If you do it right, your VSM journey is never complete. We believe that transformation is continuous, and that use cases will emerge over and over. Key to a successful VSM onboarding & maintenance is a clear methodology.
It is tempting to get lost in technology & discovery. However, successful VSM implementations always start from the end - what is it that you want to achieve?
- A concise Service Catalog?
- 50% less time in your teams for Vulnerability Management?
- Introduction of DORA as framework for Development Efficiency?
In 90% of the cases, it's recommended to start initially with Software & Cloud Service Discovery - Teams & Software Artifacts will be the backbones of your VSM journey.
It's possible to start with API Catalog, but then make sure to either transition to business or team mapping soon to get value out of the discovery.
In your initial discovery, typically the choice is:
Check with your CI/CD pipeline expert to understand the effort - if you can hook into your pipeline centrally, great. If it's effort for every team, CI/CD might not be the ideal start, as you want to convince your teams of the value early on.
Check with your operation experts - if e.g. a clear tagging strategy or account segregation is already in place, then starting out runtime-based is promising.
The team mapping is potential the most critical point in your early VSM journey. You can decide whether you run after the data quality, or whether you can involve a distributed group. Populate your Team Structure gives you a nice tutorial on how to map your teams.
Eventually, you want to automate team-mapping, e.g. with Github topics - but maybe it's easier to get started manually to achieve results faster
Once you have an initial service catalog, the following describes your most important options:
- Extend the catalog - adding different sources will enrich the outcome
- Embrace APIs - API Catalog gives you a nice overview
- Map into business context - see Business Alignment
- Seek simplification of governance & vulnerability handling - Manage Vulnerabilities & Compliance
- Venture towards measuring engineering efficiency - Engineering Efficiency
Updated 3 months ago