-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvol27 copy.csv
We can make this file beautiful and searchable if this error is corrected: Any value after quoted field isn't allowed in line 16.
116 lines (113 loc) · 109 KB
/
vol27 copy.csv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
name,ring,quadrant,isNew,description
Path-to-production mapping,Adopt,Techniques,TRUE,"<p>Although <strong>path-to-production mapping</strong> has been a near-universal practice at Thoughtworks since codifying <em><a href=""https://www.amazon.com/Continuous-Delivery-Deployment-Automation-Addison-Wesley/dp/0321601912"">Continuous Delivery</a></em>, we often come across organizations unfamiliar with the practice. The activity is most often done in a workshop with a cross-functional group of people — that includes everyone involved in designing, developing, releasing and operating the software — around a shared whiteboard (or virtual equivalent). First, the steps in the process are listed in order, from the developer workstation all the way to production. Then, a facilitated session is used to capture further information and pain points. The most common technique we see is based on <a href=""https://en.wikipedia.org/wiki/Value-stream_mapping"">value-stream mapping</a>, although plenty of <a href=""https://caroli.org/en/path-to-production/"">process map</a> variants are equally valuable. The activity is often eye-opening for many of the participants, as they identify delays, risks and inconsistencies and continue to use the visual representation for the continuous improvement of the build and deploy process. We consider this technique so foundational that we were surprised to discover we hadn't blipped it before.</p>"
Team cognitive load,Adopt,Techniques,TRUE,"<p>Team interaction is a key concept when redesigning an organization for business agility and speed. These interactions will be reflected in the software being built (see <a href=""https://www.thoughtworks.com/about-us/news/2021/latest-thoughtworks-technology-radar-proclaims---embrace-conway-"">Conway's Law</a>) and indicate how effectively teams can autonomously deliver value to their customers. Our advice is to be intentional about how teams are designed and how they interact. Because we believe that organizational design and team interactions evolve over time, we think it's particularly important to measure and keep track of the <strong>team cognitive load</strong>, which indicates how easy or difficult teams find building, testing and maintaining their services. We've been using a <a href=""https://github.com/TeamTopologies/Team-Cognitive-Load-Assessment"">template</a> to assess team cognitive load that is based on ideas by the authors of the <em><a href=""https://teamtopologies.com/book"">Team Topologies</a></em> book.</p>
<p>We continue to be impressed by the positive impact of applying this book's concepts when communicating to clients and redesigning organizations. The authors recommend a simple but powerful approach to organizational design, identifying just four types of teams and three modes of interaction; this helps reduce ambiguity within the organization and provides a common vocabulary for teams, stakeholders and leadership to describe and design a team's work. To implement an org design change, we design the ideal to-be team topologies structure, apply any technical/staffing constraints (i.e., not enough employees) and then end up with the final to-be structure. That allows us to better advise clients and anticipate whether we're indeed improving cognitive load by comparing the as-is/to-be team structures.</p>"
Threat modeling,Adopt,Techniques,TRUE,"<p>We continue to recommend that teams carry out <strong><a href=""https://www.owasp.org/index.php/Category:Threat_Modeling"">threat modeling</a></strong> — a set of techniques to help you identify and classify potential threats during the development process — but we want to emphasize that this is not a one-off activity only done at the start of projects; teams need to avoid the <a href=""/radar/techniques/security-sandwich"">security sandwich</a>. This is because throughout the lifetime of any software, new threats will emerge and existing ones will continue to evolve thanks to external events and ongoing changes to requirements and architecture. This means that threat modeling needs to be repeated periodically — the frequency of repetition will depend on the circumstances and will need to consider factors such as the cost of running the exercise and the potential risk to the business. When used in conjunction with other techniques, such as establishing cross-functional security requirements to address common risks in the project's technologies and using automated security scanners, threat modeling can be a powerful asset.</p>"
BERT,Trial,Techniques,TRUE,"<p>Since we last talked about <strong><a href=""https://arxiv.org/abs/1810.04805"">BERT</a></strong> (Bidirectional Encoder Representations from Transformers) in the Radar, our teams have successfully used it in a few natural language processing (NLP) projects. In one of our engagements, we observed significant improvements when we switched from the default BERT tokenizer to a domain-trained word-piece tokenizer for queries that contain nouns like brand names or dimensions. Although NLP has several new transformer models, BERT is well understood with good documentation and a vibrant community, and we continue to find it effective in an enterprise NLP context.</p>"
Component visual regression testing,Trial,Techniques,TRUE,"<p><a href=""/radar/tools/visual-regression-testing-tools"">Visual regression testing</a> is a useful and powerful tool to have in your toolbox, but it has a significant cost given it's done for the entire page. With the rise of component-based frameworks such as <a href=""/radar/languages-and-frameworks/react-js"">React</a> and <a href=""/radar/languages-and-frameworks/vue-js"">Vue</a>, we've also seen the rise of <strong>component visual regression testing</strong>. This technique strikes a good balance between value and cost to ensure that no undesired visuals have been added to the application. In our experience, component visual regression testing presents fewer false positives and promotes a good architectural style. By using it with tools such as <a href=""https://github.com/vitejs/vite"">Vite</a> and the webpack feature <a href=""https://webpack.js.org/guides/hot-module-replacement/"">Hot Module Replacement (HMR)</a>, it could be seen as a paradigm shift for applying test-driven development to front-end development.</p>"
Design tokens,Trial,Techniques,TRUE,"<p>When faced with the challenge of using a <a href=""/radar/techniques/design-systems"">design system</a> consistently across many form factors and platforms, the team at Salesforce came up with the concept of <strong><a href=""https://medium.com/salesforce-ux/living-design-system-3ab1f2280ef7#.r26jko9u3"">design tokens</a></strong>. The tokens store values, such as colors and fonts, in one central place. This makes it possible to <a href=""https://medium.com/eightshapes-llc/tokens-in-design-systems-25dd82d58421"">separate options from decisions</a>, and it significantly improves <a href=""https://uxdesign.cc/design-tokens-for-dummies-8acebf010d71"">collaboration between teams</a>. Design tokens are not new, but with the introduction of tools like <a href=""/radar/languages-and-frameworks/tailwind-css"">Tailwind CSS</a> and <a href=""https://amzn.github.io/style-dictionary/#/"">Style Dictionary</a>, we see design tokens being used more often.</p>"
Fake SMTP server to test mail-sending,Trial,Techniques,TRUE,"<p>Using test email accounts or entire test SMTP (Single Mail Transfer Protocol) servers remains a common software testing practice. However, using a real server carries the risk that <a href=""https://www.usatoday.com/story/money/2021/06/18/hbo-max-integration-test-email-confusion/7744108002/"">test emails will be sent to real people</a> and often complicates automated integration testing. We've seen success using a <strong>fake SMTP server to test mail sending</strong>, which records a request to send an email without actually sending it. Multiple open-source tools exist in this space, including <a href=""https://github.com/gessnerfl/fake-smtp-server"">fake-smtp-server</a>, which renders emails in a web UI for visual testing, and <a href=""https://www.mbtest.org/"">mountebank</a>, which exposes the sent emails through a REST API for integration testing. We recommend exploring this technique to reduce risk and improve testing efficiency.</p>"
Federated machine learning,Trial,Techniques,TRUE,"<p>We're now seeing client projects that use <strong>federated machine learning</strong> (ML). Traditionally, ML model training has required data to be placed in a centralized location where the relevant training algorithm can be run. From a privacy point of view, this is problematic, especially when the training data contains sensitive or personally identifiable information; users might be reluctant to share data or local data protection legislation may prevent us from moving data to a central location. Federated ML is a decentralized technique for training on a large and diverse set of data that allows the data to remain remote — for example, on a user's device. Network bandwidth and the computational limitations of devices still present significant technical challenges, but we like the way federated ML leaves users in control of their own personal information.</p>"
Incremental developer platform,Trial,Techniques,TRUE,"<p>We've been writing about developer platforms and how to build them in almost every edition of the Radar since 2017. In the meantime, the <em><a href=""https://teamtopologies.com/book"">Team Topologies</a></em> book has also done a great job of describing the ideal of a platform that supports developers with ""self-service APIs, tools, services and knowledge."" However, we often see teams shooting for too much of that platform vision too fast. Instead, building an <strong>incremental developer platform</strong> is key.</p>
<p><em>Team Topologies</em> recommends to always strive for what they call the ""Thinnest Viable Platform"" necessary at any given stage, where the first version could even be just a set of documentation on a wiki. The next increment could increase the service level by providing templates or allowing teams to create pull requests. Further increments could then introduce self-service APIs, but only if valuable. In short, even though we've cautioned against fully <a href=""/radar/techniques/ticket-driven-platform-operating-models"">ticket-driven platform operating models</a>, going from zero to self-service is the other extreme. Pace yourself, <a href=""/radar/techniques/applying-product-management-to-internal-platforms"">treat your platform as a product</a> and build it up incrementally.</p>"
