Helping you manage change.

Before we jump into options like GitHub or Bitbucket, let's take it back a few steps to understand what version control actually means and why we need it to develop reliable, secure code.

Many hardware and software development teams use version control today. So, we are only going to cover the basics and offer some guidance on what to look for in version control software.


Version Control Systems

What is version control?

How is it used?

What are the benefits?

What are my options?

Which is the best?


What is it?

Version control is a system that records changes to a file or set of files over time so you can recall specific versions later. It's a wise system to use, allowing you the ability to always go back sort of like time travel. (Don't you wish you were able to travel back in time to fix some life decisions? We do.)

 

How is it used?

The value of a version control system lies in the ability to track all changes ever made to a file or set of files. This allows you to return back selected files to a previous state, revert the entire project back to an earlier state, compare changes over time, see who last modified something that might be causing a problem, who introduced an issue, and more. Using a version control software means that if you screw things up or lose files, you can quickly recover. Also, you get this fantastic ability to time travel with very little overhead required.

 

What are the benefits?

There are many benefits of using version control software to manage changes to source code over time. Including:

  1. Collaboration

    You've been there before – shouting across an office that you're working on a file, and your teammates should keep their hands off.

    Version control software supports a developer's preferred way of working. It facilitates a fluid flow of changes to code rather than the frustrating and clumsy mechanism of file locking. File locking version control systems provide a red light/green light scenario to one developer at the expense of blocking the progress of others.

    The ability to branch and merge in a version control system keeps multiple streams of work independent from each other while also providing the facility to combine that work back together, enabling developers to verify that the changes on each branch do not conflict. There's also no question where the latest version of a file or project is located. It's in a shared, central place: your version control software.

  2. Properly storing versions

    Saving a version of your project after changes is an essential habit. But without a version control software, the task becomes tedious, confusing, and accident-prone.

    Version control software provides a complete long-term change history of every file or project by every individual. Changes include the creation and deletion of files as well as edits to their contents. Having the complete history enables going back to previous versions to help in root cause analysis for bugs, and it is crucial when needing to fix problems in older versions of the software.

  3. Restoring previous versions (aka time travel)

    Being able to restore older versions of a file or project means you can't mess it up! If changes made prove to be problematic, you can simply undo them in a few clicks. Knowing this is a huge relief when working on a project.

  4. Understanding what happened

    Example: One developer is working on a new feature while another developer is fixing an unrelated bug by changing code, but what happened?

    Every time you save a new version, a version control system requires you to provide a short description of the changes made. Additionally, if it's a code or text file, you can actually see what changed using “diffs.” All of this helps you understand how your project has evolved between versions.

  5. Always having a backup

    A side-effect of using a distributed version control software is you still have a backup. Every team member has a full version of their project on his/her disk – including the project's complete history.

    Your central server goes haywire? No problem. All you need is one of your team member's local repository. Ta-dah. You're back in business.

What are my options?

Battle Royale: GitHub vs. Bitbucket

Two of the best-known version control systems are GitHub and Bitbucket. They're both mature, actively maintained tools with a vast pool of available software development talent in the market.

Tell me about GitHub

GitHub is by far the most widely used version control system out there – with some 57+ million repositories on file. One of the primary reasons it's so loved is it's an open-source option, which means free.

Some of the features offered through include:

  • Collaborative code review
  • An integrated issue tracker
  • Milestones and labels for projects
  • Syntax highlighting
  • Branch comparison views
  • Support for 200+ languages and data formats
  • Two-factor authentication
  • And GitPages pages for easy website creation based off README and markdown files hosted in the GitHub repo.
  • Task management
  • Team/Member management for access control
  • Secure vulnerability
  • Webhooks for integration into external tools/systems

GitHub also has integration with everything from Asana to Zendesk, Jira, and Slack, plus CloudBees, CodeClimate, and Heroku along with cloud hosting providers, including AWS, Azure, and Google Cloud.

Tell me about Bitbucket

Bitbucket is an Atlassian product, so you will have a slick user interface as well as an all-in-one solution for software development. It supports Git and Mercurial version control software but not Subversion. It's written in Python and uses the Django web framework along with SOC 2 Type II security compliance.

Features of Bitbucket include:

  • Pull request and code reviews
  • Branch comparison and commit history
  • And unlimited private repositories for free

Bitbucket plays very nicely with other Atlassian products along with Bamboo, Crucible, Jenkins, and Jira.

If we had to choose just one, which would it be?

download

In a Department of Defense environment, we would go with Bitbucket as our software of choice. That's not to say we don't use GitHub. GitHub has many valuable benefits – one being it's open-source.

However, Bitbucket fits our processes and many of our customer security requirements too. Let's dive a little deeper into why we like Bitbucket the best.

Flexibility

With Bitbucket, you don't have to fit your square peg in a round hole. It is built on providing flexibility to the end-user.

For example, it gives you more options about the version control system that you use – incorporating Mercurial as well as Git. This means you can work how you want.

Unlimited private repositories

Managing a single account on a single platform is much more comfortable. Bitbucket allows for you to have as many as five private repositories providing the ability to separate projects.

Continuous Integration/Continuous Delivery is built-in

Continuous Integration and Delivery is built-in to your source code from the beginning, which means less setup and management required for users, repositories, and servers.

GitHub, on the other hand, requires everything to be set up on a case-by-case basis, which can lead to siloed information.

Smarter semantic searching

Sometimes it's the little things that make a product worthwhile. Bitbucket's search crawls your syntax to find definitions that match your query, rather than just viable names.

That makes search far faster and more powerful than it would otherwise be.

Jira integration

"Atlassian is to software what Apple is to design" – Forbes

Atlassian built a fantastic product suite providing an integrated ecosystem for software developers. And it started with Jira.

Jira was initially built as a bug tracker but is so flexible, it can be used for bug tracking, issue tracking, a service desk, and project management.

Bitbucket integrates seamlessly with the Jira tracking tools. If you use the two tools, you can set code commits to automatically update Jira issues. You can also create branches directly from Jira – enabling fast, fluid workflows. This is one of Bitbucket's most significant benefits, tying the entire development process, together with a set of integrated, synchronized tools.

 

Conclusion

To recap, version control is essential for all code, files, and assets that multiple team members will collaborate on. Using version control software helps you keep track of changes and keep every team member working off the latest version.

However, it should do more than just manage and track files. It should ease your processes for developing secure, reliable code faster. This is especially important for teams practicing DevSecOps.

That's because using a version control software helps you:

  • Collaborate
  • Properly store versions
  • Restore previous versions
  • Understand what happened when something goes wrong
  • By providing a built-in backup

When it comes to available version control software options, if you're looking for an alternative to GitHub, we recommend Bitbucket for many of the reasons provided above.

This post is written by Geocent