Technology Standards Management Capabilities
SAP LeanIX Technology Risk and Compliance facilitates inventorizing the technology landscape, provides comprehensive visibility, and helps you derive data-driven decisions to standardize the technology landscape.
Early Adopter Release
This feature is currently in early adopter release and may not be available to all customers.
Introduction
Organizations face several challenges in managing their tech landscape:
- Obsolescence and vulnerability risks due to tech sprawl: A sprawling, unstructured tech landscape makes it harder to track outdated technologies, increasing the risk of unmaintained and insecure technologies in the environment.
- Increased incident mitigation costs due to low visibility: Without clear insights into the technology landscape, addressing incidents becomes more challenging and costly as teams spend more time diagnosing and resolving issues.
- Improve technology reuse: When tech adoption is governed by disjoined standards and priorities, systems integrate poorly with one another, leading to incompatibilities between your self-built software and the rest of your systems.
SAP LeanIX Technology Risk and Compliance addresses such issues by helping you optimize your technology stack to avoid tech sprawl, complexity, and inefficiencies and establish technology standards.
SAP LeanIX Technology Risk and Compliance extends technology discovery to include self-built software. With the automatic discovery and inventorizing of microservices, software bill of materials (SBOMs), and technologies (frameworks and programming languages), enterprise architects gain a comprehensive understanding of their self-built software landscape. This allows for better adoption and management of technology standards by enabling the categorization and analysis of open-source components, ultimately optimizing and standardizing the organization’s tech stack for strategic alignment and operational efficiency.
SAP LeanIX Technology Risk and Compliance extends the meta model by adding the microservice fact sheet subtype, along with additional fields and relationships that offer more context about each microservice.
Tech Stack Discovery with SAP LeanIX Technology Risk and Compliance
Technology Standards Management Capabilities
The following table provides an overview of features related to managing technology standards.
| Feature | Capabilities for Technology Standards Management |
|---|---|
| Integration with ServiceNow | Automated discovery of IT components Real-time mapping and up-to-date visualization of the relationship between applications and underlying technology, providing enhanced risk visibility |
| Self-built software discovery | Microservice discovery using a manifest file Technology Discovery API for SBOM ingestion Auto-detecting programming frameworks and database technologies derived from SBOM data and creating IT components of type software linked to the microservice |
| SBOM Explorer | During cybersecurity incidents like log4j or SolarWinds, quickly identify the affected blast radius, such as microservices, applications, business capabilities, teams, etc., to effectively address the issues. Analyze how software components are used in your technology portfolio to understand the risks associated with self-built software in the business context to drive impactful IT transformation |
| Extension of meta model | Extension of the meta model with a microservice fact sheet subtype, linking microservices to business applications and teams. It also adds fields for Git repository details and SBOM linkage, providing comprehensive insights into each microservice’s context and dependencies. |
Getting Started
Discover self-built software components and automate inventory building: SAP LeanIX Technology Risk and Compliance allows you to automatically discover and build an inventory of self-built software components such as microservices and underlying IT components. It leverages Software Bill of Materials (SBOMs) and developer libraries already in use by systematically pulling in data from engineering sources through the Technology Discovery API. The continuous update capability allows teams to efficiently bring in SBOMs and ensure their software inventory stays current. To learn more, see Self-Built Software Discovery.
Understand complex tech architecture: Tech stacks are automatically identified from granular SBOM data by matching libraries against a curated tech stack catalog. If a library matches a tech stack, an IT component is generated and linked to a relevant microservice. In essence, libraries are aggregated as many libraries can match a single tech stack. Currently, the tech stack discovery supports the discovery of frameworks and databases. To learn more, see Tech Stack Discovery from SBOMs.
lt helps you understand complex technical architecture, including service-to-service dependencies and API utilization, so you can manage the lifecycle of your own builds and strengthen your competitive edge.
Understand dependencies between self-built software and critical teams and products: SAP LeanIX Technology Risk and Compliance extends the meta model by adding the microservice fact sheet subtype, along with additional fields and relationships. This allows you to relate various architectural elements and understand dependencies in the business context. To learn more, see Meta Model Extension.
View of Self-Built Data Lineage via Relations Explorer
Identify software vulnerability: The SBOM components are linked to the microservices, and it allows you to investigate the SBOM components in their business context. Using the SBOM explorer, investigate open-source and third-party component usage across applications and teams, instantly identify vulnerabilities during cybersecurity incidents, and quickly implement risk mitigation actions. It also helps prevent legal issues by identifying unauthorized use of licenses. To learn more, see SBOM Explorer.
Relate the risk assessment to the business level: Increase visibility into the structure and provenance of self-built software and relate the risk assessments to the business level by making use of relevant reports. This enables leadership to better understand how technology risks impact business operations, allowing for more informed decision-making.
Establish technology standards: By establishing technology standards, you can ensure your technology stack remains relevant, containing only necessary, efficient, and beneficial technologies.
-
With full visibility into your tech landscape, you can define a framework that addresses obsolescence risk, compliance, and security standards. Effective tech stack governance begins with the adoption of clear technical standards.
-
Analyze the use of open-source components in their business context and decide which technologies to adopt, trial, assess, or move away from using technology assessment attributes on the IT component fact sheet. The assessment methodology is inspired by the Technology Radar from Thoughtworks.
Technology Assessment Fields in IT Component Fact Sheet
-
Broadcast your adoption decisions with a best-practice tech radar report to encourage standards adoption. It allows you to easily engage all stakeholders in leadership and the developer community to comply with the adopted standards. High engagement from the development team strengthens tech standards adoption, proactive risk management, and tech governance.
Technology Radar Report to Broadcast Adoption Decisions
Updated 9 days ago