Skip to main content

Repositories

Article covering source and artifact repositories.

Artifact Repository

For a financial services firm, the importance of hosting an artifact repository manager such as JFrog Artifactory or Sonatype's Nexus inside the firm's firewall cannot be overstated.

These tools serve as critical components in the firm's software development lifecycle, enabling secure, efficient management and storage of binary artifacts, dependencies, and build artifacts.

By situating these repositories internally, the firm significantly enhances its cybersecurity posture.

Having an internal repository:

  • Accelerates development workflows - the repository acts as a local cache for dependencies.
  • Reduces external dependencies - code can be built entirely within the firm's network.
  • Minimizes downtime - as developers are not relying on third-party infrastructure such as npmjs.com or Maven Central.

Source Repository

In a financial services organization developing software, source control is essential. Here are some reasons why:

  • Tracks Changes: Keeps a record of who changed what and when in the software, making it easier to find and fix mistakes.
  • Improves Teamwork: Allows many developers to work on the same project without messing up each other's work.
  • Reduces Errors: Helps prevent mix-ups in the code that can cause big problems, saving time and money.
  • Keeps Data Safe: Protects the code from accidental loss or damage, important for keeping the business running smoothly.
  • Meets Audit Requirements: Helps meet legal and industry rules by keeping a clear history of all changes, which is important for audits.
  • Quick Recovery: Makes it easier to fix things if something goes wrong, like if a new update causes a problem.
  • Enables CI/CD Pipelines: Usually, the source repository is the first step in a build pipeline.

Popular source control tools include GitHub Enterprise GitLab Enterprise and BitBucket.

Using Open Source Software

Using open source software within a financial services organisation poses unique challenges. This article outlines some of the potential pitfalls and solutions when getting started.

Software Inventory

Software inventory is a precondition to most of the activities involved in OSMM level 2. The first step to licence compliance or supply chain security is to understand what software is in your estate.

Open Source Supply Chain Security

In this article we are going to look at the growing issue of software supply chain attacks via some examples and then look at the emerging field of open source supply chain security: what it is, current best practices, the institutional landscape and emerging legislation.