Micro frontends for mobile,Trial,Techniques,TRUE,"<p>Since introducing them in the Radar in 2016, we've seen widespread adoption of <a href=""/radar/techniques/micro-frontends"">micro frontends</a> for web UIs. Recently, however, we've seen projects extend this architectural style to include <strong>micro frontends for mobile</strong> apps as well. When an app becomes sufficiently large and complex, it becomes necessary to distribute the development over multiple teams. This presents a number of challenges around team autonomy, repository structures and integration frameworks. In the past we've mentioned <a href=""/radar/languages-and-frameworks/atlas-and-beehive"">Atlas and BeeHive</a>, but these frameworks failed to gain traction and are no longer in active development. More recent approaches include <a href=""https://github.com/tuist/tuist"">Tuist</a> or the <a href=""/radar/languages-and-frameworks/swift-package-manager"">Swift Package Manager</a> for integrating the work of multiple teams into a single app. But in our experience, teams often end up implementing their own framework for integration. While we definitely see a need for modularity in scaling up mobile development teams, the case for micro frontends is less certain. This is because while micro frontends imply a direct correspondence between teams and pages or components, this structure could end up blurring responsibilities for business domain contexts, thereby increasing <a href=""/radar/techniques/team-cognitive-load"">team cognitive load</a>. Our advice is to follow the basics of good, clean application design, embrace modularity when scaling up to multiple teams and adopt a micro frontend architecture only when the modules and the business domain are strongly aligned.</p>"
Observability for CI/CD pipelines,Trial,Techniques,TRUE,"<p>Observability practices have shifted the conversation from monitoring for well-understood problems to helping troubleshoot unknown problems in distributed systems. We've seen success taking that perspective outside of the traditional production environment by applying <strong>observability for CI/CD pipelines</strong> to help optimize testing and deployment bottlenecks. Complex pipelines create developer friction when they run too slow or suffer from nondeterminism, reducing important feedback loops and hindering developer effectiveness. Additionally, their role as critical deployment infrastructure creates stress points during periods of rapid deployments, as happened to several organizations responding to the recent log4shell vulnerability. The concept of traces translates nicely to pipelines: instead of capturing the cascade of service calls, child spans capture information about each stage of the build. The same waterfall charts used to analyze a call flow in a distributed architecture can also be effective in helping us to identify bottlenecks in pipelines, even complex ones with fan-in and fan-out. This enables far more focused optimization efforts. While the technique should work with any tracing tool, <a href=""https://www.honeycomb.io/"">Honeycomb</a> supports a tool called <a href=""https://github.com/honeycombio/buildevents"">buildevents</a> that helps capture pipeline trace information. An alternative approach of capturing information already exposed by CI/CD platforms, taken by the open-source <a href=""https://github.com/cburgmer/buildviz"">buildviz</a> (built and maintained by a Thoughtworker), allows for a similar investigation without changing the step configurations themselves.</p>"
SLSA,Trial,Techniques,TRUE,"<p>As software continues to grow in complexity, the threat vector of software dependencies becomes increasingly challenging to guard against. Supply chain Levels for Software Artifacts, or <strong><a href=""https://slsa.dev/"">SLSA</a></strong> (pronounced ""salsa""), is a consortium-curated set of guidance for organizations to protect against supply chain attacks, evolved from internal guidance Google has been using for years. We appreciate that SLSA doesn't promise a ""silver bullet,"" tools-only approach to securing the supply chain, but it does provide a checklist of concrete threats and practices along a maturity model. The <a href=""https://slsa.dev/spec/v0.1/threats"">threat model</a> is easy to follow with real-world examples of attacks, and the <a href=""https://slsa.dev/spec/v0.1/requirements"">requirements</a> provide guidance to help organizations prioritize actions based on levels of increasing robustness to improve their supply chain security posture. Since we first mentioned it in the Radar, SLSA has added more detail around <a href=""https://slsa.dev/attestation-model"">software attestations</a> with examples to track concerns like <a href=""https://slsa.dev/provenance/v0.2"">build provenance</a>. Our teams have found SLSA to strike a nice balance between implementation guidance and higher-level awareness around supply chain threats.</p>"
Software Bill of Materials,Trial,Techniques,TRUE,"<p>With continued pressure to keep systems secure and no reduction in the general threat landscape, a machine-readable <strong>Software Bill of Materials</strong> (SBOM) may help teams stay on top of security problems in the libraries that they rely on. Since the original <a href=""https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/"">Executive Order</a> was published, the industry has gained clarity and understanding of what an SBOM is and how to create one; the National Institute of Standards and Technology (NIST), for example, now has more <a href=""https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-software-1"">specific advice</a> on how to comply with the order. We've had production experience using SBOMs on projects ranging from small companies to large multinationals and even government departments, and we're convinced they provide a benefit. More organizations and governments should consider requiring SBOMs for the software they use. The technique will be strengthened by the new tools that continue to emerge, such as the <a href=""https://firebase.google.com/docs/android/learn-more#bom"">Firebase Android BOM</a> that automatically aligns an application's library dependencies to those listed in the BOM.</p>"
Carbon efficiency as an architectural characteristic,Assess,Techniques,TRUE,"<p>Sustainability is a topic that demands the attention of enterprises. In the software development space its importance has increased, and we're now seeing <a href=""https://www.thoughtworks.com/clients/Bringing-green-cloud-optimization-to-a-green-energy-business"">different ways</a> to approach this topic. Looking at the carbon footprint of building software, for example, we recommend assessing <strong>carbon efficiency as an architectural characteristic</strong>. An architecture that takes into consideration carbon efficiency is one where design and infrastructure choices have been made in order to to minimize energy consumption and therefore carbon emissions. The measurement tooling and advice in this space is maturing, making it feasible for teams to consider carbon efficiency alongside other factors such as performance, scalability, financial cost and security. Like almost everything in software architecture, this should be considered a trade-off; our advice is to think about this as one additional characteristic in a whole set of relevant <a href=""https://en.wikipedia.org/wiki/List_of_system_quality_attributes"">quality attributes</a> that are driven and prioritized by organizational goals and not left to a small cadre of experts to ponder in a siloed manner.</p>"
CUPID,Assess,Techniques,TRUE,"<p>How do you approach writing good code? How do you judge if you've written good code? As software developers, we're always looking for catchy rules, principles and patterns that we can use to share a language and values with each other when it comes to writing simple, easy-to-change code.</p>
<p style="color: green">Daniel Terhorst-North has recently made a new attempt at creating such a checklist for good code. He argues that instead of sticking to a set of rules like <a href=""https://en.wikipedia.org/wiki/SOLID"">SOLID</a>, using a set of properties to aim for is more generally applicable. He came up with what he calls the <strong><a href=""https://dannorth.net/2022/02/10/cupid-for-joyful-coding/"">CUPID</a></strong> properties to describe what we should strive for to achieve ""joyful"" code: Code should be composable, follow the Unix philosophy and be predictable, idiomatic and domain based.</p>"
GitHub push protection,Assess,Techniques,TRUE,"<p>The accidental publication of secrets seems to be a perennial issue with tools such as <a href=""/radar/tools/talisman"">Talisman</a> popping up to help with the problem. Before now, GitHub Enterprise Cloud users with an Advanced Security License could enable security scanning on their accounts, and any secrets (API keys, access tokens, credentials, etc.) that were accidentally committed and pushed would trigger an alert. <strong><a href=""https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/protecting-pushes-with-secret-scanning"">GitHub push protection</a></strong> takes this one step further, and brings it one step earlier in the development workflow, by blocking changes from being pushed at all if secrets are detected. This needs to be configured for the organization and applies, of course, only to license holders, but additional protection from publishing secrets is to be welcomed.</p>"
Local-first application,Assess,Techniques,TRUE,"<p>In a centralized application, the data on the server is the single source of truth — any modification to the data must go through the server. Local data is subordinate to the server version. This seems like a natural and inevitable choice to enable collaboration among multiple users of the software. <strong>Local-first application</strong>, or <a href=""https://www.inkandswitch.com/local-first/#towards-a-better-future"">local-first software</a>, is a set of principles that enables both collaboration and local data ownership. It prioritizes the use of local storage and local networks over servers in remote data centers or the cloud. Techniques like conflict-free replicated data types (CRDTs) and peer-to-peer (P2P) networks have the potential to be a foundational technology for realizing local-first software.</p>"
Metrics store,Assess,Techniques,TRUE,"<p><strong><a href=""https://blog.transform.co/data-talks/what-is-a-metrics-store-why-your-data-team-should-define-business-metrics-in-code/"">Metrics store</a></strong>, sometimes referred to as headless business intelligence (BI), is a layer that decouples metrics definitions from their usage in reports and visualizations. Traditionally, metrics are defined inside the context of BI tools, but this approach leads to duplication and inconsistencies as different teams use them in different contexts. By decoupling the definition in the metrics store, we get clear and consistent reuse across BI reports, visualizations and even embedded analytics. This technique is not new; for example, Airbnb introduced <a href=""https://medium.com/airbnb-engineering/airbnb-metric-computation-with-minerva-part-2-9afe6695b486"">Minerva</a> a year ago. However, we're now seeing considerable traction in the data and analytics ecosystem with more tools supporting metrics stores out of the box.</p>"
