Home Cloud Private cloud Products and tools Repo-Mountie 

Repo-Mountie 

Repo-Mountie scans B.C. government GitHub repositories to make sure they meet requirements for open-source development and security governance. 

The Repo-Mountie scanning service is provided by the platform team, but you’re responsible for addressing issues identified in the scans.

What is Repo-Mountie

Repo-Mountie is a custom-developed bot that crawls all of the B.C. government’s bcgov organization repositories in GitHub. It’s responsible for identifying any missing Security Threat Risk Assessments (STRAs), Privacy Impact Assessments (PIAs) or open-source licensing information in the repositories. It also checks if repositories are aligned with development best practices for GitHub, including having no stale pull requests or issues, having reasonable pull request lengths and more. 

Benefits

Repo-Mountie is an automatic service that helps you stay compliant with the B.C. government’s requirements for open-source development and security governance.

The bot independently crawls the bcgov GitHub and will create an issue if it identifies a problem in one of your repositories. 

Learn more about issues in GitHub.

Who can use it

This service is available to all product teams with repositories in the bcgov organization on GitHub.

When to use it

You don’t need to take any action to have your repositories crawled. The Repo-Mountie bot automatically crawls all repositories in the bcgov organization container on GitHub. Any repositories you create in bcgov will be crawled on a periodic basis.

If the bot finds a problem in one of your repositories, it’ll notify you by creating an issue in that repository. It takes about 24 hours for the service to crawl new repositories.

Where to get support

Rocket.Chat is the main communication channel for platform service support.

  • For general questions about Repo-Mountie, use the #devops-operations channel
  • For cluster-wide service notifications that may impact Repo-Mountie availability, check the #devops-alerts channel

For additional assistance, you can visit the platform support page.

Technical documentation

Learn more about how Repo-Mountie works and how to address issues found in your repositories.

Go to the technical documentation for Repo-Mountie.

Security reviews

Privacy Impact Assessment (PIA) and Security Threat Risk Assessment (STRA) have been completed for Repo-Mountie. Send a request to the Platform Services team to access these assessments.