Can The Real Codeowners Please Stand Up? Code Provenance at Scale

The Product Security team at Twilio has developed a solution to help companies identify and manage code ownership across their large-scale codebases, which is achieved through the release of two tools: "about.yaml" and Gordon. The "about.yaml" file specification provides a machine-readable format for storing metadata such as Jira project IDs and PagerDuty schedules, allowing developers to easily track ownership information. Gordon, a GitHub app service, automates the validation process by checking the contents of about.yaml files against a set of predefined specifications, ensuring that the data is accurate and up-to-date. The solution aims to reduce time wasted in emergency situations where code owners are no longer available or on leave, and provides a scalable and adaptable approach for companies to implement their own code ownership management systems.