Server-driven UI,Assess,Techniques,TRUE,"<p><strong style="background-color: blue">Server-driven UI</strong> continues to be a hot topic of discussion in mobile circles because it offers the potential for developers to take advantage of faster change cycles without falling foul of an app store's policies around revalidation of the mobile app itself. Server-driven UI separates the rendering into a generic container in the mobile app while the structure and data for each view is provided by the server. This means that changes that once required a round trip to an app store can now be accomplished via simple changes to the responses the server sends. While some very large mobile app teams have had great success with this technique, it also requires a substantial investment in building and maintaining a complex proprietary framework. Such an investment requires a compelling business case. Until the case is made, it might be best to proceed with caution; indeed, we've experienced some horrendous, overly configurable messes that didn't actually deliver on the promised benefits. But with the backing of behemoths such as Airbnb and Lyft, we may very well see some useful frameworks emerge that help tame the complexity. Watch this space.</p>"
SLIs and SLOs as code,Assess,Techniques,TRUE,"<p>Since Google first popularized service-level indicators (SLIs) and service-level objectives (SLOs) as part of their site reliability engineering (SRE) practice, observability tools like <a href=""https://docs.datadoghq.com/monitors/service_level_objectives/"">Datadog</a>, <a href=""https://www.honeycomb.io/slos"">Honeycomb</a> and <a href=""https://www.dynatrace.com/news/blog/what-are-slos/"">Dynatrace</a> started incorporating SLO monitoring into their toolchains. <a href=""https://github.com/OpenSLO/OpenSLO"">OpenSLO</a> is an emerging standard that allows defining <strong>SLIs and SLOs as code</strong>, using a declarative, vendor-neutral specification language based on the YAML format used by <a href=""/radar/platforms/kubernetes"">Kubernetes</a>. While the standard is still quite new, we're seeing some encouraging momentum, as with Sumo Logic's contribution of the <a href=""https://github.com/OpenSLO/slogen"">slogen</a> tool to generate monitoring and dashboards. We're excited by the promise of versioning SLI and SLO definitions in code and updating observability tooling as part of the CI/CD pipeline of the service being deployed.</p>"
Synthetic data for testing models,Assess,Techniques,TRUE,"<p>During our discussions for this edition of the Radar, several tools and applications for synthetic data generation came up. As the tools mature, we've found that using <strong>synthetic data for testing models</strong> is a powerful and broadly useful technique. Although not intended as a substitute for real data in validating the discrimination power of machine-learning models, synthetic data can be used in a variety of situations. For example, it can be used to guard against catastrophic model failure in response to rarely occurring events or to test data pipelines without exposing personally identifiable information. Synthetic data is also useful for exploring edge cases that lack real data or for identifying model bias. Some helpful tools for generating data include <a href=""https://github.com/joke2k/faker"">Faker</a> or <a href=""https://www.getsynth.com/"">Synth</a>, which generate data that conforms to desired statistical properties, and tools like <a href=""/radar/languages-and-frameworks/synthetic-data-vault"">Synthetic Data Vault</a> that can generate data that mimics the properties of an input data set.</p>"
TinyML,Assess,Techniques,TRUE,"<p>We continue to be excited by the <strong><a href=""https://towardsdatascience.com/an-introduction-to-tinyml-4617f314aa79"">TinyML</a></strong> technique and the ability to create machine learning (ML) models designed to run on low-powered and mobile devices. Until recently, executing an ML model was seen as computationally expensive and, in some cases, required special-purpose hardware. While creating the models still broadly sits within this classification, they can now be created in a way that allows them to be run on small, low-cost and low-power consumption devices. If you've been considering using ML but thought it unrealistic because of compute or network constraints, then this technique is worth assessing.</p>"
Verifiable credentials,Assess,Techniques,TRUE,"<p>When we first included it in the Radar two years ago, <strong>verifiable credentials</strong> (VC) was an intriguing standard with some promising potential applications, but it wasn't widely known or understood outside the community of enthusiasts. This was particularly true when it came to the credential-granting institutions, such as state governments, who would be responsible for implementing the standards. Two years and one pandemic later, the demand for cryptographically secure, privacy-respecting and machine-verifiable electronic credentials has grown and, as a result, governments are starting to wake up to VC's potential. We're now starting to see VC crop up in our work for public-sector clients. The <a href=""https://www.w3.org/TR/vc-data-model/"">W3C standard</a> puts credential holders at the center, which is similar to our experience when using physical credentials: users can put their verifiable credentials in their own digital wallets and show them to anyone at any time without the permission of the credentials' issuer. This decentralized approach also enables users to better manage and selectively disclose their own information which greatly improves data privacy protection. For example, powered by zero-knowledge proof technology, you can construct a verifiable credential to prove that you're an adult without revealing your birthday. It’s important to note that although many VC-based <a href=""/radar/techniques/decentralized-identity"">decentralized identity</a> solutions rely on blockchain technology, blockchain is not a prerequisite for all VC implementations.</p>"
"Satellite workers without ""remote native""",Hold,Techniques,TRUE,"<p>The term ""remote team setup"" does not just describe one setup; it encompasses multiple <a href=""https://martinfowler.com/articles/remote-or-co-located.html"">patterns and flavors</a>. And many teams have been changing patterns recently. They're coming out of the ""everybody always remote"" mode that was forced on them by a pandemic and moving into a pattern of (often rotating) satellite workers, where part of the team is co-located and part of the team is remote. We see many of them failing to properly consider what this means for their ways of working. <strong>Satellite workers without ""remote native""</strong> ways of working is a slip back into privileging co-located practices. In a setup with satellite workers, it's important to still <a href=""/radar/techniques/use-remote-native-processes-and-approaches"">use ""remote native"" processes and approaches by default</a>. For example, if the co-located part of the team joins a meeting together, they should still all be on their individual laptops to participate in digital collaboration or meeting chat. Teams need to be aware of the risk of excluding their satellite workers and creating silos and feelings of exclusion. If you know that you'll always have at least one satellite team member, the default ways of working should assume remoteness.</p>"
SPA by default,Hold,Techniques,TRUE,"<p>The prevalence of teams choosing a single-page application (SPA) when they need a website continues. We remain concerned that people aren't properly recognizing SPAs as an architectural style to begin with; instead they're immediately jumping into framework selection. SPAs incur complexity that simply doesn't exist with traditional server-based websites: issues such as search engine optimization, browser history management, web analytics and first page load time all need to be addressed. Proper analysis and consideration of the trade-offs is required to determine if that complexity is warranted for business or user experience reasons. Too often teams are skipping that trade-off analysis, blindly accepting the complexity of <strong>SPAs by default</strong> even when business needs don't justify it. We still see some developers who aren't aware of an alternative approach because they've spent their entire career in a framework like React. We believe that many websites will benefit from the simplicity of server-side logic, and we're encouraged by techniques like <a href=""/radar/techniques/hotwire"">Hotwire</a> that help close the gap on user experience.</p>"
Superficial cloud native,Hold,Techniques,TRUE,"<p>The term ""cloud native"" was originally used to describe architectures with characteristics that took maximum advantage of public cloud hosting. Examples include distributed architectures composed of many small, stateless and collaborating processes, and systems with high levels of automation for building, testing and deploying applications. However, we've noticed a growing trend toward <strong>superficial cloud native</strong> designs that simply use a lot of a cloud vendor's proprietary services and stop there without revisiting the fundamentally monolithic, brittle or toil-intensive nature of the application. It’s important to remember that serverless functions by themselves don't make an application more resilient or easier to maintain and that cloud native is really a matter of design rather than a set of implementation choices.</p>"
Backstage,Adopt,Platforms,TRUE,"<p>In an increasingly digital world, improving developer effectiveness in large organizations is often a core concern of senior leaders. We've seen enough value with developer portals in general and <strong><a href=""https://backstage.io/"">Backstage</a></strong> in particular that we're happy to recommend it in Adopt. Backstage is an open-source developer portal platform created by Spotify that improves discovery of software assets across the organization. It uses Markdown <a href=""https://backstage.io/docs/features/techdocs/techdocs-overview"">TechDocs</a> that live alongside the code for each service, which nicely balances the needs of centralized discovery with the need for distributed ownership of assets. Backstage supports software templates to accelerate new development and a plugin architecture that allows for extensibility and adaptability into an organization's infrastructure ecosystem. <a href=""https://backstage.io/docs/features/software-catalog/software-catalog-overview"">Backstage Service Catalog</a> uses YAML files to track ownership and metadata for all the software in an organization's ecosystem; it even lets you track third-party SaaS software, which usually requires tracking ownership.</p>"
