The EU-jurisdiction GitHub alternative for agencies under NIS2 — hosted Forgejo with CI/CD built in. No VPS to bring, none to babysit.
BorgMark is hosted Forgejo with the parts agencies actually need bolted in — so you adopt it in an afternoon, not a quarter.
The open-source Git platform your team already knows. Pull requests, issues, code review, mirroring — nothing to relearn.
Build runners are included and managed. No Hetzner box to provision, patch, or explain in an audit. Push, and it runs.
Repositories, artifacts and logs stay on EU infrastructure under EU jurisdiction. A location you can name in a contract.
Standard Git underneath and an open-source core means your exit is a clone away. Auditable, not a black box.
Mirror in from GitHub or GitLab with history, issues and CI intact. Move one client project, or all of them.
SAML/OIDC sign-in and hard org boundaries, so each client's code stays walled off — the way their security team expects.
Source, runners, artifacts and logs all stay on EU infrastructure. There's no hidden hop to a US region, and nothing for you to wire up to make that true.
Banks, insurers and energy operators are pushing jurisdiction questions down to their suppliers. As their agency, that question now lands on your desk — and "it's on GitHub" needs a longer answer than it used to.
EU case law has made lawful data transfer to US-controlled tooling a question their legal teams now ask in writing.
US-parented providers can be subject to US legal process even when data sits on European disks. The question on the form is jurisdiction, not the data centre's address.
Regulated clients have to account for their suppliers' security posture. Your toolchain shows up in their audit — so it has to hold up.
The actual line items that stall agency deals with regulated clients — and what BorgMark lets you write in the box.
Start with a 14-day full-access trial on Walled Garden. Step up to Sovereign Fortress when your clients require dedicated infrastructure.
For 5–15 person agencies. Your own organisation, fully isolated on EU infrastructure.
For agencies serving banks, healthcare or government. Dedicated infrastructure when the questionnaire calls for it.
Everything in Walled Garden, plus:
Yes — the open-source Forgejo forge, hosted and operated by us in the EU, with managed CI runners and the agency-grade access controls bolted on. No proprietary fork you'd be stuck with.
Yes. Repos mirror in with full history; issues and pipelines come across. You can move a single stuck client project first and expand from there.
On EU infrastructure, in a region we name in your contract. No replication to non-EU regions, and the build pipeline runs in the same jurisdiction.
Only under EU legal process. There's no US parent company, so the US CLOUD Act doesn't reach it — which is the point you can put in writing for clients.
It removes a recurring finding: an externally-controlled toolchain under foreign jurisdiction. It's not a certificate by itself, but it's an answer your client's auditor accepts.
Standard Git plus open formats means a full export on demand. Your exit cost is a clone, not a renegotiation.
Sign up on Walled Garden for a 14-day full-access trial. For Sovereign Fortress, we'll provision your dedicated tenant — talk to us first.