Scrolls
7 min read
On this page

What Inner Source Is

Inner source means applying open source development practices inside a company. Teams contribute to code they do not own. Pull requests cross team boundaries. Documentation is written for strangers, not just teammates. Code is discoverable by anyone in the organization. The goal is to get the collaboration benefits of open source without exposing proprietary code to the world.

The Core Idea

In most companies, code ownership is tribal. Team A owns Service A. Team B owns Service B. If Team B needs a change in Service A, they file a ticket and wait. The wait can be days, weeks, or months depending on Team A's priorities.

Inner source changes this. Team B can read Service A's code, fork it internally, make the change, and submit a pull request. Team A reviews and merges it. The change happens in days instead of months.

Traditional model:
  Team B needs change -> Files ticket -> Waits for Team A ->
  Team A prioritizes -> Team A implements -> Weeks/months pass

Inner source model:
  Team B needs change -> Reads Team A's code -> Makes change ->
  Submits PR -> Team A reviews -> Merged in days

This is exactly how open source works on GitHub, except it happens inside the company.

What Inner Source Is Not

Inner source is commonly misunderstood. Clarifying what it is not matters as much as defining what it is.

Not Just Shared Repositories

Putting code on an internal GitHub Enterprise or GitLab instance does not make it inner source. If teams do not accept pull requests from outside their team, the code is visible but not contributable. Visibility without contribution rights is just a code browser.

Not Forced Code Sharing

Inner source is not mandatory. Teams are not required to accept every contribution. They are not required to open their code to contributions at all. Inner source is an opt-in culture where teams that choose to participate benefit from cross-team contributions.

Not Open Source

Inner source code stays inside the company. It is not published externally. Intellectual property, trade secrets, and competitive advantages remain protected. The practices are borrowed from open source, but the code is proprietary.

Inner source vs open source:
                    Inner Source          Open Source
  Visibility        Company-wide          Public
  Contributors      Employees             Anyone
  License           Proprietary           Open source license
  Governance        Company policies      Project governance
  Motivation        Reduce silos          Community good
  IP protection     Yes                   No (by design)

The Benefits

Reduce Duplication

Large companies routinely have three, five, or ten implementations of the same thing. Three different JSON parsers. Five different authentication libraries. Ten different logging wrappers. Each team builds their own because they cannot find or use what already exists.

Inner source makes existing code discoverable and contributable. Instead of building a new authentication library, a team can use the existing one and contribute the feature it is missing.

Without inner source:
  Team A builds auth library v1
  Team B cannot find it, builds auth library v2
  Team C finds both, trusts neither, builds auth library v3
  Three libraries, three sets of bugs, three maintenance burdens

With inner source:
  Team A builds auth library, makes it inner source
  Team B finds it, adds OAuth support via PR
  Team C finds it, adds SAML support via PR
  One library, battle-tested, shared maintenance

Break Silos

Silos form naturally in organizations. Teams optimize for their own goals. Communication across teams requires meetings, tickets, and coordination overhead. Inner source reduces this friction by letting code flow across team boundaries.

When a developer from Team B contributes to Team A's code, they learn how Team A's system works. They bring that knowledge back to Team B. Over time, this cross-pollination creates an organization where knowledge is distributed, not hoarded.

Spread Knowledge

In a traditional organization, knowledge about a system lives in the heads of the team that owns it. When that team has turnover, the knowledge is lost. Inner source spreads knowledge by having multiple teams contribute to and understand the same codebase.

This also improves code quality. When code is written to be understood by people outside the team, it tends to be better documented, better structured, and better tested. The same phenomenon occurs in open source: projects that attract external contributors tend to have cleaner codebases than internal-only projects.

Accelerate Development

The most direct benefit is speed. When Team B can make the change they need in Team A's code without waiting, projects move faster. The bottleneck shifts from "waiting for another team" to "submitting a good pull request."

Real-world impact at companies practicing inner source:
- Cross-team changes completed in days instead of weeks
- Reduced ticket backlog for platform teams
- Faster onboarding (new engineers can read any codebase)
- Fewer duplicated libraries and services
- Better documentation across the organization

The Culture Change

Inner source is fundamentally a culture change, not a tooling change. The tools (Git, pull requests, code review) already exist in most companies. What needs to change is how teams think about code ownership.

From Ownership to Stewardship

In traditional organizations, a team "owns" its code the way a homeowner owns a house. They decide everything. No one else touches it. Inner source shifts this to stewardship: the team maintains the code but welcomes contributions from others, much like a park maintained by the city but used by everyone.

Ownership mindset:
  "This is our code. File a ticket."