Delta Lake,Adopt,Platforms,TRUE,"<p><strong><a href=""https://delta.io/"">Delta Lake</a></strong> is an <a href=""https://github.com/delta-io/delta"">open-source storage layer</a>, implemented by Databricks, that attempts to bring ACID transactions to big data processing. In our Databricks-enabled <a href=""/radar/techniques/data-lake"">data lake</a> or <a href=""/radar/techniques/data-mesh"">data mesh</a> projects, our teams prefer using Delta Lake storage over the direct use of file storage types such as <a href=""https://aws.amazon.com/s3/"">AWS S3</a> or <a href=""https://azure.microsoft.com/en-au/services/storage/data-lake-storage/"">ADLS</a>. Until recently, Delta Lake has been a closed proprietary product from Databricks, but it's now open source and accessible to non-Databricks platforms. However, our recommendation of Delta Lake as a default choice currently extends only to Databricks projects that use <a href=""https://parquet.apache.org/"">Parquet</a> file formats. Delta Lake facilitates concurrent data read/write use cases where file-level transactionality is required. We find Delta Lake's seamless integration with Apache Spark <a href=""https://docs.databricks.com/delta/delta-batch.html"">batch</a> and <a href=""https://docs.databricks.com/delta/delta-streaming.html"">micro-batch</a> APIs very helpful, particularly features such as <a href=""https://databricks.com/blog/2019/02/04/introducing-delta-time-travel-for-large-scale-data-lakes.html"">time travel</a> (accessing data at a particular point in time or commit reversion) as well as <a href=""https://databricks.com/blog/2019/09/24/diving-into-delta-lake-schema-enforcement-evolution.html"">schema evolution</a> support on write.</p>"
AWS Database Migration Service,Trial,Platforms,TRUE,"<p>Many of our teams have successfully used <strong><a href=""https://aws.amazon.com/dms/"">AWS Database Migration Service</a></strong> (DMS) to migrate data to and from AWS. In one of our Digital Transformation engagements, we achieved nearly zero downtime cut-over to the new system as we migrated data from Microsoft SQL Server to an AWS Relational Database Service (RDS) PostgreSQL instance. Such transformations involve many moving parts that require planning and coordination across multidisciplinary teams, but for data migration we're quite happy with DMS. It automatically manages the deployment, management and monitoring of all required resources. Over the years DMS has matured to support several <a href=""https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.html"">source</a> and <a href=""https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.html"">target</a> databases, and we continue to like it.</p>"
Colima,Trial,Platforms,TRUE,"<p><strong><a href=""https://github.com/abiosoft/colima"">Colima</a></strong> is becoming a popular open alternative to Docker Desktop. It provisions the <a href=""/radar/platforms/docker"">Docker</a> container run time in a Lima VM, configures the Docker CLI on macOS and handles port-forwarding and volume mounts. Colima uses <a href=""https://containerd.io/"">containerd</a> as its run time, which is also the run time on most managed <a href=""/radar/platforms/kubernetes"">Kubernetes</a> services — improving the important dev-prod parity. With Colima you can easily use and test the latest features of containerd, such as lazy loading for container images. We've been having good results with Colima in our projects. When in the Kubernetes space, we also use <a href=""https://github.com/containerd/nerdctl"">nerdctl</a>, a Docker-compatible CLI for containerd. Since Kubernetes has deprecated Docker as container run time and most managed-services (EKS, GKE, etc) are following its lead, more people will be looking to containerd native tools, hence the importance of tools like nerdctl. In our opinion, Colima is realizing its strong potential and becoming a go-to option as an alternative to Docker Desktop.</p>"
Databricks Photon,Trial,Platforms,TRUE,"<p>Starting with Databricks 9.1 LTS (Long Term Support), a new run time became available called <a href=""https://www.databricks.com/product/photon""><strong>Databricks Photon</strong></a>, an alternative that was rewritten from the ground up in C++. Several of our teams have now used Photon in production and have been pleased with the performance improvements and corresponding cost savings. Actual improvements and changes in costs will depend upon multiple factors such as data set size and transaction types. We recommend trialing against a realistic workload to gather data for a comparison before making any decision on Photon's use.</p>"
DataHub,Trial,Platforms,TRUE,"<p>Since we first mentioned <a href=""/radar/techniques/data-discoverability"">data discoverability</a> in the Radar, LinkedIn has evolved <a href=""https://engineering.linkedin.com/blog/2016/03/open-sourcing-wherehows--a-data-discovery-and-lineage-portal"">WhereHows</a> to <strong><a href=""https://github.com/linkedin/datahub"">DataHub</a></strong>, the next generation platform that addresses data discoverability via an extensible metadata system. Instead of crawling and pulling metadata, DataHub adopts a push-based model where individual components of the data ecosystem publish metadata via an API or a stream to the central platform. This push-based integration shifts ownership from the central entity to individual teams, making them accountable for their metadata. As a result, we've used DataHub successfully as an organization-wide metadata repository and entry point for multiple autonomously maintained data products. When taking this approach, be sure to keep it lightweight and avoid the slippery slope leading to centralized control over a shared resource.</p>"
DataOps.live,Trial,Platforms,TRUE,"<p><strong><a href=""https://www.dataops.live/"">DataOps.live</a></strong> is a data platform that automates environments in <a href=""/radar/platforms/snowflake"">Snowflake</a>. Inspired by <a href=""/radar/techniques/devops"">DevOps</a> practices, DataOps.live lets you treat the data platform like any other web platform by embracing continuous integration and continuous delivery (CI/CD), automated testing, observability and code management. You can roll back changes immediately without impacting the data or recover from complete failures and rebuild a fresh Snowflake tenant in minutes or hours instead of days. Our teams had good experiences with DataOps.live, because it allowed us to iterate quickly when building data products on top of Snowflake.</p>"
eBPF,Trial,Platforms,refresh_writeup,"<p>For several years now, the Linux kernel has included the extended Berkeley Packet Filter (<strong><a href=""https://ebpf.io/"">eBPF</a></strong>), a virtual machine that provides the ability to attach filters to particular sockets. But eBPF goes far beyond packet filtering and allows custom scripts to be triggered at various points within the kernel with very little overhead. By allowing you to run sandboxed programs within the operating system kernel, application developers can run eBPF programs to add additional capabilities to the operating system at run time. Some of our projects require troubleshooting and profiling at the system call level, and our teams found that tools like <a href=""https://github.com/iovisor/bcc"">bcc</a> and <a href=""https://github.com/iovisor/bpftrace"">bpftrace</a> have made their jobs easier. Observability and network infrastructure also benefit from eBPF — for example, the <a href=""/radar/tools/cilium"">Cilium</a> project can implement traffic load balancing and observability <a href=""/radar/techniques/service-mesh-without-sidecar"">without sidecar overhead</a> in <a href=""/radar/platforms/kubernetes"">Kubernetes</a>, and <a href=""https://github.com/cilium/hubble"">Hubble</a> provides further security and traffic observability on top of it. The <a href=""https://github.com/falcosecurity/falco"">Falco</a> project uses eBPF for security monitoring, and the <a href=""https://github.com/facebookincubator/katran"">Katran</a> project uses eBPF to build more efficient L4 load balancing. The eBPF community is growing rapidly, and we're seeing more and more synergy with the field of observability.</p>"
Feast,Trial,Platforms,TRUE,"<p><strong><a href=""https://github.com/feast-dev/feast"">Feast</a></strong> is an open-source <a href=""/radar/platforms/feature-store"">Feature Store</a> for machine learning. It has several useful properties, including generating point-in-time correct feature sets — so error-prone future feature values do not leak to models during training — and supporting both streaming and batch data sources. However, it currently only supports timestamped structured data and therefore may not be suitable if you work with unstructured data in your models. We've successfully used Feast at a significant scale as an offline store during model training and as an online store during prediction.</p>"
Monte Carlo,Trial,Platforms,TRUE,"<p><strong><a href=""https://www.montecarlodata.com/"">Monte Carlo</a></strong> is a data observability platform. Using machine learning models, it infers and learns about data, identifying issues and notifying users when they arise. It allows our teams to maintain data quality across ETL pipelines, data lakes, data warehouses and business intelligence (BI) reports. With features such as monitoring dashboards as code, a central data catalog and field-level lineage, our teams find Monte Carlo to be an invaluable tool for overall data governance.</p>"
Retool,Trial,Platforms,TRUE,"<p>In previous editions, we’ve recommended assessing <a href=""/radar/techniques/bounded-low-code-platforms"">bounded low-code platforms</a> as a method for applying low-code solutions to specific use cases in very limited domains. We’ve seen some traction in this space, specifically with <a href=""https://retool.com/""><strong>Retool</strong></a>, a low-code platform that our teams use to build solutions for internal users, predominantly to query and visualize data. It allows them to produce non-business-critical read-only solutions faster. The main reported benefits of Retool are its UI components and its ability to be integrated quickly and easily with common data sources.</p>"
Seldon Core,Trial,Platforms,TRUE,"<p><strong><a href=""https://github.com/SeldonIO/seldon-core"">Seldon Core</a></strong> is an open-source platform to package, deploy, monitor and manage machine learning models in <a href=""/radar/platforms/kubernetes"">Kubernetes</a> clusters. With out-of-the-box support for several machine-learning frameworks, you can easily containerize your models using <a href=""https://docs.seldon.io/projects/seldon-core/en/latest/servers/overview.html"">prepackaged inference servers</a>, <a href=""https://docs.seldon.io/projects/seldon-core/en/latest/servers/custom.html"">custom inference servers</a> or <a href=""https://docs.seldon.io/projects/seldon-core/en/latest/wrappers/language_wrappers.html"">language wrappers</a>. With distributed tracing through <a href=""https://docs.seldon.io/projects/seldon-core/en/latest/graph/distributed-tracing.html"">Jaeger</a> and model explainability via <a href=""https://github.com/SeldonIO/alibi"">Alibi</a>, Seldon Core addresses several last-mile delivery challenges with machine learning deployments, and our data teams like it.</p>"
