Technology Discovery

LeanIX enables you to automate technology discovery of self built software by integrating into your developer tool chain via APIs. Thereby it provides an updated tech stack inventory, allowing real-time risk mitigation and compliance.

Introduction

🚧

Early Adopter Release

This feature is currently in early adopter release and may not be available to all customers.

LeanIX offers a comprehensive solution for technology discovery by automatically identifying and cataloging key self-built technological artifacts such as microservices, associated software components (Software Bill of Materials (SBOM)), and tech stacks across the organization's IT landscape.

  • Microservice discovery: LeanIX enables you to automatically identify and catalog self-built software by integrating with source code repositories, container registries, or other sources of software artifacts. For SCM systems (e.g. GitHub) config-as-code enables developers to manage microservice data directly through a YAML file (Manifest file) stored in their Git repository root. This allows developers to seamlessly contribute to the technology inventory in LeanIX without having to context switch.
    As developers update the manifest file to reflect changes in the microservices metadata, LeanIX automatically detects these changes and updates its catalog accordingly. This ensures that the organization has an up-to-date inventory of all self-built software. Discovered microservices are automatically cataloged in the LeanIX inventory, with corresponding fact sheets created or updated as needed. To learn more, see Microservice Discovery Through a Manifest File in our developer documentation.

  • Software components discovery: The process of discovering software components used in self-built software (e.g. microservices) can be facilitated by the use of SBOM files (we support both CycloneDX and SPDX). With developer-friendly GraphQL API, LeanIX allows you to ingest SBOMs from various points in your Software Development Lifecycle (SLDC), such as container registries, CI/CD pipelines, security tooling, and SCM tools like GitLab, Bitbucket, GitHub, and more. These integrations enable LeanIX to automatically ingest SBOM data generated during the build process of your self-built software ensuring a near real-time view of your software composition. For more information, see Generating a Software Bill of Materials (SBOM) in our developer documentation or the Software Bill of Materials view.

  • Tech stack discovery: LeanIX uses a curated reference catalog to match detailed SBOM components with tech stack frameworks. For more information, see Technology Standards Management. This process enables LeanIX to automatically detect tech stacks (as IT components linked to the microservice), with current support for identifying programming languages and database technologies associated with microservices. The automatic and continuous detection and cataloging of tech stacks lets you focus on streamlining your organization's technology stack. The tech radar report aids this streamlining effort through a visual representation of your technology landscape. To learn more, see Radar Report.

    Microservice Fact Sheet and Associated IT Components

    View of Self Built Data Lineage via Relations Explorer

Benefits

  • Up-to-date technology artifacts inventory: Technology inventory remains current ensuring that you have real-time insights into your IT landscape from self-built software, allowing for informed decision-making and proactive management.
  • Automatic tech stack discovery for improved technology governance: By automatically discovering tech stacks by analyzing SBOM information, you get accurate and dependable insights into your organization's technology stack. This reduces the manual and cumbersome intake and frees resources to focus on establishing clear architectural governance guardrails (via Radar Report) of the organization's tech stack, which in decentral development organizations is volatile and fast-paced.
  • Enhanced risk mitigation: Tracking the usage of third-party components within your applications in business context enables you to assess and mitigate risks associated with cybersecurity incidents, such as log4j or SolarWinds, and also effectively manage legal infringements (e.g. use of restrictive licenses) your the software supply chain.

Meta Model Extension

Technology Risk and Compliance extends the meta model by adding the microservice fact sheet subtype, along with additional fields and relationships that offer more context about each microservice. The meta model extension as part of Technology Risk and Compliance includes the following:

  • Microservice fact sheet subtype to capture microservices as application subtype.
  • Relation between microservice and business application fact sheet subtypes to indicate which business application uses a specific microservice.
  • Relation between microservice and team fact sheet subtypes to capture which team uses a specific microservice.
  • Fields that provide more context about discovered microservices:
    • Repository Status: indicates if the underlying git repository is active or inactive
    • Repository Visibility: indicating if the underlying git repository is internal, public, or private
    • Repository URL: the URL of the underlying git repository
    • Technology Discovery ID: holds the external ID that uniquely identifies the microservice in an external source (e.g., GitHub).
    • Is SBOM attached: to indicate whether an SBOM is linked to the fact sheet. The number of SBOM components linked to the fact sheet is shown on the right side pane of the fact sheet.

🚧

Caution

The fields mentioned above are essential for the functioning of features and should not be deleted. However, you can perform other actions, such as changing their positions on the fact sheet or hiding them, without any issues.

Fields to Provide More Context to The Discovered Microservice

Fields to Provide More Context to the Discovered Microservice


📘

Visibility of Fields

Getting Started with Technology Discovery

To get started with technology discovery, follow these key steps:

  1. Import microservices and their SBOMs: set up an integration through the GraphQL API.
    1. Microservice discovery: if you are integrating from your SCM we encourage you to follow the config-as-code approach. Else use GraphQL API to create an integration to any other source system that holds microservice data.
    2. SBOM: if you don't have an existing SBOM process yet refer to our developer documentation on generating SBOMs. Find more technical guidance also in our developer documentation Technology Standards Management: Microservice Discovery. Use the Technology Discovery API to attach SBOMs (CycloneDX and SPDX) to your previously discovered microservices.
  2. Analyze the use of software components in your organizational context: use the Software Bill of Materials view. To learn more, see Software Bill of Materials.
  3. Streamline technology standards across your entire organization: use the automatic technology stack discovery from ingested SBOMs with the tech radar report. For more information, see Radar Report.

Next Step

To learn more on how to set up technology discovery, see Technology Standards Management: Microservice Discovery in our developer documentation.