@finos/git-proxy

Deploy custom push protections and policies
on top of Git


Docs · Demo · Report a bug · Suggest a new feature

What is GitProxy

GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). It applies rules and workflows (configurable as plugins) to all outgoing git push operations to ensure they are compliant.

The main goal of GitProxy is to marry the defacto standard Open Source developer experience (git-based workflow of branching out, submitting changes and merging back) with security and legal requirements that firms have to comply with, when operating in highly regulated industries like financial services.

That said, GitProxy can also be used on a local environment to enforce a single developer's best practices, which tends to be the easiest setup to start with and the most comfortable one to build new GitProxy plugins.

sequenceDiagram
    actor Developer
    Developer->>+Git Server: git clone
    Developer->>Workstation: git remote add proxy <proxy-server>
    Developer->>+GitProxy: git push proxy
    GitProxy-->>-Developer: Failed license check
    Developer->>Workstation: git commit -m 'fix license issue'
    Developer->>+GitProxy: git push
    GitProxy-->>-Git Server: Approved

Getting Started 🚀

Install & run git-proxy (requires Nodejs):

$ npx -- @finos/git-proxy

Clone a repository, set the remote to the GitProxy URL and push your changes:

# Only HTTPS cloning is supported at the moment, see https://github.com/finos/git-proxy/issues/27.
$ git clone https://github.com/octocat/Hello-World.git && cd Hello-World
# The below command is using the GitHub official CLI to fork the repo that is cloned.
# You can also fork on the GitHub UI. For usage details on the CLI, see https://github.com/cli/cli
$ gh repo fork
✓ Created fork yourGithubUser/Hello-World
...
$ git remote add proxy http://localhost:8000/yourGithubUser/Hello-World.git
# This fetches the repository's default branch and pushes it (https://stackoverflow.com/a/44750379).
$ git push proxy $(git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@')

Using the default configuration, GitProxy intercepts the push and blocks it. To enable code pushing to your fork via GitProxy, add your repository URL into the GitProxy config file (proxy.config.json). For more information, refer to our documentation.

Documentation

For detailed step-by-step instructions for how to install, deploy & configure GitProxy and customize for your environment, see the project's documentation:

• Quickstart
• Installation
• Configuration

Contributing

Your contributions are at the core of making this a true open source project. Any contributions you make are greatly appreciated. See CONTRIBUTING.md for more information.

Security

If you identify a security vulnerability in the codebase, please follow the steps in SECURITY.md. This includes logic-based vulnerabilities and sensitive information or secrets found in code.

Code of Conduct

We are committed to making open source an enjoyable and respectful experience for our community. See CODE_OF_CONDUCT for more information.

License

This project is distributed under the Apache-2.0 license. See LICENSE for more information.

Contact

Drop a note, ask a question or just say hello in our community Slack channel 👋

If you can't access Slack, you can also subscribe to our mailing list.

Join our fortnightly Zoom meeting on Monday, 11AM EST (odd week numbers). Send an e-mail to help@finos.org to get a calendar invitation.

Otherwise, if you have a deeper query or require more support, please raise an issue.