Teleport,Trial,Platforms,TRUE,"<p><strong><a href=""https://gravitational.com/teleport/"">Teleport</a></strong> is a tool for <a href=""/radar/techniques/zero-trust-architecture"">zero trust</a> network access to infrastructure. Traditional setups require complex policies or jump servers to restrict access to critical resources. Teleport, however, simplifies this with a unified access plane and with fine-grained authorization controls that replace jump servers, VPNs or shared credentials. Implemented as a single binary with out-of-the-box support for several protocols (including SSH, RDP, <a href=""/radar/platforms/kubernetes"">Kubernetes</a> API, MySQL, <a href=""/radar/platforms/mongodb"">MongoDB</a> and PostgreSQL wire protocols), Teleport makes it easy to set up and manage secured access across Linux, Windows or Kubernetes environments. Since we first mentioned it in the Radar, a few teams have used Teleport and our overall positive experience prompted us to highlight it.</p>"
VictoriaMetrics,Trial,Platforms,TRUE,"<p>Modern observability relies on collecting and aggregating an exhaustive set of granular metrics to fully understand, predict and analyze system behavior. But when applied to a cloud native system composed of many redundant and cooperating processes and hosts, the cardinality (or number of unique time series) becomes unwieldy because it grows exponentially with each additional service, container, node, cluster, etc. When dealing with high-cardinality data, we've found that <a href=""https://victoriametrics.com/""><strong>VictoriaMetrics</strong></a> performs well. VictoriaMetrics is particularly useful for operating <a href=""/radar/platforms/kubernetes"">Kubernetes</a>-hosted <a href=""/radar/techniques/microservices"">microservice</a> architectures, and the VictoriaMetrics operator makes it easy for teams to implement their own monitoring in a self-service way. We also like its componentized architecture and ability to continue collecting metrics even when the central server is unavailable. Although our team has been happy with VictoriaMetrics, this is a rapidly evolving area, and we'd recommend keeping an eye on other high-performance, <a href=""/radar/tools/prometheus"">Prometheus</a>-compatible time series databases such as <a href=""https://cortexmetrics.io/"">Cortex</a> or <a href=""https://thanos.io/"">Thanos</a>.</p>"
Bun,Assess,Platforms,TRUE,"<p><strong><a href=""https://github.com/oven-sh/bun"">Bun</a></strong> is a new JavaScript runtime, similar to <a href=""/radar/platforms/node-js"">Node.js</a> or <a href=""/radar/platforms/deno"">Deno</a>. Unlike Node.js or Deno, however, Bun is built using WebKit's JavaScriptCore instead of Chrome's V8 engine. Designed as a drop-in replacement for Node.js, Bun is a single binary (written in <a href=""/radar/languages-and-frameworks/zig"">Zig</a>) that acts as a bundler, transpiler and package manager for JavaScript and <a href=""/radar/languages-and-frameworks/typescript"">TypeScript</a> applications. Bun is currently in beta, so expect bugs or compatibility issues with a few Node.js libraries. However, it’s been built from the ground up with several optimizations, including fast startup and improved server-side rendering, and we believe it’s worthwhile to assess.</p>"
Databricks Unity Catalog,Assess,Platforms,TRUE,"<p><strong><a href=""https://www.databricks.com/product/unity-catalog"">Databricks Unity Catalog</a></strong> is a data governance solution for assets such as files, tables or machine learning models in a <a href=""https://www.databricks.com/blog/2020/01/30/what-is-a-data-lakehouse.html"">lakehouse</a>. Although you'll find several platforms in the enterprise data governance space, if you're already using other Databricks solutions, you should certainly assess Unity Catalog. We want to highlight that while these governance platforms usually implement a centralized solution for better consistency across workspaces and workloads, the responsibility to govern should be federated by enabling individual teams to govern their own assets.</p>"
Dragonfly,Assess,Platforms,TRUE,"<p><strong><a href=""https://github.com/dragonflydb/dragonfly"">Dragonfly</a></strong> is a new in-memory data store with compatible <a href=""/radar/platforms/redis"">Redis</a> and Memcached APIs. It leverages the new Linux-specific <a href=""https://github.com/axboe/liburing"">io_uring</a> API for I/O and implements <a href=""https://dragonflydb.io/blog/2022/06/23/cache_design/"">novel algorithms and data structures</a> on top of a multithreaded, shared-nothing architecture. Because of these clever choices in implementation, Dragonfly achieves impressive results in performance. Although Redis continues to be our default choice for in-memory data store solutions, we do think Dragonfly is an interesting choice to assess.</p>"
Edge Impulse,Assess,Platforms,TRUE,"<p>In previous Radars, we've written about <a href=""/radar/techniques/tinyml"">TinyML</a> — the practice of running trained models on small devices with onboard sensors to make decisions or extract features without a roundtrip to the cloud. <a href=""https://www.edgeimpulse.com/""><strong>Edge Impulse</strong></a> has made the process of collecting sensor data and then training and deploying a model as simple as possible. Edge Impulse is an end-to-end hosted platform for developing models optimized to run on small edge devices such as microcontrollers. The platform guides the developer through the entire pipeline, including the task of collecting and labeling training data. They've made it easy to get started using your mobile phone for both data collection and running the classifier while the model training and refining happens in the more powerful, cloud-hosted environment. The resulting recognition algorithms can also be optimized, compiled and uploaded to a wide range of microcontroller architectures. Although Edge Impulse is a commercial venture, the platform is free for developers and makes the entire process fun and engaging even for those who are new to machine learning. The low barrier of entry to creating a working application means that we'll be seeing more edge devices with smart decisioning built in.</p>"
GCP Vertex AI,Assess,Platforms,TRUE,"<p><strong><a href=""https://cloud.google.com/vertex-ai"">GCP Vertex AI</a></strong> is a unified artificial intelligence platform that allows teams to build, deploy and scale machine-learning (ML) models. Vertex AI includes pretrained models, which can be used directly, fine-tuned or combined with <a href=""/radar/techniques/automated-machine-learning-automl"">AutoML</a>, as well as infrastructure such as feature stores and pipelines for ML models. We like Vertex AI's integrated capabilities, which help to make it feel like a coherent AI platform.</p>"
Gradient,Assess,Platforms,TRUE,"<p><strong><a href=""https://www.paperspace.com/gradient"">Gradient</a></strong> is a platform for building, deploying and running machine-learning applications, very similar to Google's Colab. Notebooks can be created from templates, helping you to get started with <a href=""/radar/languages-and-frameworks/pytorch"">PyTorch</a> or <a href=""/radar/languages-and-frameworks/tensorflow"">TensorFlow</a> or with applications like <a href=""/radar/languages-and-frameworks/stable-diffusion"">Stable Diffusion</a>. In our experience, Gradient is well-suited for GPU-intensive models, and we like that the web-based environment is persistent.</p>"
IAM Roles Anywhere,Assess,Platforms,TRUE,"<p><strong><a href=""https://docs.aws.amazon.com/rolesanywhere/latest/userguide/introduction.html"">IAM Roles Anywhere</a></strong> is a new service from AWS that lets you obtain temporary security credentials in IAM for workloads such as servers, containers and applications that run outside of AWS. We find it particularly useful in hybrid cloud setups where workloads are split across AWS and non-AWS resources. Instead of creating long-lived credentials, with IAM Roles Anywhere, you can now create short-lived credentials to access AWS resources using X.509 certificates. We believe this approach streamlines the access pattern across the hybrid cloud and recommend you check it out.</p>"
Keptn,Assess,Platforms,TRUE,"<p><strong><a href=""https://keptn.sh/"">Keptn</a></strong> is a control plane for delivery and operations that relies on <a href=""https://cloudevents.io/"">CloudEvents</a> for instrumentation. Like one of the techniques we mentioned in <a href=""/radar/techniques/observability-for-ci-cd-pipelines"">observability for CI/CD pipelines</a>, Keptn visualizes its orchestration as traces. The declarative definition of the delivery pipeline aims to separate SRE intentions from the underlying implementation, relying on other observability, pipeline and deployment tooling to respond to the appropriate events. We're particularly excited by the idea of adding service-level objective (SLO) verifications as <a href=""/radar/techniques/architectural-fitness-function"">architectural fitness functions</a> to CI/CD pipelines: Keptn lets you define service-level indicators (SLIs) as key-value pairs, with the value representing the query to your observability infrastructure. It will then evaluate the result against the defined SLOs as a <a href=""https://keptn.sh/docs/concepts/quality_gates/"">quality gate</a>. Keptn takes the same approach to automated operations, allowing a declarative definition that specifies the intent of scaling a ReplicaSet in response to a degradation of average response time, for example. Created by Dynatrace, Keptn also integrates with <a href=""/radar/tools/prometheus"">Prometheus</a> and Datadog.</p>"
OpenMetadata,Assess,Platforms,TRUE,"<p>Undoubtedly, <a href=""/radar/techniques/data-discoverability"">data discoverability</a> has become a very important focal point for companies since it is an enabler for data to be shared and used efficiently by different people. We’ve included platforms such as <a href=""/radar/platforms/datahub"">DataHub</a> and <a href=""/radar/platforms/collibra"">Collibra</a> in previous editions of the Radar. However, our teams are constantly assessing options in this space and have recently shown interest in <strong><a href=""https://github.com/open-metadata/OpenMetadata#what-is-openmetadata"">OpenMetadata</a></strong>, a platform dedicated to metadata management by using open standards. Our teams like this open-source platform because it improves the development experience due to its simple architecture, easy deployment with a focus on automation and strong focus on data discoverability.</p>"
OrioleDB,Assess,Platforms,TRUE,"<p><strong><a href=""https://github.com/orioledb/orioledb/"">OrioleDB</a></strong> is a new storage engine for PostgreSQL. Our teams use PostgreSQL a lot, but its storage engine was originally designed for hard drives. Although there are several options to tune for modern hardware, it can be difficult and cumbersome to achieve optimal results. OrioleDB addresses these challenges by implementing a cloud-native storage engine with explicit support for solid-state drives (SSDs) and nonvolatile random-access memory (NVRAM). To try the new engine, first install the enhancement patches to the current <a href=""https://www.postgresql.org/docs/current/tableam.html"">table access methods</a> and then install OrioleDB as a PostgreSQL extension. We believe OrioleDB has great potential to address several <a href=""https://www.slideshare.net/AlexanderKorotkov/solving-postgresql-wicked-problems"">long-pending issues in PostgreSQL</a>, and we encourage you to carefully assess it.</p>"
