Tech Stack Governance

Discover, understand and develop your Tech Stack effectively.

To create a healthy Tech Stack for your organization enterprise architects and engineering managers need to collaborate to create a joint understanding of the current usage and decide on the desired state of the Tech Stack.

Why do Engineering Managers and Enterprise Architects both need Tech Stack Governance?

  1. Missing Transparency and Oversight: Tech stack governance is essential for enterprise architects and engineering managers because it provides transparency and oversight into the technologies actually in use across the organization.
  2. Risk of Exposure to Vulnerabilities: Outdated or unsupported technologies that remain in production can become security liabilities, making it crucial for architects and managers to enforce policies that ensure timely updates, patches, and security measures are implemented.
  3. Old Versions of Major Technologies in Production: Without oversight and governance, teams may be hesitant to upgrade, resulting in technical debt and compatibility problems that hinder innovation and agility.
  4. Technical Sprawl: Numerous technologies are deployed for the same purpose without clear reasons or strategic alignment. Governance helps streamline technology choices, promoting a more coherent and cost-effective Tech Stack that aligns with business objectives.
  5. No Clear Process for Technology Assessments: Enterprise architects and engineering managers need governance frameworks to ensure systematic evaluations, pilot testing, and decision-making criteria are in place, helping the organization make informed choices about technology adoption.

What is Tech Stack and Tech Stack Governance

Tech Stack

Tech Stack refers to the combination of software, programming languages, frameworks, and tools that developers use to build and run a specific software application or system. It encompasses both the frontend and backend components and is chosen based on the requirements and goals of the project, as well as considerations such as performance, scalability, and compatibility.

Recommended Tech Stack Categorization

There are different types of Tech Stacks. To make it easier to compare and assess different technologies we recommend four categories:

  1. Tooling: All the supporting tools that help to develop software that is not part of the actual product. Examples: GitHub, PagerDuty, Snyk
  2. Languages & Frameworks: The code. Examples: Java, Angular, React.
  3. Data management & storage: How data is processed, searched, and stored. Examples: Hasura, Azure PostgreSQL Server, AWS DynamoDB
  4. Infrastructure: Where and how the code is run. Examples: Kubernetes, Azure Kubernetes Engine, AWS Lambda

These categories are adapted from the Zalando Tech Radar

Tech Radar and Technology Assessment

Technology Assessments involve the systematic evaluation of various technologies, tools, frameworks, or software solutions to determine their suitability for adoption within an organization. These assessments typically consider factors such as functionality, scalability, security, cost, and alignment with business goals. They help organizations make informed decisions about which technologies to use in their Tech Stack.

A Tech Radar is a visual representation that communicates the outcomes of technology assessments. It categorizes technologies into different rings, such as "Adopt," "Trial," "Assess," and "Hold." Technologies in the "Adopt" ring are recommended for widespread adoption, those in "Trial" are being experimented with, "Assess" indicates further evaluation is needed, and "Hold" suggests technologies that should be phased out or avoided. The Tech Radar provides a clear overview of the technology landscape and helps guide decision-makers on technology choices and strategies.

[Open Source Example by Zalando](https://opensource.zalando.com/tech-radar/)

Open Source Example by Zalando

How do you utilize VSM and EAM to ensure Tech Stack Governance?

In order to set up Tech Stack Governance for your organization the following four steps need to be fulfilled.

  1. Discover the current state of the Tech Stack
  2. Add necessary context to the data.
  3. Sync the data to the EAM workspace.
  4. Assess technologies and create a tech radar.

Step 1: Discover the current state of the Tech Stack

Tech Stack is a collection of different components that can come from various sources (e.g. code repos, SBOMs, Cloud resources and Intergation Tools) and therefore, a full picture will only be achieved by bringing data together from various sources.

Currently, we support the discovery of Languages & Frameworks via the Library data in VSM workspaces. This data in turn is produced through ingested CycloneDX SBOMs. This means that if you are already adding SBOMs to your VSM services you don't need to do any additional integrations to receive Libraries and Frameworks. If not, consider this another benefit to setting up a Software Bill of Materials process for your company with VSM.

πŸ“˜

What about other data sources?

Additional data sources for Tech Stack discovery will follow soon. Visit our roadmap to find out more.

Step 2: Add necessary context to the data

Tech Stacks are only valuable if you know:

  • Which Teams are using them?
  • Which Services are they built into?
  • And which Products/Applications are affected by them?

This context is automatically created if you have mapped and contextualized your services already.

Step 3 Sync the data to the EAM workspace

The integration of EAM and VSM allows you to bring Tech Stack items from VSM into EAM as IT Components. If you have Tech Stacks related to Products in VSM, the integration will create links between the respective Application and IT Component in EAM. (Note: relations between Tech Stack and Product are automatically created by the system based on relations between Services and Products).

If you haven't set up the integration, follow this guide to complete the entire setup.

For active users of the integration, simply enable the Tech Stack Discovery on the integration setup of your EAM workspace.

Step 4 Assess technologies and create a tech radar

To create a technology assessment that results in a tech radar report you need two tag groups on your IT Components:

  1. Tag Group: "Technology radar - Quadrant" with exactly four categories that resemble the categories of your tech radar. We recommend the categories automatically discovered by VSM (see above).
  2. Tag Group: "Technology radar - Ring" with the following tag values: "Hold", "Incubating", "Emerging", "Mature"

Once you have these in place, start assessing the technologies (i.e. IT Components) together with the Architects and Engineering Managers.

To see the results of your assessment in a Report download the Technology Radar report from the LeanIX Store and install it as a custom report. Once the report is enabled your rated IT Components will show up.

πŸ“˜

Partner Reports

We are currently relying on the custom report built by our partner Incowia. The free version of the report can be used by any LeanIX customer. For additional features on the report approach us or the partner directly.