA’s publicly available open-source code that is reported to code.gov in compliance with Federal Source Code Policy
GitLab is used as a DevSecOps service (DSOaaS) offered by OMS/OITO/EHD. GitLab was implemented as a Continuous Integration/Continuous Delivery (CI/CD) service for application development and deployment. GitLab and its integrations make it easy to automate software workflows throughout the development and deployment processes. Developers can develop, build, scan, deploy and monitor code right from GitLab using the robust integrations.
Other considerations to be aware of about GitLab include:
- It integrates with the container image scanning tool Prisma Cloud Compute and the application scanning tool Netsparker.
- Is included in the National Hosting System (NHS) ATO and is hosted in the Agency’s instance of AWS.
Key Considerations when Choosing a Code Repository Tool
While EPA offers multiple code repository tools, they all offer similar functionality as code storage tools. Developers often choose repository tools based on what they are comfortable with or have used in the past. However, when considering code repository tools for your project, teams might consider a variety of different factors including:
- Source Code Storage
- Code development strategy – centralized versus distributed
- Collaboration – external versus internal
- Team size
- Project size – (e.g., scientific algorithm or SDWIS)
- Type of service – self versus managed
- Supported version control systems
- Release schedule
- External tools and integrations
- Data Storage
Licensing and Other Costs
Bitbucket is currently available at no cost, though JIRA and Confluence do require license. For free private collaboration, Bitbucket should be used. Visit the Atlassian Intranet site (Internal) for more information.
GitHub requires licenses for private repository use and administrative functions, but most users do not require a license. For free public collaboration, GitHub should be used. GitHub Enterprise licenses are purchased through the agency’s Microsoft Blanket Purchase Agreement (Internal).
GitLab does require a license and the DSOaaS offering is available on eBusiness (Internal).