Great Expectations,Adopt,Tools,TRUE,"<p><a href=""https://docs.greatexpectations.io/en/latest/""><strong>Great Expectations</strong></a> has become a sensible default for our teams in the data quality space, which is why we recommend adopting it — not only for the lack of better alternatives but also because our teams have reported great results in several client projects. Great Expectations is a framework that allows you to craft built-in controls that flag anomalies or quality issues in data pipelines. Just as unit tests run in a build pipeline, Great Expectations makes assertions during the execution of a data pipeline. We like its simplicity and ease of use — the rules stored in JSON can be modified by our data domain experts without necessarily needing data engineering skills.</p>"
k6,Adopt,Tools,TRUE,"<p>Since we first mentioned it in the Radar, <a href=""https://k6.io/""><strong>k6</strong></a> has become a go-to tool for performance testing. We continue to be fans of how easy it is to write JavaScript code for tests, but k6 also has a low-code <a href=""https://k6.io/docs/test-authoring/test-builder"">test builder</a> to make playing with the tool even easier. The documentation shows how easy it is to add performance testing to a pipeline across <a href=""https://k6.io/docs/integrations/#continuous-integration-and-continuous-delivery"">multiple CI/CD tools</a>. Our teams find it easy to integrate <a href=""https://k6.io/docs/integrations/#result-store-and-visualization"">visualization tools</a> like <a href=""/radar/tools/grafana"">Grafana</a> and New Relic, which help them tune both infrastructure and applications. The developer friendliness and ecosystem make k6 a compelling option for investigating a system's behavior under heavy load.</p>"
Apache Superset,Trial,Tools,TRUE,"<p><strong><a href=""https://superset.apache.org/"">Apache Superset</a></strong> is a great business intelligence (BI) tool for data exploration and visualization to work with large data lake and data warehouse setups. It supports several <a href=""https://superset.apache.org/docs/databases/installing-database-drivers"">data sources</a> — including AWS Redshift, <a href=""/radar/platforms/bigquery"">BigQuery</a>, Azure MS SQL, <a href=""/radar/platforms/snowflake"">Snowflake</a> and <a href=""/radar/platforms/clickhouse"">ClickHouse</a>. Moreover, you don't have to be a data engineer to use it; it's meant to benefit all engineers exploring data in their everyday work. For demanding use cases, we found it easy to scale Superset by deploying it in a <a href=""/radar/platforms/kubernetes"">Kubernetes</a> cluster. Since we last talked about it in the Radar, Superset has graduated as an Apache product, and we've seen great success in several projects.</p>"
AWS Backup Vault Lock,Trial,Tools,TRUE,"<p>When implementing robust, secure and reliable disaster recovery, it’s necessary to ensure that backups can't be deleted or altered before their expiry, either maliciously or accidentally. Previously, with AWS Backup, these policies and guarantees had to be implemented by hand. Recently, AWS has added the Vault Lock feature to ensure backups are immutable and untamperable. <a href=""https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html""><strong>AWS Backup Vault Lock</strong></a> enforces retention and deletion policies and prevents even those with administrator privileges from altering or deleting backup files. This has proved to be a valuable addition and fills a previously empty space.</p>"
AWS Control Tower,Trial,Tools,TRUE,"<p>Multi-team account management is a challenge in AWS, especially in setup and governance; <a href=""https://aws.amazon.com/controltower""><strong>AWS Control Tower</strong></a> is an attempt to address this challenge. Our team has reported good results using it to manage accounts and access control for multiple teams in the organization through a single, centralized place.</p>"
Clumio Protect,Trial,Tools,TRUE,"<p>We've had success with <a href=""https://clumio.com/products/protect/""><strong>Clumio Protect</strong></a> for backing up AWS data, particularly S3. A commercial SaaS solution, Clumio Protect can also back up a range of other AWS services and stores the data offline where it is not accessible through the internet. Our teams responsible for handling data protection and recovery at massive scale found that Clumio Protect is easy to set up and maintain and far outperforms the native AWS Backup service when S3 buckets are particularly big.</p>"
Cruft,Trial,Tools,TRUE,"<p>We've been talking about <a href=""/radar/techniques/tailored-service-templates"">tailored service templates</a> ever since we first identified <a href=""/radar/techniques/microservices"">microservices</a> as a thing. If an organization sets out to create a collection of small services that can be developed, built, deployed and operated independently but consistently, it makes sense to give teams a solid starting point that aligns to the standard. However, one of the enduring problems with that approach is that as the template evolves over time in response to changing technical and business requirements, projects based on older versions of the template fall out of date. Retrofitting template improvements into an established project becomes a major pain. <strong><a href=""https://cruft.github.io/cruft/"">Cruft</a></strong> attempts to address this problem by providing tools to identify and patch differences between a local project and the current head of a master template repository. It combines the <a href=""https://github.com/cookiecutter/cookiecutter"">Cookiecutter</a> templating engine with git hashes to identify and apply changes to the templates. Think of it as a package manager for a project boilerplate. Keeping templates up-to-date is a notoriously difficult and long-standing problem, so to us the solution Cruft provides sounds almost too good to be true. Based on early feedback from our team, however, Cruft actually works and makes life easier for service builders and maintainers. We're anxious to see how it performs over the long term, but for now it's worth taking a look at this potentially useful tool.</p>"
Excalidraw,Trial,Tools,TRUE,"<p>We continue to hear enthusiastic reports about <strong><a href=""https://excalidraw.com/"">Excalidraw</a></strong> from our teams, but our previous caveat about security remains in place. Excalidraw is a simple yet powerful online drawing tool. Sometimes teams just need a quick picture instead of a formal diagram; for remote teams, Excalidraw provides a quick way to create and share diagrams. Our teams also like the ""lo-fi"" look of the diagrams it can produce, which is reminiscent of the whiteboard diagrams they would have produced when co-located. Regarding security, at the time of writing, anyone who has the link can see your diagrams; note, though, that the paid version of Excalidraw provides further authentication and options to run a server locally do exist.</p>"
Hadolint,Trial,Tools,TRUE,"<p>We like spreading the word about linting tools that actually help you find issues rather than just shortcut style disputes in the team. <strong><a href=""https://github.com/hadolint/hadolint"">Hadolint</a></strong> is one of those tools — it helps find common issues in Dockerfiles. We find it to be fast, accurate and with good documentation. It explains both how to fix an issue and why it's an issue in the first place, thus nudging Dockerfile authors toward good practices. Incidentally, Hadolint is built on top of <a href=""/radar/tools/shellcheck"">ShellCheck</a>, which we recommend in its own right for checking your shell scripts.</p>"
Kaniko,Trial,Tools,TRUE,"<p>Most of today's CI/CD pipeline tools and platforms are built on containers as runtimes. Many of our teams are using <strong><a href=""https://github.com/GoogleContainerTools/kaniko"">Kaniko</a></strong> to build container images from within those container-based pipelines. This comes as part of a trend away from <a href=""/radar/platforms/docker"">Docker</a> as the de facto standard for container runtimes. With Kaniko, you can build your images without using a Docker daemon. This helps avoid the security issue of Docker's ""privileged"" mode, which would be necessary for any ""Docker-in-Docker"" activity. Moreover, you don't have to assume that your pipeline has access to a Docker daemon in the first place, which cannot be taken for granted anymore and often requires extra configuration.</p>"
Kusto Query Language,Trial,Tools,TRUE,"<p>As data work becomes more common, we continue to see tools that try to enhance the SQL language; <a href=""https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/""><strong>Kusto Query Language</strong></a> (KQL) is one of them. KQL was created by Azure, and it brings modularity, encapsulation, composability, reusability, extensibility and dynamism to relational querying. Our teams quite like its interactivity: you can pipe a query to the render operator and see a chart instantly. You can also combine these charts into dashboards and get insights from logs to execs in minutes. Although the KQL language is currently limited to the <a href=""https://azure.microsoft.com/en-us/products/data-explorer/#overview"">Azure Data Explorer</a>, we anticipate the move to enhance SQL to achieve better data operability will not stop.</p>"
Spectral,Trial,Tools,TRUE,"<p><strong><a href=""https://stoplight.io/open-source/spectral/"">Spectral</a></strong> is a JSON/YAML linter with an emphasis on OpenAPI and AsyncAPI specifications. It ships with a comprehensive set of out-of-the-box rules for these specs that can save developers headaches when designing and implementing APIs or event-driven collaboration. These rules check for proper API parameter specifications or the existence of a license statement in the spec, among other things. The <a href=""https://meta.stoplight.io/docs/spectral/9ffa04e052cc1-spectral-cli"">CLI</a> makes it easy to incorporate Spectral into both local development and CI/CD pipelines, and the <a href=""https://meta.stoplight.io/docs/spectral/eb68e7afd463e-spectral-in-java-script"">JavaScript API</a> supports more advanced use cases. The <a href=""https://github.com/stoplightio/spectral"">GitHub site</a> links to publicly available real-world rule sets from companies like Adidas, giving teams a head start on adopting their own linting rules.</p>"
Styra Declarative Authorization Service,Trial,Tools,TRUE,"<p><strong><a href=""https://www.styra.com/styra-das/"">Styra Declarative Authorization Service</a></strong> (DAS) is a governance and automation tool for managing <a href=""/radar/tools/open-policy-agent-opa"">Open Policy Agent (OPA)</a> at scale. Built by the creators of OPA, the tool allows us to deploy policies across ""systems,"" including <a href=""/radar/platforms/kubernetes"">Kubernetes</a> clusters, infrastructure code repositories, namespaces and more. Most importantly, it allows for real-time analysis of decisions made by an OPA agent, along with replayability for debugging and investigating what-if scenarios for policy changes. It also comes with an audit log that can help security teams with historical reporting.</p>"
