Git Notes
Learn enterprise-grade Git workflows including governance, compliance, inner source, and tooling for large teams and regulated industries.
When a startup with five developers uses Git, everyone pushes to one repository, reviews each other's code informally, and deploys by merging to main. Now scale that to 500 developers across 20 teams, working on hundreds of repositories, with regulatory compliance requirements, security audits, and the need for consistent processes. The casual approach breaks down completely.
Enterprise Git workflows address the unique challenges of large organizations: governance requirements, hundreds of concurrent developers, multiple teams owning different services, regulated industries demanding audit trails, and the need to balance developer productivity with organizational control.
Enterprise Challenges
Running Git at scale introduces challenges that small teams never encounter:
- Hundreds of repositories need consistent configuration, permissions, and CI/CD
- Compliance requirements demand audit trails, signed commits, and approval workflows
- Security controls must prevent credential leaks, enforce access policies, and manage secrets
- Consistency across teams requires shared templates, conventions, and tooling
- Integration with enterprise tools like Jira, ServiceNow, PagerDuty, and Slack
- Developer onboarding must be smooth despite complex processes
Governance Model
Enterprise Git governance operates at multiple levels:
| Team Alpha | Team Beta | |
|---|---|---|
| (Frontend) | (Backend) | |
| 15 repos | 12 repos | |
| Team rulesets | Team rulesets |
Organization-Level Policies
# Enterprise ruleset applied to ALL repositories
Ruleset: Organization Security Baseline
Enforcement: Active
Target: All repositories
Rules:
- Require pull request:
approvals: 2
dismiss_stale: true
require_code_owner_review: true
- Require signed commits
- Block force pushes
- Require status checks:
- security/codeql-analysis
- security/dependency-review
- compliance/license-check
- Restrict deletions
Bypass:
- CI/CD service accounts (with audit logging)Inner Source: Open Source Inside the Firewall
Inner source applies open-source collaboration practices within the organization:
# Any developer can contribute to any internal repository
# Process mirrors open source:
# 1. Fork the repository internally
git clone https://github.internal.com/platform-team/auth-service.git
# 2. Create a branch
git checkout -b improve/token-refresh-logic
# 3. Make changes following the project's CONTRIBUTING.md
git commit -m "feat: add exponential backoff to token refresh"
# 4. Open a Pull Request to the owning team
# CODEOWNERS ensures domain experts review
# 5. Owning team reviews and merges (or provides feedback)Benefits of inner source:
- Reduces "throw it over the wall" mentality between teams
- Enables anyone to fix bugs in services they depend on
- Shares knowledge across organizational boundaries
- Reduces bottlenecks on owning teams for small changes
Compliance and Audit Requirements
Regulated industries (finance, healthcare, government) have strict requirements:
# Compliance configuration for protected branches
Branch Protection (Regulated):
☑ Require signed commits (traceability to individual)
☑ Require 2 PR reviews (four-eyes principle)
☑ Require review from CODEOWNERS (domain expertise)
☑ Require linear history (clean audit trail)
☑ Include administrators (NO exceptions)
☑ Require conversation resolution (all concerns addressed)
☑ Require status checks:
- compliance/change-ticket-linked (must reference Jira/ServiceNow)
- security/vulnerability-scan
- compliance/license-audit
Audit Requirements:
- All push/pull events logged with timestamps
- Access changes tracked (who gave whom permission)
- Settings modifications require approval workflow
- Webhook deliveries logged for replay capability
- Git blame must identify actual developer (no shared accounts)Repository Templates and Standards
Enterprise teams use templates to ensure consistency across hundreds of repositories:
Scaling CI/CD for Enterprise
Common Mistakes
Mistake 1: Applying the same workflow rigidity to all teams. Platform teams with daily deploys need different processes than teams shipping quarterly. Allow flexibility within the governance framework.
Mistake 2: Not investing in developer experience tooling. If compliance processes create too much friction, developers find workarounds that bypass security controls.
Mistake 3: Shared service accounts for CI/CD. Every action should be attributable to an individual or specifically-scoped bot account for audit purposes.
Mistake 4: Ignoring inner source potential. Teams building walls around their repositories create knowledge silos and duplicate effort across the organization.
Interview Questions
Q1: What additional challenges does Git at enterprise scale introduce?
Access control across hundreds of repositories, compliance and audit requirements, consistent workflows and tooling across diverse teams, integration with enterprise systems (Jira, ServiceNow), managing the monorepo vs multi-repo decision, developer onboarding at scale, and balancing security controls with developer productivity.
Q2: What is inner source?
Applying open-source collaboration practices within an organization. Any developer can contribute to any internal repository through PRs, with CODEOWNERS ensuring domain experts review changes. It fosters knowledge sharing, reduces bottlenecks, and eliminates siloed development.
Q3: How do you enforce consistent Git practices across an organization?
Organization-level rulesets applied to all repositories, required workflow templates for CI/CD, repository templates for consistent configuration, shared documentation standards, automated compliance checking in pipelines, and regular training programs.
Q4: What security measures are essential for enterprise repositories?
SAML/SSO authentication, mandatory 2FA, signed commits, branch protection with admin enforcement, secret scanning with push protection, dependency vulnerability scanning, IP allowlists for sensitive repos, audit logging, and regular access reviews.
Q5: When should an enterprise choose monorepo versus multi-repo?
Monorepo suits tightly coupled services that release together, share significant code, and benefit from atomic cross-service changes (Google's approach). Multi-repo suits independent services with separate teams, different release cycles, and clear ownership boundaries. Consider tooling support (Nx, Turborepo for monorepo) and team autonomy needs.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Enterprise Git Workflows - Scale Git for Large Organizations.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Git & GitHub topic.
Search Terms
git-github, git & github, git, github, real, world, workflows, enterprise
Related Git & GitHub Topics