News travels fast. Whether a top company has finally announced its IPO, a new scientific breakthrough, or a ground-breaking investigation publishes, your phone likely pings with an alert from the same trusted source: The Wall Street Journal, published by Dow Jones.
In addition to their flagship publication, Dow Jones produces leading publications and products including Factiva, Barron’s, MarketWatch, Mansion Global, Financial News, Dow Jones Risk & Compliance and Dow Jones Newswires. Dow Jones is committed to delivering the news readers need to know. Growing from a Wall Street basement in 1882, the media company now has 500 full-time tech employees worldwide, with hubs across the world, including New York, Barcelona, London, and Hong Kong. Their team knows that keeping up with a global readership is no easy task, and that their products must be just as reliable as their reporting. But ensuring that breaking news gets to readers as quickly as possible depends on code that doesn’t. Dow Jones needed “news-solid” software that could help their developers and journalists deliver top stories faster: GitHub Enterprise.
Engineering Director Lee Cookson was among the first to use GitHub Enterprise at Dow Jones, and quickly noticed GitHub’s reliability. “GitHub has done a fantastic job at deploying a highly-available enterprise server. It’s products are very dependable,” Cookson said. “It’s up and running nearly one hundred percent of the time.” Originally deployed in their data center, GitHub is now used by teams across Dow Jones, powering everything from consumer products to detailed reporting. “GitHub rapidly expanded to other functions. It also was an integral part of building out our DevOps pipeline.”
After Dow Jones’ DevOps transformation, everyone is encouraged to collaborate and write code. Security is crucial—journalists write their own Python scripts to access data sets stored in GitHub repositories and used in digital and print publication. “We want to make sure that we have our security controls baked into our pipelines,” Chief Information Security Officer Miguel El Lakkis said, “all the way from the first line of code you’re writing.”
Lead Cyber Security Engineer Sydney Sweeney agrees. By self-containing apps within GitHub repositories on their own servers and in the cloud, teams are able to collaborate and work better together while governing systems from a single place. “GitHub has been amazing for us because we’ve actually built our own governance bots using GitHub Apps in our public or github.com organizations to help govern our repositories,” explained Sweeney. “These apps are able to check if there are owners assigned to repositories to make sure that they don’t get orphaned.”
GitHub ensures a reliable digital trail for security and compliance as well. Using their governance bots, Sweeney’s team can check if the right topics are assigned to the right repositories and trace which business units and products each project belongs to. GitHub also allows individual teams to enforce their own custom security controls.
“Having apps that help automate security within GitHub has been huge for us,” Sweeney confirmed. “The repo secrets have made security much easier to manage. It helps prevent passwords from being pushed into the code by providing a similar developer experience from local development through deployment.” And if a security vulnerability is discovered, product teams can act quickly. GitHub Enterprise’s built-in security alerts notify developers when a vulnerable dependency is found, and then automatically open pull requests with suggested fixes.
Security is just a part of the DevOps picture for the Dow Jones team. Along with GitHub Apps, developers use GitHub Actions to build and deploy on one platform. Their entire workflows are automated and managed from GitHub repositories—so what used to take multiple steps can now be done in a click or with a single Slack command. “We’re actually building out a whole app for our employees in Slack to request a CI/CD pipeline in our GitHub organizations and get a fully operational AWS deployment through a Slack bot,” said Sweeney.
Sweeney also appreciates the convenience. Instead of hosting and managing their CI/CD pipeline on top of managing their cloud infrastructure, GitHub Actions picks up the load. “In some cases, we’ve replaced three servers using a single GitHub Action.”
Security is critical, but reliability is important too. We depend on GitHub to deploy our products quickly and safely.
But building faster doesn’t mean shortcutting security. Since Dow Jones hosts GitHub Enterprise both on their own servers and on github.com, the team has reinforced their security best practices for users inside and outside their firewall. “You move away from enabling flat network designs and into more sophisticated zero-trust models by having your pipeline hosted on a SaaS,” Sweeney said, “and it forces you to maintain security best practices and real authentication.” El Lakkis agreed: “We’re able to show best practices with examples of tools that we wrote ourselves in security.”
Dow Jones developers aren’t the only ones building more securely. As they’ve built new internal tools, they’ve also used GitHub to share them with the world. Tokendito, which generates temporary AWS credentials via Okta, is key to securely authenticating our Code to Cloud practices for the entire organization, and any user on GitHub can download it from Dow Jones’s public repository for free.
For Dow Jones engineers, “giving away” internal code as open source isn’t counterproductive. It’s common sense. Senior Security Engineer Pranavkumar Patel sees it as returning the favor. “Every product of ours has been heavily dependent on open source,” Patel said. “That’s why community development has been huge for us and we wanted to give back to the community.”
With GitHub, developers at Dow Jones get the best of both worlds: hosting GitHub Enterprise Server on-premises for source code and securely engaging in open source with GitHub-hosted Enterprise Cloud. Enterprise Server and Cloud include access to features like GitHub Actions along with GitHub Packages. This means Dow Jones developers can create private package registries to use internally while also exploring and downloading public packages from github.com. “GitHub Packages is the perfect fit for the tools we use like Reapsaw, a Docker image that you build and execute as part of your pipeline,” explained Patel.
Tokendito, Reapsaw, and other open source projects have transformed Dow Jones into a company known for big ideas—and for attracting top talent. “It’s just been two or three years since we joined the open source community. We still have a lot of learning to do, but GitHub has helped us get our tech and our team out in the open,” said Patel. Both Sweeney and Cookson confirmed that GitHub has opened the door to new projects and new talent, too. “Open source helps us be part of that community,” Cookson said, “not a traditional media company, but a modern and adaptable technology company”
Engaging in the open source community has transformed how Dow Jones builds software, internally and externally. Teams don’t just release new applications to customers faster. According to El Lakkis, they also write better code. “The scrutiny that an open source project is exposed to definitely benefits the project itself. When it’s a private project or closed source project, it’s more about the business than about solving the difficult tech challenges that we have.” But El Lakkis also sees this as an opportunity for change. Known as “innersourcing”, GitHub has helped Dow Jones’ developers bring open source standards like collaboration and transparency into every project. Now developers build on each other’s ideas, spend less time on manual tasks, and catch bugs earlier in the development lifecycle.
From supporting the company’s DevOps transformation to hosting its cloud infrastructure, El Lakkis and Cookson know that Dow Jones can always depend on GitHub’s platform and its people. El Lakkis noted, “I’m impressed with the technical knowledge that the representatives have at GitHub compared to other organizations,” while Cookson explained, “Security is critical, but reliability is important too. We depend on GitHub to deploy our products quickly and safely.”
After all, Dow Jones’ developers and journalists aren’t the only ones relying on GitHub. El Lakkis put it simply: “When we break news, we want to make sure it’s delivered in a fast and reliable way so that everybody out there can know what’s going on. And we’re fortunate to have GitHub be a part of that process.”