xbar for build monitoring,Trial,Tools,TRUE,"<p>On remote teams, we sorely lack having a <a href=""https://martinfowler.com/articles/continuousIntegration.html#EveryoneCanSeeWhatsHappening"">dedicated build monitor</a> in the room; unfortunately, newer continuous integration (CI) tools lack support for the old <a href=""https://cctray.org/v1/"">CCTray</a> format. The result is that broken builds aren't always picked up as quickly as we'd like. To solve this problem, many of our teams have started using <strong><a href=""https://github.com/matryer/xbar"">xbar</a> for build monitoring</strong>. With xbar, one can execute a script to poll build status, displaying it on the menu bar. It can be further scripted to track other team metrics such as pending credential expiries or how far the production release lags behind the user acceptance testing (UAT) release. Of course, xbar is more general purpose, but it solves an immediate and emergent problem caused by remote working. <a href=""https://github.com/jaredks/rumps"">Rumps</a>, among other tools, can solve the same problem.</p>"
Clasp,Assess,Tools,TRUE,"<p>Unfortunately, a big part of the world still runs on spreadsheets and will continue to do so. They're the ultimate tool to let anyone build those small custom tools tailored to their exact needs. However, when you want to enhance them with a level of logic that requires ""real"" code, the low-code nature of spreadsheets can then become a constraint. If you're with a company that, like Thoughtworks, uses Google's G-Suite, <strong><a href=""https://github.com/google/clasp"">Clasp</a></strong> enables you to apply at least some <a href=""/radar/techniques/continuous-delivery-cd"">Continuous Delivery</a> practices to Apps Script code. You can write the code outside of the Apps Script project, which creates options for testing, source control and build pipelines; it even lets you use <a href=""/radar/languages-and-frameworks/typescript"">TypeScript</a>. Clasp has been around for a while, and you shouldn’t expect a programming environment with all of the usual comforts, but it can greatly improve the experience of using Apps Script.</p>"
Databricks Overwatch,Assess,Tools,TRUE,"<p><strong><a href=""https://databrickslabs.github.io/overwatch/"">Databricks Overwatch</a></strong> is a Databricks Labs project that enables teams to analyze various operational metrics of Databricks workloads around cost, governance and performance with support to run what-if experiments. It's essentially a set of data pipelines that populate tables in Databricks, which can then be analyzed using tools like notebooks. Overwatch is very much a power tool; however, it's still in its early stages and it may take some effort to set it up — our use of it required Databricks solution architects to help set it up and populate a price reference table for cost calculations — but we expect adoption to get easier over time. The level of analysis made possible by Overwatch is deeper than what is allowed by cloud providers' cost analysis tools. For example, we were able to analyze the cost of job failures — recognizing that failing fast saves money compared to jobs that only fail near the final step — and break down the cost by various groupings (workspace, cluster, job, notebook, team). We also appreciated the improved operational visibility, as we could easily audit access controls around cluster configurations and analyze operational metrics like finding the longest running notebook or largest read/write volume. Overwatch can analyze historical data, but its real-time mode allows for alerting which helps you to add appropriate controls to your Databricks workloads.</p>"
dbtvault,Assess,Tools,TRUE,"<p><a href=""https://datavaultalliance.com/news/dv/understanding-data-vault-2-0/"">Data Vault 2.0</a> is a data modeling methodology and design pattern intended to improve the flexibility of data warehouses compared to other popular modeling approaches. Data Vault 2.0 can be applied to any data store such as <a href=""https://www.snowflake.com/data-cloud-glossary/data-vault/"">Snowflake</a> or <a href=""https://www.databricks.com/glossary/data-vault"">Databricks</a>. When implementing Data Vault warehouses, we've found the <strong><a href=""https://www.data-vault.co.uk/dbtvault/"">dbtvault</a></strong> package for <a href=""/radar/tools/dbt"">dbt</a> to be a helpful tool. dbtvault provides a set of <a href=""https://jinja.palletsprojects.com/en/3.1.x/"">jinja</a> templates that generate and execute the ETL scripts necessary to populate a Data Vault warehouse. Although dbtvault has some rough edges — it lacks support for enforcing implied uniqueness or performing incremental loads — overall, it fills a niche and requires minimal configuration to get started.</p>"
git-together,Assess,Tools,TRUE,"<p>We're always looking for ways to remove small frictions from pair programming, which is why we're excited by <a href=""https://github.com/kejadlen/git-together""><strong>git-together</strong></a>, a tool written in Rust that simplifies git commit attribution during pairing. By aliasing <code>git-together</code> as <code>git</code>, the tool allows you to add extensions to <code>git config</code> that capture committer information, aliasing each committer by their initials. Changing pairs (or switching to soloing or mob programming) requires you to run <code>git with</code>, followed by the initials of the pair (for example: <code>git with bb cc</code>), allowing you to resume your regular git workflow afterward. Every time you commit, git-together will rotate through the pair as the official author that git stores, and it will automatically add any other authors to the bottom of the commit message. The configuration can be checked in with the repo, allowing git-together to work automatically after cloning a repo.</p>"
Harness Cloud Cost Management,Assess,Tools,TRUE,"<p><strong><a href=""https://harness.io/products/cloud-cost"">Harness Cloud Cost Management</a></strong> is a commercial tool that works across all three of the major cloud providers and their managed <a href=""/radar/platforms/kubernetes"">Kubernetes</a> clusters to help visualize and manage cloud costs. The product calculates a cost efficiency score by looking at idle resources as well as resources not allocated to any workload and uses historical trends to help optimize resource allocation. The dashboards highlight cost spikes and allow a user to register unexpected anomalies, which are then fed into their reinforcement learning algorithm around anomaly detection. Cloud Cost Management can recommend adjustments to limits for memory and CPU usage, with options to optimize for either cost or performance. ""Perspectives"" allows you to group costs based on organizationally defined filters (which could correspond to business units, teams or products) and automate report distribution to bring visibility into cloud spend. We believe Cloud Cost Management offers a compelling feature set to help organizations mature their FinOps practices.</p>"
Infracost,Assess,Tools,TRUE,"<p>We continue to see organizations move to the cloud without properly understanding how they will track ongoing spend. We previously blipped <a href=""/radar/techniques/run-cost-as-architecture-fitness-function"">run cost as architecture fitness function</a>, and <a href=""https://infracost.io/""><strong>Infracost</strong></a> is a tool that aims to make these cloud cost trade-offs visible in Terraform pull requests. It's open-source software and available for macOS, Linux, Windows and Docker and supports pricing for AWS, GCP and Microsoft Azure out of the box. It also provides a public API that can be queried for current cost data. We remain excited by its potential, especially when it comes to gaining better cost visibility in the IDE.</p>"
Karpenter,Assess,Tools,TRUE,"<p>One of the fundamental capabilities of <a href=""/radar/platforms/kubernetes"">Kubernetes</a> is its ability to automatically launch new pods when additional capacity is needed and shut them down when loads decrease. This horizontal autoscaling is a useful feature, but it can only work if the nodes needed to host the pods already exist. While <a href=""https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler"">Cluster Autoscaler</a> can do some rudimentary cluster expansion triggered by pod failures, it has limited flexibility; <strong><a href=""https://karpenter.sh/"">Karpenter</a></strong>, however, is an open-source <a href=""/radar/tools/kubernetes-operators"">Kubernetes Operator</a> autoscaler with more smarts built in: it analyzes the current workloads and the pod scheduling constraints to automatically select an appropriate instance type and then start or stop it as needed. Karpenter is an operator in the spirit of tools like <a href=""/radar/tools/crossplane"">Crossplane</a> that can provision cloud resources outside the cluster. Karpenter is an attractive companion to the autoscaling services cloud vendors provide natively with their managed Kubernetes clusters. For example, AWS now supports Karpenter as a first-class alternative in their EKS Cluster Autoscaler service.</p>"
Mizu,Assess,Tools,TRUE,"<p><strong><a href=""https://github.com/up9inc/mizu/tree/main"">Mizu</a></strong> is an API traffic viewer for <a href=""/radar/platforms/kubernetes"">Kubernetes</a>. Unlike other tools, Mizu does not require instrumentation or code changes. It runs as a <a href=""https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/"">DaemonSet</a> to inject a container at the node level in your Kubernetes cluster and performs tcpdump-like operations. We find it useful as a debugging tool, as it can observe all API communications across multiple protocols (REST, gRPC, <a href=""/radar/platforms/apache-kafka"">Kafka</a>, AMQP and <a href=""/radar/platforms/redis"">Redis</a>) in real time.</p>"
Soda Core,Assess,Tools,TRUE,"<p><a href=""https://www.soda.io/core""><strong>Soda Core</strong></a> is an open-source data quality and observability tool. We talked about <a href=""/radar/tools/great-expectations"">Great Expectations</a> previously in the Radar, and Soda Core is an alternative with a key difference — you express the data validations in a DSL called <a href=""https://docs.soda.io/soda-cl/soda-cl-overview.html"">SodaCL</a> (previously called <a href=""https://docs.soda.io/soda-sql/overview.html"">Soda SQL</a>) as opposed to Python functions. Once the validations are written, it can be executed as part of a <a href=""https://docs.soda.io/soda-core/orchestrate-scans.html"">data pipeline</a> or <a href=""https://docs.soda.io/soda-core/programmatic.html"">scheduled to run programmatically</a>. As we become increasingly data-driven, it's critical to maintain data quality, and we encourage you to assess Soda Core.</p>"
