Effective engineering governance is
crucial for organizations as they scale. Governance in software organizations
often focuses on formalizing how code is written, systems are designed, and
processes are executed. It ensures consistency in decision-making,
accountability, and alignment with company goals. Governance frameworks allow
teams to coordinate and create secure, maintainable software while adhering to
agreed standards but for too long they relied on manually collected metrics or
hand-rolled systems.
As a well-supported open source Internal
Developer Portal, Backstage
affords the luxury of automating governance to provide simple, easy-to-digest
dashboards of information for leadership and governance groups.
Establishing Governance
Standards
Defining governance standards requires
collaborative discussions across teams and alignment with industry best
practices like OWASP
Top 10 for security or WCAG for accessibility. Clear roles and
responsibilities must be established to ensure standards are enforced,
particularly through the involvement of engineering leadership or an architecture guild that champions the
governance process.
Strategies for Effective
Engineering Governance
- Leverage existing
frameworks: Begin with your current Software
Development Lifecycle (SDLC) and industry standards to frame
governance guidelines. These serve as a baseline and help avoid subjective
debates.
- Appoint a group and collaborate across teams: Governance thrives on inclusivity. Involve engineers, product
managers, and operations teams in the creation and review of standards.
Workshops are a great way to align on priorities and come to a consensus.
- Automate your metrics: No one likes the busywork of gathering metrics. Automate
everything. The only way to stay on top of the way in which your software
is being developed is through continuous, computational governance. That's
where Backstage comes in.
Governance Scorecards and
Checks
Governance frameworks are actionable when
they incorporate scorecards and checks to measure adherence. They're actionable
at scale when they're fully automated.
Backstage has an open source plugin
called Tech Insights which allows you to create the
Scorecards, Checks and Data Sources to automate collection of governance
standards data.
Scorecards group governance objectives
(like Security or Performance), while Checks are concrete, verifiable
conditions (e.g., "service must have at least one health check").
Data Sources grab information from third party sources like Snyk, GitHub, AWS,
etc - essentially any services with an API.
Automating these checks allows for
ongoing compliance without manual intervention.
Automating and
Visualizing Governance
That data can then be visualized in a
custom frontend plugin within Backstage or via third party service. This
maintains a consistent and useful flow of information upwards to governance
teams across all of the services in the Backstage Catalog in real-time.
Simplifying Actions to
get Teams Back into Compliance
The final goal of governance is to make
adherence to standards straightforward. Development teams should have minimal
barriers to meet governance standards. Automation, documentation, and reusable
templates can streamline governance adoption and make compliance more
achievable for teams.
Backstage TechDocs is a useful tool here
to document the expected standards services must meet, as is Tech Insights for
showing teams when they're not aligned with what the organisation expects.
Templates are the stars here though.
Centralized teams like Platform, DevOps, DevEx or even the development teams
themselves can create one or more templates to help teams get from A to B.
Taking the simple example of branch
protection on a repository, a quick template can be written by one team and
then for each team without branch protection enabled on their repositories can
do so with a single click from inside Backstage.
Doing it all with
Backstage
By leveraging the power of Backstage and
automating governance checks with tools like Tech Insights, organizations can
enforce governance standards at scale, provide real-time visibility into
compliance, and streamline development workflows - all without the manual
effort of gathering metrics by hand.
To learn more about
Kubernetes and the cloud native ecosystem, join us at KubeCon + CloudNativeCon North America, in Salt Lake City, Utah, on November 12-15,
2024.
##
ABOUT THE AUTHOR
Sam Nixon,
Product at Roadie
Sam is a Engineer,
Developer Advocate and Product Manager, currently at roadie.io. He helps technology organizations increase their
engineering effectiveness through Backstage. He is a regular speaker at
technical conferences and is a contributor to both OSS projects and the CNCF
Certified Backstage Associate programme. He is interested in the emergence of
new tools that make the task of operating large complex software systems more
manageable.