FullStory automates DevSecOps at scale with GitHub Advanced Security.
- Atlanta, GA
- Number of Seats
Building a digital experience that your users love means knowing what they want—what makes them happy, what makes them frustrated, and everything in between. What if you could aggregate every user interaction on your site or app, and then analyze the results with a powerful DX data engine? FullStory empowers businesses to do just that, generating critical insights on how users experience your site, software, or native mobile app.
Implementing FullStory is as simple as dropping in a snippet of code and, with minimal configuration, your business has instant access to a range of analytics including user behavior, page performance, user frustration, feature usage, and much more. All this data translates into quantifiable improvements to your site or app to deliver the best possible customer experience.
FullStory already has a team of talented developers numbering in the low hundreds and plans to double its headcount by 2023. From day, one FullStory has relied on GitHub to help it tackle the scaling, testing, and security challenges presented by the company’s rapid growth.
Fast-moving SaaS companies like FullStory face many obstacles as they scale-up their DevOps environments, including maintaining access controls, managing packages and dependencies, and increasingly complex code bases—all of which slow development.
Testing and updating software can be particularly challenging in these complex environments. “We have unit tests, we have integration tests, we have browser tests, and tests to see whether the pixels are matching perfectly,” explains Habib Pagarkar, Director of Engineering. FullStory leverages A/B testing as part of their software development lifecycle, so managing CI is a critical function.
GitHub’s extensibility reduces friction for FullStory developers by enabling a seamless DevOps workflow, even when using third party tools. “GitHub is much easier to use than the other platforms I’ve worked with. It integrates well with all our other tooling,” says Jordan Carroll, Sr. Software Engineer. “For example, when using VS Code and GitLens we can see who wrote what lines of code. We can also jump straight to the pull requests in GitHub for further context, which is super powerful.”
FullStory’s engineers particularly appreciate GitHub’s integration with their CI solution. “I never feel disconnected when jumping between CircleCI and GitHub. GitHub is integrated deeply into the entire development lifecycle,” explains Carroll.
Automation plays a significant role in FullStory’s CI/CD workflow. “We build a lot of bots,” Pagarkar says. The company uses GitHub Actions to stay on top of its repositories. Because one repository is internal and the other external, discrepancies in code can cause problems in versioning and updating. Using Actions, FullStory can use public API endpoints to compare new changes in their code. They are then able to use a custom Action to check out a new branch and perform testing before merging changes to one of their repositories.
GitHub is much easier to use than the other platforms I’ve worked with. It integrates well with all our other tooling.
And even amidst rapid growth, GitHub makes onboarding new developers a snap. FullStory finds that a majority of its staff has previous experience with Github, and many engineers enter onboarding with their existing Github handle. “GitHub is the de facto standard for all open source software,” says Carroll. “Developers know how to use GitHub from day one, which means they can be productive sooner.”
GitHub provides a unique experience for collaboration in DevOps within its user interface. The seamless integration of new features continues to grow and remains a developer-focused platform. “Any engineer within the company can commit code into our repositories, however, all code goes through a mandatory review process before it’s put into production,” says Mark Isham, VP of Application Engineering.
In addition to a monorepo where many core development activities take place, FullStory has several innersource and open source repos for cross-team collaboration. This methodology increases transparency within the codebase and enables teams to surface tools and reduce redundant work.
“Pull request infrastructure is a core part of our workflow, especially with a growing repo with engineers who have different levels of seniority,” explains Isham. “We take the responsibility of safeguarding our customer data very seriously. To this end, every line of code must first go through mandatory peer code reviews, security analysis and rigorous testing before releasing to production.”
For FullStory, every line of code is protected with a GitHub Code Owners file. This ensures that any changes to the company’s codebase are reviewed by a senior member of staff before the CI process takes place.
Compliance is another crucial feature for FullStory. “We’re a SOC 2 company and it’s important for us to have clear audit trails around anything related to our intellectual property. GitHub is wonderful for providing that,” explains Isham.
FullStory finds that GitHub Advanced Security provides many important tools for securing their repositories. The company is a part of the secret scanning partner program and uses Secret Scanning to check for API keys across the entirety of GitHub. Additionally, FullStory leverages Dependabot to monitor for insecure dependencies and carefully tests each dependency version before shipping into production. “Safeguarding our code with Dependabot is quite valuable to us given the nature of our business. We’re capturing analytics data from our customers’ websites, so we can’t auto version npm dependencies,” says Isham. “We need to be very careful about security, especially open source dependencies that might have an attack vector.”
As FullStory grows, so too does GitHub’s usefulness. “I’ve seen GitHub’s usability continue to improve and grow for developers who are using it day to day for pull requests and traversing the codebase,” Carroll says. “It’s pretty incredible how many times I’ve talked to other engineers who said, ‘Wow, I wish GitHub had this feature,’ and then a few months later, GitHub releases it.”
As FullStory continues to grow, it plans to continue investing in GitHub to enhance developer productivity and product security. “GitHub is like a glove that fits perfectly,” Carroll says. “I wouldn’t want to manage and develop code any other way.”
Explore more from GitHub
What will your story be?
Start collaborating with your team on GitHub
Want to use GitHub on your own?
Check out our plans for individuals