The CreatorCon Call for Content is officially open! Get started here.

ChrisF323949498
Tera Explorer

Should you push your code to GitHub? How the IDE will help indirectly boost the security of your platform

 

Over the past 10 years, I’ve worked across various organisations – Government, Banking, Legal as well as some smaller organisations.

Throughout this experience I noticed that generally, servicenow development has been a bit ‘siloed’ from other development in these organisations. There are the ‘servicenow devs’ and then the ‘other devs’.

We’ve been kind of separated mostly it seems, due to the different tooling, and I think in some ways this is…or perhaps was… limiting us.

 

I noticed this more so recently, when I had the opportunity to work on what I’d say was more ‘general development’ building a standalone web application.
This included writing code in VSCode, committing it to GitHub, making pull requests, doing code reviews, leaving comments, etc.

Then, seeing various automated tools scan our GitHub repo and report issues before we were allowed to deploy to production.

Then I returned to my servicenow role and pondered something:

“Pushing our servicenow code to GitHub, will likely increase the quality and security of your platform…?”

Why?

  • It removes the silo, better code visibility
    Your code becomes part of your organisations eco system, it’s not tucked away in a servicenow table hidden from almost everyone.

    This means you’ll have other developers able to access it, review it, suggest improvements.


  • Collaboration and commonly used systems
    We can better collaborate, we can leave comments, give feedback, and more important spot bugs (and security issues!).

  • Audit trails
    We know whom pushed what, why X code was changed, etc.
    I don’t suggest this for blame, in fact I think blame kills creativity, feedback and stops everyone pushing the boundaries to grow.
    I believe this should be used as a system of praise, ‘Well done for fixing bug X on the 1st of august, you made our platform more secure!’.

But bigger still…

It opens up a world of tooling. Specifically, security tooling.

Static analysis tools, tools like Snyk and SonarQube.
These are tools your organisation may already have, but you’ve not been able to fully use yet. Well, if you push your code to GitHub, maybe you can?

 

So, a new IDE seems kind of small at first, but it’s not so much the specific tool in isolation, it’s more that it’s opened up a world of possibilities!

 

So where from here?

 

If you’re a team leader of developers, maybe task 1 with getting your subprod environment setup with GitHub, meanwhile check with your organisation and see who is using GitHub? What security tooling have they purchased that you can perhaps leverage too?

 

If you’re a developer, give it a go in a PDI instance – Push to your private repo, get familiar with the tooling (both the servicenow IDE, and GitHub etc) and I think that’ll spark some excitement and move towards leveraging other tools.

 

What are your thoughts?

Do you already push to GitHub?

Do you make use of the IDE?

Have you seen any direct or indirect benefits in doing so?