GitHub alternatives for projects with compliance requirements
Rémi Rampin
remirampin at gmail.com
Wed Jul 13 23:43:08 UTC 2022
2022-07-13 17:33 UTC-04, Adrian Edwards <photoace12 at icloud.com>:
> Given the the GiveUpGitHub campaign page asks the most
> comfortably-situated large projects to give up GitHub first, I was
> wondering if there were any FOSS options out there to provide some
> competition for GitLab for enterprises with compliance requirements that
> they have to meet, such as SOC2, ISO 27001, ISO 13485/QMS .etc. I have
> heard about these kinds of standards in recent StackOverflow podcasts
> and am curious if there are options for companies that want to support
> free and open software but don't have the ability to choose freedom and
> openness at the expense of regulatory compliance.
>
> Is it just a choice between GitHub and GitLab at this stage or are there
> other options?
Hi,
Those seem to be certifications for organizations (and devices), not for
software. I don't think a piece of software like Gitea or GitLab can be
certified for any of this, only an organization running it for you (platform as
a service) could possibly get certified, like github.com or gitlab.com.
The only platform I know that is running open source software commercially is
SourceHut, however it is still in alpha. I don't know if they will want to get
certifications but surely that would come later.
I don't think an organization running a platform as a free service could get a
certification. Beyond the price requirement and the strong requirements on
staff (those organizations often don't have paid staff), I am not sure this is
something that could kick in without some sort of contractual relationship with
you the user.
You could certainly run the software in-house and get any of those
certifications though, if nothing else by hiding it inside a private network.
--
Rémi
More information about the Give-Up-GitHub
mailing list