Stewardship mindset:
  "This is code we maintain. PRs welcome."

From Gates to Guidelines

Traditional organizations use gates: tickets, approvals, planning meetings. Inner source replaces some of these gates with guidelines: contributing guides, coding standards, and review processes. The barrier to contribution drops from "get on our roadmap" to "follow our contributing guide and submit a PR."

From Need-to-Know to Open-by-Default

Most companies default to restricting access. Code repositories are visible only to the owning team. Inner source flips this default: code is visible to everyone unless there is a specific reason to restrict it (security credentials, compliance requirements).

Where Inner Source Works Best

Inner source does not work equally well everywhere. It thrives in specific conditions:

Good candidates for inner source:
- Shared libraries and SDKs
- Internal developer tools
- Platform services used by many teams
- Configuration and infrastructure code
- Documentation and runbooks

Poor candidates for inner source:
- Highly regulated code requiring strict access control
- Code with embedded secrets or credentials
- Experimental prototypes not ready for external contribution
- Code so specialized that only one team can meaningfully contribute

Real-World Adoption

Inner source is practiced at many large technology companies:

  • PayPal was one of the earliest advocates, sharing their inner source journey publicly through the InnerSource Commons foundation
  • Microsoft transformed from a closed-source culture to one where thousands of internal repositories accept cross-team contributions
  • Bloomberg adopted inner source practices to reduce duplication across their engineering teams
  • Bosch brought inner source to a manufacturing company, demonstrating that the model works outside pure tech companies
  • Europace (a German fintech) adopted inner source to improve collaboration between product teams

The InnerSource Commons foundation, established in 2015, documents patterns and practices across these and other organizations.

Inner Source vs. Other Approaches

Understanding what inner source replaces helps clarify its value:

Compared to Shared Libraries

Shared libraries are code shared across teams, but typically owned and maintained by a single team. Other teams consume the library but do not contribute to it. Inner source extends this model by allowing consumers to contribute fixes and features.

Shared library:      Team A maintains, Teams B/C/D consume
Inner source:        Team A maintains, Teams B/C/D consume AND contribute

Compared to Platform Teams

Platform teams build internal tools and services for other teams. They are the sole developers. Inner source allows the consuming teams to contribute directly, reducing the platform team's backlog and increasing their capacity.

Platform team model:
  "We build it, you use it, file a ticket if you need something"

Inner source platform model:
  "We build and maintain it, you use it AND contribute to it"

Compared to Microservices Ownership

In a microservices architecture, each team owns its services entirely. Cross-service changes require coordination between teams. Inner source makes this coordination smoother: instead of asking another team to change their service, you submit a PR to their service.

Getting Started

For organizations considering inner source, the first step is not technical. It is identifying a willing team with a codebase that other teams frequently need changes in. This creates a natural first candidate for inner source. The second step is appointing a trusted committer and writing a contributing guide. Everything else follows from these foundations.

Inner source readiness checklist:
- At least one team willing to accept external contributions
- Code hosted in an internally accessible repository
- A trusted committer designated to review external PRs
- A CONTRIBUTING.md written for cross-team contributors
- Management willing to allocate time for cross-team work
- A communication channel for questions (Slack, Teams)

Common Pitfalls

  • Treating inner source as a tooling problem. Installing GitHub Enterprise does not create inner source culture. The tools are necessary but not sufficient.
  • Making it mandatory. Forcing teams to accept contributions breeds resentment. Inner source works when teams opt in because they see the value.
  • Expecting immediate results. Culture change takes months to years. The first cross-team PR is a milestone, not a finish line.
  • Ignoring the incentive problem. If performance reviews only reward work on "your" team's code, nobody will contribute to other teams. Incentives must align with the desired behavior.
  • Starting too big. Attempting to make every repository inner source at once overwhelms teams. Start with one willing team and one project, prove the value, then expand.
  • Forgetting documentation. If the contributing guide does not exist, external contributors cannot contribute. Documentation is the on-ramp.

Key Takeaways

  • Inner source applies open source practices (pull requests, contributing guides, code review) inside a company, enabling cross-team contributions without exposing proprietary code.
  • The primary benefits are reducing duplication, breaking silos, spreading knowledge, and accelerating development by eliminating cross-team waiting.
  • Inner source is a culture change, not a tooling change. The shift from code ownership to code stewardship is the hardest part.
  • It works best for shared libraries, platform services, internal tools, and infrastructure code where multiple teams have a stake.
  • Starting small with one willing team and one project is more effective than a company-wide mandate.
  • Companies like PayPal, Microsoft, Bloomberg, and Bosch have demonstrated that inner source works in diverse organizational contexts.