Healthcare providers today are tasked with surmounting staffing shortages, supply chain issues, and a global pandemic—all while providing quality care. Amidst balancing these moving pieces, it can be difficult for clinicians and patients to find the time to meet in the middle. Enter Caregility, a virtual healthcare platform that seeks to improve how, where, and when healthcare visits take place with an easy-to-use web application that connects patients with their clinicians.

The virtual care platform makes both administering and receiving healthcare easier and more accessible for clinicians and their patients—both inside and out of the hospital. With unique web links, patients are just one click away from a conversation with their healthcare professionals. Since its inception, the company has grown from around 30 to over 120 employees and serves clients in the United States and abroad. Caregility’s agile development teams work hand-in-hand with in-staff clinicians to help build better products with patients in mind. “We listen to the clinicians’ recommendations as we build the user interface to ensure we have the right features and functionality and the most comprehensive product going out to our customers,” explains Bin Guan, Chief Product and Innovation Officer.

As a quick-growing startup maneuvering a rapidly changing healthcare landscape, Caregility needs DevOps practices that can scale as the company continues to grow. The company’s existing CI/CD architecture, which included both Azure DevOps and on-premise infrastructure from GitLab, was too complex and created too many pain points across the technology organization. Caregility turned to GitHub to help consolidate its existing toolset, standardize its version control system, and improve its security posture.

Access control was one of the challenges Caregility faced in working with geographically diverse groups of developers. A common method to tackle this is to access-list an IP address, which is the approach its former DevOps platform employed. However, as the company grew, it soon realized it needed a more robust solution to secure and manage access control for a distributed workforce. To overcome these obstacles, GitHub supports single sign-on (SSO) to provide a frictionless method for securely accessing a codebase. When onboarding new developers, most are already familiar with GitHub and access is as simple as providing a login. “As a new Engineer, GitHub facilitated a fast onboarding process and enabled efficient communication between teams within the technology organization,” said John Franey, Lead Backend Software Engineer.

Consolidating operations through GitHub enabled Caregility to adopt an innersource framework that encourages code reuse throughout the organization. For Caregility, this codebase is a corporate identity library that provides a standardized menu of tools that can be used across the user interfaces of various products and services, reducing the time to ship new features. “GitHub helps guide our DevOps journey within the organization and fosters greater collaboration between various tech teams to work together on projects,” says Babitha Singh, VP, DevOps. “GitHub has helped us ensure that we have security controls baked into our CI/CD pipeline and GitHub Actions has allowed us to easily incorporate code linting and other best practices in our CI pipelines.”

Securing its patient and clinician-facing platform is a chief concern for Caregility, and a requirement for serving its healthcare provider customers. While Caregility’s compliance team routinely conducted security scans on production code, the process was time consuming and slow. Results would filter through multiple departments before going to a developer to fix. This is why Caregility’s team turned to GitHub Advanced Security. Tools like Secret Scanning and Code Scanning protect the company’s codebase and empower developers to take a more proactive approach to security, instead of just reacting to vulnerabilities. “We want to protect our customers and their patients by more efficiently securing our platform from vulnerabilities and exploits,” explains Justin Trugman, VP of Software Development. “By continuously scanning our codebase and dependencies, we can detect vulnerabilities and remediate them quickly, which is vital to the safety of patients and clinicians using our platform.”

GitHub has helped us ensure that we have security controls baked into our CI/CD pipeline and GitHub Actions has allowed us to easily incorporate code linting and other best practices in our CI pipelines.

With GitHub Advanced Security, Caregility’s developers now remediate issues during the coding process. Developers are able to see potential issues in committed code before being pushed into production, helping save time and eliminate redundancy. “GitHub Advanced Security makes it much easier to detect vulnerabilities before they are merged into our main branches,” says Trugman. “It’s shifting security left and incorporating it into the development process rather than it being an afterthought.”

Vulnerabilities are not just limited to code written in-house. Open source dependencies can also be attack vectors. Caregility mitigates these attack vectors using Dependabot which runs constantly in the background, scanning its GitHub repositories. If an insecure dependency is discovered, Dependabot not only sends an alert but also generates a pull request with a suggested fix for the vulnerability, enabling a faster remediation process. “Dependabot makes the process of delivering a secure and stable product to our customers much easier,” says Trugman. “Since using Dependabot we’ve fixed over 350 vulnerable dependencies.”

Since streamlining its workflow with GitHub, Caregility has enhanced its security posture and facilitated greater collaboration across the technology organization. Developers enjoy a frictionless experience that allows them to contribute to code that improves patient outcomes. “With GitHub, we consolidated our repositories, code security, CI/CD pipelines, and access controls into a single platform,” explains Guan. “The extra agility that is unlocked helps us deliver feature functionalities faster and more securely, which in turn helps support patients and save people’s lives.”