Skip to content
GitHub Copilot is now available for free. Learn more
GitHub Enterprise

Raiffeisen Bank International delivers better, more secure customer experiences with GitHub.

  • 12,000+ repositories migrated to GitHub in 12 months
  • 5,022 leaked secrets avoided with GitHub Advanced Security
Office building
Number of Seats
2,825
Location
Vienna, Austria
Problem

A lack of central coordination between Raiffeisen Bank International’s development teams in different countries led to duplicative work and a fragmented approach to security that involved multiple tools and late-stage audits. Developers spent too much time on tasks like building deployment scripts that didn’t directly benefit customers and took too long to fix security issues. 

Solution

RBI built an innersource culture, adopting GitHub all-in-one development platform for building, sharing, managing, deploying, and securing code, enabling developers to fix security issues faster and focus more on delivering customer value.

Products

How long has it been since you visited your bank in person? Has it been weeks? Months? Years? If you're like most people, your phone is your bank branch. That's as true for businesses as it is for consumers. Raiffeisen Bank International (RBI) invested in the digital banking revolution early and it's become increasingly central to the company's business over the years. Once a support mechanism, digital services have now evolved to become a core part of the company's offerings.

Nonetheless, RBI faced competition from a growing number of digital-first banks and fintech companies and recognized a need to centralize more of its digital efforts to avoid duplicative work, particularly around DevOps workflows, to maintain a competitive edge. "There was no business value in having banks in each country spend time writing their own pipeline systems in-house," Head of Agile Engineering Support David Heitzinger explains. "We want them to focus on delivering value to customers, not developing integrations and deployment scripts. We needed a common, modern solution." Plus, the company wanted to gain deeper insight into their overall security posture, which was difficult to do without centralizing IT efforts, and to shift left on security to catch potential vulnerabilities early in the development process. RBI opted to standardize on GitHub Enterprise because it provided a secure, scalable, all-in-one platform for development.

Developers at their desk

We used to have other tools as well, but GitHub offers us with an all-in-one solution that provides developers a single source of truth for security notifications and code management.

RBI is giving teams a year to adopt GitHub so they can choose the least disruptive times to migrate. Within a matter of months, a third of developers across 13 markets have made the move. It's a faster pace than CI/CD Platform Owner Deniz Hoxha expected. "We've had more people moving than we could handle at times," Hoxha says. "They’re eager to make the move, because GitHub is a platform they’re familiar with and it provides them with more possibilities."

Given the paramount importance of security in the banking industry, GitHub Advanced Security was a big factor in RBI’s decision to use GitHub. "We used to have other tools as well, but GitHub offers us with an all-in-one solution that provides developers a single source of truth for security notifications and code management," Hoxha says.

The company now catches more issues than ever before. For example, RBI discovered 5,022 secrets in its repositories after enabling secret scanning. Hoxha emphasizes that these secrets hadn’t found their way into public repositories, but even having them in private repositories creates security risks. Now the company uses GitHub Push Protection to block developers from committing secrets in the first place and providing extra assurance that secrets are never leaving their laptops.

Developers are happier because teams have successfully shifted left, so scanning happens as part of their standard workflow, instead of as a separate process to be managed later, meaning RBI now has a stronger security posture that takes less effort to maintain. GitHub also makes that posture more transparent, making possible for RBI to effectively invest in clean code with measurable goals, which helped convince RBI’s management to push for a company wide adoption of Advanced Security earlier than planned for. 

In addition to Advanced Security, RBI uses GitHub Dependabot to help teams keep packages up-to-date and free of vulnerabilities by handily informing them if there are new packages available and even creating pull requests to update those packages. Because security is woven into the development process, RBI’s developers can resolve security issues much more quickly than other teams, with some fixing problems as much as a year faster than others.

Workers in a meeting

Getting people to adopt GitHub was one thing. Getting them to adopt innersource and reuse code was another. "Cultural transformation is not easy," Heitzinger says. "It takes extra work to make something usable outside your own team."

RBI followed the best practices set out by Innersource Commons, assigning individual team members with responsibilities such as promoting innersource initiatives within the company, coordinating communication across different teams, seeking contributions to projects, and ensuring proper documentation. "You have to continually promote the concept of reuse if you want it to be a part of the culture," Heitzinger says. That effort is paying off. Developers at RBI now work across internal borders to build the company's latest digital products, sharing not just libraries but entire applications, such as specialized, stand-alone apps for services for looking up exchange rates or applying for small cash loans. GitHub sat at the center of this process, providing a common platform for code, collaboration, automation, and security.

"It's really empowered us in our daily work," says Senior Software Engineer Nina Musil. "It was much harder to collaborate before. Now there are no boundaries."

GitHub helps RBI reuse more than just code. With GitHub Actions, teams share pipelines and automations internally to avoid repetitive work, which enables developers to focus on writing code rather than managing and deploying it. Musil's team uses GitHub Actions for a wide variety of tasks, including running tests, building artifacts, and deploying to app stores. It helps avoid time-consuming and repetitive tasks. "We need a lot of repositories, so Actions saves us hours of time by automating the creation process and the configuring of permissions and secrets," she says.

While RBI uses self-hosted runners as part of its compliance, they host an internal actions marketplace to give developers access to the full power of GitHub Actions. "We need to vet all the code we run, but we don't want to prevent people from using useful third-party tools,” Hoxha explains. "So we provide a means for people to request actions from the public marketplace, then we pull them in and automatically apply some security measures."

One of our biggest goals was to provide state-of-the-art tooling to our whole development process. Now we're able to keep security top of mind, while collaborating and automating on a bigger scale than ever before.

Heitzinger says GitHub is improving overall developer happiness at the company and is helping with recruiting efforts as well. "People are excited to hear we use GitHub, usually, they don’t expect state-of-the-art tooling and tech-stack in a bank" he says.

That excitement extends throughout RBI's development teams. RBI has leveraged GitHub as a superior platform for creating secure digital services and addressing the evolving needs of customers. Teams from across Europe are coming together to solve business problems and build great apps. "One of our biggest goals was to provide state-of-the-art tooling to our whole development process," Heitzinger says. "Now we're able to keep security top of mind, while collaborating and automating on a bigger scale than ever before."

Interested in bringing GitHub Enterprise to your organization?

Start your free trial of GitHub Enterprise for 30 days days and increase your team's collaboration. $21 per user/month after trial expires.

Curious about other plans? from GitHub

What will your story be?

Start collaborating with your team on GitHub

Want to use GitHub on your own?
Check out our plans for individuals