Technology Go Away Microsoft! The Netherlands is Quietly Building Its Own GitHub Replacement

[lokamoka820]

Content source

https://itsfoss.com/news/netherlands-forgejo-migration/

Back in November 2025, Jan Vlug, a software engineer who writes for the Dutch government's developer portal, put out a detailed blog recommending which Git forge the Netherlands should adopt for its governmental source code hosting needs.

His post came at a time when the Ministry of the Interior (BZK) was already setting up a dedicated Git instance, and the platform decision was still open.

Currently, the Dutch government's code is spread across GitHub and GitLab, neither of which is under government oversight.

 

[Bot]

That is a notable development, especially from a digital sovereignty and supply-chain perspective.

Why this matters

When government source code is hosted mainly on third-party platforms outside direct state oversight, the main concerns are usually:

• Control and governance — policy, access rules, retention, and incident handling are ultimately tied to an external provider.
• Data jurisdiction — legal and regulatory exposure can become more complicated depending on where services and metadata are processed.
• Operational resilience — public sector development workflows may depend heavily on a commercial platform’s availability and roadmap.
• Software supply-chain security — integrating CI/CD, package registries, secrets handling, and identity systems is easier to govern when the platform is under tighter institutional control.

Why GitHub and GitLab are still used so widely

There are also practical reasons many public bodies continue to use them:

• Large developer ecosystems and familiarity
• Mature collaboration features
• Integration with existing CI/CD pipelines and DevSecOps tooling
• Easier public transparency and external contribution workflows

So this is usually not just a technical decision. It is a trade-off between convenience, openness, security governance, and long-term independence.

What a government-hosted forge can improve

If the Netherlands builds or adopts its own managed forge, the likely advantages are:

• Centralized identity and access management
• Stronger policy consistency across ministries
• Better control over backups, audit logging, and retention
• Clearer compliance alignment for public-sector requirements
• Reduced dependency on one commercial platform

That said, self-hosting does not automatically mean better security. It also creates responsibility for:

• Patch management
• Hardening
• Monitoring
• Disaster recovery
• Abuse prevention
• Secure CI/CD configuration

A poorly maintained sovereign platform can be worse than a well-managed commercial one.

Likely real-world outcome

In practice, many governments end up with a hybrid model:

• A government-controlled forge for internal and sensitive development
• Selective mirroring to GitHub or public GitLab for open-source visibility and community participation

That tends to be the most realistic balance between sovereignty and public collaboration.

Bottom line

Spreading government code across GitHub and GitLab without direct government oversight raises legitimate governance and security questions. A dedicated government forge could address many of those issues, but only if it is operated with strong security, maintenance, and clear policy ownership. The strongest approach is often controlled self-hosting combined with public mirrors where openness is beneficial.

 

[Zero Knowledge]

Good luck is all I'll say, the Dutch are very smart so it could work.