Tooling

For how tooling and workflow integration support AI-assisted development and InnerSource together, see the InnerSource and AI section, in particular Shaping Repositories and Practices for AI.

Effective InnerSource Strategies and Configuration for GitHub

This documentation is a compilation of the essential settings and strategies necessary for implementing InnerSource inside an organization. It encompasses both overall strategic elements and specific points relating to SCM configuration.

We also encourage you to read the OpenSSF's (Open Source Security Foundation's) Source Code Management Configuration Best Practices guide for a perspective focused entirely on security.

Table of Contents

GitHub

• GitHub InnerSource Strategies

  • Balancing Security & InnerSource: Who Can See What

  • Security-First Perspective and InnerSource-first Perspective

  • Visibility Differences by InnerSource Project Type

  • Project Participation Difficulty Level by Setting

  • Pros and Cons of InnerSource Dedicated Environment

  • Variations in how repository read access is distributed

  • Conclusion: High Level Guideline

• GitHub InnerSource Configuration

  • Enterprise Setting

    • Repository policies

      • Base permissions

      • Repository creation

      • Repository forking (Private / Internal)

  • Organization Setting

    • Member privileges

      • Base permissions

      • Repository creation

      • Repository forking

  • GitHub Enterprise Server Setting

    • GitHub Connect - Server statistics

  • Resources

GitLab

For GitLab, we are using a similar set of de factos - GitHub InnerSource Strategies as that should not changed much in terms of InnerSource security, access, and various setting protocols prescribed under InnerSource Commons principles.