u/GitSimple — reddlx

Hi Everyone!

We're GitSimple, a newly formed PS firm with an experienced team. For a little while now we've been posting things in this sub that we hope are genuinely helpful. We plan to continue that, but also wanted to share that we offer free 30 minute consultations (https://gitsimple.com/free-consultation/) if anyone is interested.

We're GitLab, JFrog, and Anchore partners and have experience with federal teams and high compliance industries. Most of us have worked together before with a split focus on Atlassian tools and GitLab.

Full disclosure, yes, of course we offer services, but these consultations are meant to be more like our content, as genuinely helpful as possible. We then also get the benefit of talking to you all and understanding what real challenges teams are facing.

If you're having issues with your environment, integrations, general processes, FedRAMP/FISMA/HIPAA questions, thinking about a migration, whatever, we'd be happy to chat!

u/GitSimple — 7 days ago

▲ 6 r/gitlab+1 crossposts

We've been working on speeding up our GitLab environment and wrote a blog about it - https://gitsimple.com/3-ways-to-improve-your-gitlab-environment/ (Runner configs, DB maintenance, tuning Sidekiq) if anyone is interested.

What are some ways you've found to make GitLab run faster?

u/GitSimple — 9 days ago

▲ 5 r/devsecops

We’re helping with a federal-adjacent multi-cloud environment with AWS GovCloud and Azure Government. The basic setup is Terraform on the AWS side, Bicep on the Azure side, mostly separate pipelines, partly separate owners.

We’re working to combat policy drift. The challenge is that the same control gets encoded twice (encryption at rest, egress rules, approved base images, STIG updates, etc.) and the two implementations inevitably diverge. A patch goes into the Terraform module. The Bicep equivalent lags. A STIG control updates, one side reflects it, the other doesn't. Six months later a scanner flags a control we thought was solved everywhere.

We have a “single source of truth” plan worked out that I can share if anyone is interested, but we’re also curious how people here are/would approach this issue:

Are you running a single policy engine across both clouds, or is it effectively two programs sharing a doc?
How are you handling dependency curation (providers, Helm charts, packages pulled into Lambda/Functions) without ending up with two slowly diverging approved-artifact lists?
For FedRAMP/FISMA folks: is your audit trail genuinely unified, or are you stitching evidence together at report time?

I’m more interested in what patterns are holding up in production and what real-world pain teams are experiencing.

reddit.com

u/GitSimple — 17 days ago