Virtualization Technology News and Information
Article
RSS
Engineering Governance in Backstage: Building Strong Frameworks for Consistency and Accountability

Effective engineering governance is crucial for organizations as they scale. Governance in software organizations often focuses on formalizing how code is written, systems are designed, and processes are executed. It ensures consistency in decision-making, accountability, and alignment with company goals. Governance frameworks allow teams to coordinate and create secure, maintainable software while adhering to agreed standards but for too long they relied on manually collected metrics or hand-rolled systems.

As a well-supported open source Internal Developer Portal, Backstage affords the luxury of automating governance to provide simple, easy-to-digest dashboards of information for leadership and governance groups.

Establishing Governance Standards

Defining governance standards requires collaborative discussions across teams and alignment with industry best practices like OWASP Top 10 for security or WCAG for accessibility. Clear roles and responsibilities must be established to ensure standards are enforced, particularly through the involvement of engineering leadership or an architecture guild that champions the governance process.

Strategies for Effective Engineering Governance

  1. Leverage existing frameworks: Begin with your current Software Development Lifecycle (SDLC) and industry standards to frame governance guidelines. These serve as a baseline and help avoid subjective debates.
  2. Appoint a group and collaborate across teams: Governance thrives on inclusivity. Involve engineers, product managers, and operations teams in the creation and review of standards. Workshops are a great way to align on priorities and come to a consensus.
  3. Automate your metrics: No one likes the busywork of gathering metrics. Automate everything. The only way to stay on top of the way in which your software is being developed is through continuous, computational governance. That's where Backstage comes in.

Governance Scorecards and Checks

Governance frameworks are actionable when they incorporate scorecards and checks to measure adherence. They're actionable at scale when they're fully automated.

Backstage has an open source plugin called Tech Insights which allows you to create the Scorecards, Checks and Data Sources to automate collection of governance standards data.

Scorecards group governance objectives (like Security or Performance), while Checks are concrete, verifiable conditions (e.g., "service must have at least one health check"). Data Sources grab information from third party sources like Snyk, GitHub, AWS, etc - essentially any services with an API.

Automating these checks allows for ongoing compliance without manual intervention.

Automating and Visualizing Governance

That data can then be visualized in a custom frontend plugin within Backstage or via third party service. This maintains a consistent and useful flow of information upwards to governance teams across all of the services in the Backstage Catalog in real-time.

Simplifying Actions to get Teams Back into Compliance

The final goal of governance is to make adherence to standards straightforward. Development teams should have minimal barriers to meet governance standards. Automation, documentation, and reusable templates can streamline governance adoption and make compliance more achievable for teams.

Backstage TechDocs is a useful tool here to document the expected standards services must meet, as is Tech Insights for showing teams when they're not aligned with what the organisation expects.

Templates are the stars here though. Centralized teams like Platform, DevOps, DevEx or even the development teams themselves can create one or more templates to help teams get from A to B.

Taking the simple example of branch protection on a repository, a quick template can be written by one team and then for each team without branch protection enabled on their repositories can do so with a single click from inside Backstage.

Doing it all with Backstage

By leveraging the power of Backstage and automating governance checks with tools like Tech Insights, organizations can enforce governance standards at scale, provide real-time visibility into compliance, and streamline development workflows - all without the manual effort of gathering metrics by hand.

To learn more about Kubernetes and the cloud native ecosystem, join us at KubeCon + CloudNativeCon North America, in Salt Lake City, Utah, on November 12-15, 2024. 

##

ABOUT THE AUTHOR

Sam Nixon, Product at Roadie

Sam-Nixon 

Sam is a Engineer, Developer Advocate and Product Manager, currently at roadie.io. He helps technology organizations increase their engineering effectiveness through Backstage. He is a regular speaker at technical conferences and is a contributor to both OSS projects and the CNCF Certified Backstage Associate programme. He is interested in the emergence of new tools that make the task of operating large complex software systems more manageable.

Published Thursday, October 10, 2024 7:30 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<October 2024>
SuMoTuWeThFrSa
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789