Code hosting product is the necessary tool in the process of software development, many companies will choose when hosting tools for code selection self-built open source tools, however, the open source version of the code management tools are simply provide the foundation of the storage capacity, can’t satisfy the business enterprise in such aspects as safety, code quality, access control requirements, Enterprises still need to invest additional costs to build tools, and also need to invest in long-term maintenance personnel.

Today, we would like to introduce aliyun code management tool, Cloud Codeup, which is not only free, out of the box, but also provides powerful and convenient code security and quality assurance capabilities.

Let’s take a look at what makes this product smell good!

Cost, out of the box

If an enterprise chooses to build its own storage system, it needs to purchase physical or cloud storage servers at a cost, and it also needs a dedicated person to build it. After the installation is complete, you need to perform long-term maintenance, backup, and prevent downtime and attacks.

With cloud Codeup, the machine, setup, and maintenance costs go to zero. Out of the box, you only need to register an Aliyun account.

2, safer: multiple security guarantee mechanism

Code is a very important software asset of enterprise, and code security is the foundation of enterprise survival.

The open source version of the code hosting tools often lack enterprise-level security prevention and control capabilities. To ensure code security, enterprises either choose to pay more money to upgrade to the paid version, or study how to integrate other security tools, or even need to re-develop based on it to meet enterprise standard security standards.

Cloud Codeup has evolved with security as its most important feature from the beginning of its design:

Security 1: Automatic backup without o&M

Code hosting is self-built and requires regular code backup. Cloud Codeup has its own high availability and multiple copies, which can fully guarantee the security and stability of enterprise code assets by superlaying the protection capability of Ali Cloud high security products.

Security guarantee 2: automatic detection of sensitive information and dependent package vulnerabilities

Sensitive enterprise information is hardcoded into the code. As a result, sensitive information may be leaked and enterprise assets may be attacked. In addition, developers can’t write code without introducing various dependency packages. Especially in the case of the introduction of open source dependency packages, serious security incidents may occur due to security vulnerabilities in the dependency packages despite the complete protection of their own codes. In both cases, bad actors can take advantage and expose corporate code to risk.

Cloud Codeup has a built-in sensitive information detection service, which can be automatically triggered when developers submit code to check sensitive credentials and keys in the code base, such as AccessKey, password, ID card and other information. Combined with the ability of code review, it can effectively prevent the disclosure of sensitive information. The self-developed detection algorithm has been patented, and its accuracy and recall rate are higher than similar detection in the industry.

In addition, cloud Codeup’s built-in dependency vulnerability detection service continues to help enterprises maintain the security of their code engineering dependencies and eliminate potential dependency risks.

Security guarantee 3: Multi-level code permission control

In order to ensure the security of enterprise code, Cloud effect also provides IP whitelist, automatic clearance of personnel leaving the service, three-level permission prevention and control to ensure the prevention and control in advance, timely detection and warning through sensitive behavior monitoring, high-risk notification, and record database, group, administrator, code behavior operation logs for easy traceability.

3, more intelligent: automatic detection and intelligent review of code defects

In today’s competitive and fast-moving world, it has always been a challenge for technical teams to ensure code quality while achieving fast delivery. Code quality can be measured by two dimensions: one is the defect of the code and the other is the readability of the code. In terms of code defects, Codeup’s self-developed intelligent recommendation algorithm for code patches can help developers accurately and efficiently analyze code defects and recommend optimization solutions. The algorithm has been included in the International Software Engineering Conference (ICSE). In terms of code readability, Cloud Codeup has built-in Alibaba Java development specifications, which can help developers implement coding specifications at the initial stage of coding.

At the same time, Cloud Codeup also provides multi-scenario code review capabilities. Compared with Gitlab’s review mechanism, cloud effect adds fine-grained rule control, such as support for specifying the number of reviewers and custom merge conditions.

Finally, let’s summarize the advantages of cloud Codeup over the open source version with a table:

Why did they choose Cloud Codeup

Case 1: Shangmi Technology.

With a r&d team of more than 100 people, Shangmi finally chose to migrate to Cloud Effect Codeup from the original GitLab

Wen Zhenxi, director of Shangmi Technology Committee and partner of Shangmi, has the following reasons:

1. The cloud effect Codeup version is automatically updated and iterated, while GitLab version update is relatively complex, and it is easy to make abnormal errors in self-deployment operation and maintenance. 2. Cloud Codeup integrates many out-of-the-box functions such as code detection, patch recommendation, security scan, risk warning and so on. The scan library is also maintained by Cloud Codeup without worrying about the expiration of the scan library version.

3. Cloud Codeup supports multi-level grouping to meet the requirements of team -> business -> project team -> code refinement authority management.

Case 2: Zhangxun, Shijiazhuang

Shijiazhuang Zhangxun has a r&d team of about 30 people, which also migrated to Cloud Effect Codeup from the original GitLab.

Qiao Yahao, director of Enterprise intelligence service department of Zhangxun said:

Compared with GitLab, Codeup provides automatic code checking, which greatly improves the quality of our code. The level 3 security control at the enterprise level makes us feel more secure when using it.

One-click migration to Cloud Codeup

Enterprises of all sizes are using Codeup, a cloud-based code management product.

If your company is in the early stages of model selection, visit codeup.aliyun.com to get an immediate experience

If your enterprise already has a code repository, cloud Codeup’s three-party library import capability makes it easy to migrate code.

Come and try it.