NHS-hosted issue trackers, CI, etc for software projects

Are they available?

I’ve recently come to the NHS from the commercial sector, where tools such as issue tracking, continuous integration, source code management, etc are ubiquitous. I can’t find any info on people using them within the NHS at an organisation level (other than a couple of projects where they’ve deployed their own).

What information are you after?

All the Acute hospitals I worked at used some form of source code management.
NHS digital code is on GitHub (e.g. CareConnect, gp Connect, other fhir related projects).
Not sure about the issue tracking but it’s not disabled.
CI tools aren’t public, but they are used.

Do CI instances tend to be per-project, rather than available as a service from NHS IT?

I’m wondering how we’d get one of each (pref. Jira and GoCD) set up for our centre? Or alternatively how we could get someone to just provide us with a server (virtual or otherwise) in a NHS data centre somewhere and we could deploy our own tools.

I’ve floated the idea of using 3rd party cloud services, but the current view is it’s too risky in case somehow sensitive information made it onto our build server, and then got leaked, then we’d be in trouble because we set it up external to the NHS network

The NHS doesn’t really exist as an organisation, it’s more like a brand used by several hundred organisations. Central NHS IT does provide some services mainly infrastructure.

Size would stop many from going down this route, I’ve wondered if NHS trusts could cooperate using git, etc to produce open source solutions (nothing big, just to solve common problems). In a manner similar to how fhir is being developed internationally.

Some NHS Trusts will have their own instances of things like JIRA. In NHS Digital we have a licence for JIRA and Confluence, but its use is generally per programme/department not across the org. There is some use of Jenkins for CI in NHSD but depends on the project again.
GitHub-hosted projects (for example GP Connect) often use the inbuilt issues tracker.

Thanks for both your responses. So I guess it’s mainly on a per-project basis, is the gist of it?

Given that a lot of code is hosted off NHS infrastructure (i.e. in GitHub), I’m going to make the assumption that setting up our own (private, but external) build server and issue tracker is the way to go.

I guess I’ll have to come up with some procedures and training around keeping sensitive data well away from that kind of server.

Patrick… NHS England has an online course and certification process
for individuals that may come in contact with sensitive data. I don’t
have the coordinates any more but you should be able to find them easily
or someone else on this list can point you to them.