Teller,Assess,Tools,TRUE,"<p><strong><a href=""https://github.com/tellerops/teller"">Teller</a></strong> is an open-source universal secret manager for developers that ensures the correct environment variables are set when starting an application. However, it's not a vault itself — it's a CLI tool that connects to a variety of sources, ranging from cloud secrets providers to third-party solutions like <a href=""/radar/tools/hashicorp-vault"">HashiCorp Vault</a> to local environment files. Teller has additional functionality to scan for vault-kept secrets in your code, to redact secrets from logs, to detect drift between secrets providers and to sync between them. Given the sensitivity of accessing secrets, we can't emphasize enough the need to secure the supply chain for open-source dependencies, but we appreciate how easy the CLI is to use in local development environments, CI/CD pipelines and deployment automation.</p>"
Xcode Cloud,Assess,Tools,TRUE,"<p><a href=""https://developer.apple.com/xcode-cloud/""><strong>Xcode Cloud</strong></a> is a CI/CD tool that is built into Xcode and used to build, test and deploy Apple apps. It provides an integrated experience with familiar tools for Apple developers like Xcode, App Store Connect and TestFlight. Based on our team's experience, it does a good job of simplifying the pipeline configuration and provisioning profiles and certificates. This tool is quite fresh and most of our mobile development teams are still using the more mature <a href=""/radar/tools/bitrise"">Bitrise</a>. Still, we think it's worth assessing and tracking its progress.</p>"
Online services for formatting or parsing code,Hold,Tools,TRUE,"<p>We previously called out <a href=""/radar/techniques/production-data-in-test-environments"">production data in test environments</a> and now want to highlight another common practice that needs to be approached with care or even stopped entirely: <strong>online services for formatting or parsing code</strong>. There are many useful sites for formatting or parsing formats such as JSON and YAML, as well as sites that assess code tutorials or produce online code metrics. Great care is needed when using these. Pasting a block of JavaScript, JSON or similar into an unknown website can easily create security and privacy issues and might unknowingly export personal data into a different jurisdiction. These sites should never be used with production data and should be approached with caution in all other circumstances.</p>"
io-ts,Adopt,Languages and Frameworks,TRUE,"<p>Our teams developing in <a href=""/radar/languages-and-frameworks/typescript"">TypeScript</a> are finding <strong><a href=""https://gcanti.github.io/io-ts/"">io-ts</a></strong> invaluable, especially when interacting with APIs that ultimately result in the creation of objects with specific types. When working with TypeScript, getting data into the bounds of the type system (i.e., from the aforementioned APIs) can lead to run-time errors that can be hard to find and debug. io-ts bridges the gap between compile-time type checking and run-time consumption of external data by providing encode and decode functions. Given the experiences of our teams and the elegance of its approach, we think io-ts is worth adopting.</p>"
Kotest,Adopt,Languages and Frameworks,TRUE,"<p><strong><a href=""https://kotest.io/"">Kotest</a></strong> (previously KotlinTest) is a stand-alone testing tool for the <a href=""/radar/languages-and-frameworks/kotlin"">Kotlin</a> ecosystem that is widely used among our teams across various Kotlin implementations — native, JVM or JavaScript. Its key advantages are that it offers a variety of testing styles in order to structure test suites and that it comes with a comprehensive set of matchers, which allow for expressive tests in an elegant internal DSL. In addition to its support for <a href=""/radar/techniques/property-based-unit-testing"">property-based testing</a>, our teams like the solid IntelliJ plugin and the support community. Many of our developers consider it their first choice and recommend those who are still using JUnit in Kotlin consider switching over to Kotest.</p>"
NestJS,Adopt,Languages and Frameworks,TRUE,"<p>In the past, we've cautioned about <a href=""/radar/platforms/node-overload"">Node overload</a>, and we're still cautious about the reasons to choose it. However, in scenarios where Node.js is required to build back-end applications, our teams are reporting that <strong><a href=""https://nestjs.com/"">NestJS</a></strong> is a suitable option to enable developers to create testable, scalable, loosely coupled and easily maintainable applications in enterprises. NestJS is a <a href=""/radar/languages-and-frameworks/typescript"">TypeScript</a>-first framework that makes the development of Node.js applications safer and less error-prone. NestJS is opinionated and comes with SOLID principles and an <a href=""/radar/languages-and-frameworks/angular"">Angular</a>-inspired architecture out of the box.</p>"
React Query,Adopt,Languages and Frameworks,TRUE,"<p><a href=""https://react-query-v3.tanstack.com/""><strong>React Query</strong></a> is often described as the missing data-fetching library for <a href=""/radar/languages-and-frameworks/react-js"">React</a>. Fetching, caching, synchronizing and updating server state is a common requirement in many React applications, and although the requirements are well understood, getting the implementation right is notoriously difficult. React Query provides a straightforward solution using hooks. It works hand-in-hand with existing async data-fetching libraries like <a href=""/radar/tools/axios"">axios</a>, <a href=""/radar/languages-and-frameworks/fetch"">Fetch</a> and <a href=""/radar/languages-and-frameworks/graphql"">GraphQL</a> since they are built on promises. As an application developer, you simply pass a function that resolves your data and leave everything else to the framework. We like that it works out of the box but still offers a lot of configuration when needed. The developer tools, unfortunately not yet available for <a href=""/radar/languages-and-frameworks/react-native"">React Native</a>, also help developers new to the framework understand how it works. For React Native, you can use a <a href=""https://github.com/bgaleotti/react-query-native-devtools"">third-party developer tools plugin</a> utilizing <a href=""/radar/tools/flipper"">Flipper</a>. In our experience, version 3 of React Query brought the stability needed to be used in production with our clients.</p>"
Swift Package Manager,Adopt,Languages and Frameworks,TRUE,"<p>When introduced in 2014, Swift didn't come with a package manager. Later, <strong><a href=""https://github.com/apple/swift-package-manager"">Swift Package Manager</a></strong> was created as an official Apple open-source project, and this solution has continued to develop and mature. Our teams rely increasingly on SwiftPM because most packages can be included through it and the processes for both creators and consumers of packages have been streamlined. In the previous Radar, we recommended trialing, but we now believe it makes sense to select it as the default when starting new projects. For existing projects using tools like CocoaPods or <a href=""/radar/tools/carthage"">Carthage</a>, it might be worth a quick experiment to gauge the level of effort to migrate and to check whether all dependencies are available.</p>"
Yjs,Adopt,Languages and Frameworks,TRUE,"<p>Conflict-free replicated data type (CRDT) algorithms are proven to be able to automatically distribute and merge changes among peers without conflicts. But in practice, even for small enough data, these algorithms usually require a significant amount of memory to trace all the changes made by different peers, thus making them impractical. <strong><a href=""https://yjs.dev/"">Yjs</a></strong> is a carefully optimized CRDT implementation that keeps memory consumption at a reasonable level for large data sets and millions of modifications. It also provides bindings for popular text editors, which greatly reduce the cost of building collaborative tools.</p>"
io-ts1,Adopt,Languages and Frameworks,TRUE,"<p>Our teams developing in <a href=""/radar/languages-and-frameworks/typescript"">TypeScript</a> are finding <strong><a href=""https://gcanti.github.io/io-ts/"">io-ts</a></strong> invaluable, especially when interacting with APIs that ultimately result in the creation of objects with specific types. When working with TypeScript, getting data into the bounds of the type system (i.e., from the aforementioned APIs) can lead to run-time errors that can be hard to find and debug. io-ts bridges the gap between compile-time type checking and run-time consumption of external data by providing encode and decode functions. Given the experiences of our teams and the elegance of its approach, we think io-ts is worth adopting.</p>"
Kotest1,Adopt,Languages and Frameworks,TRUE,"<p><strong><a href=""https://kotest.io/"">Kotest</a></strong> (previously KotlinTest) is a stand-alone testing tool for the <a href=""/radar/languages-and-frameworks/kotlin"">Kotlin</a> ecosystem that is widely used among our teams across various Kotlin implementations — native, JVM or JavaScript. Its key advantages are that it offers a variety of testing styles in order to structure test suites and that it comes with a comprehensive set of matchers, which allow for expressive tests in an elegant internal DSL. In addition to its support for <a href=""/radar/techniques/property-based-unit-testing"">property-based testing</a>, our teams like the solid IntelliJ plugin and the support community. Many of our developers consider it their first choice and recommend those who are still using JUnit in Kotlin consider switching over to Kotest.</p>"
NestJS1,Adopt,Languages and Frameworks,TRUE,"<p>In the past, we've cautioned about <a href=""/radar/platforms/node-overload"">Node overload</a>, and we're still cautious about the reasons to choose it. However, in scenarios where Node.js is required to build back-end applications, our teams are reporting that <strong><a href=""https://nestjs.com/"">NestJS</a></strong> is a suitable option to enable developers to create testable, scalable, loosely coupled and easily maintainable applications in enterprises. NestJS is a <a href=""/radar/languages-and-frameworks/typescript"">TypeScript</a>-first framework that makes the development of Node.js applications safer and less error-prone. NestJS is opinionated and comes with SOLID principles and an <a href=""/radar/languages-and-frameworks/angular"">Angular</a>-inspired architecture out of the box.</p>"
React Query1,Adopt,Languages and Frameworks,TRUE,"<p><a href=""https://react-query-v3.tanstack.com/""><strong>React Query</strong></a> is often described as the missing data-fetching library for <a href=""/radar/languages-and-frameworks/react-js"">React</a>. Fetching, caching, synchronizing and updating server state is a common requirement in many React applications, and although the requirements are well understood, getting the implementation right is notoriously difficult. React Query provides a straightforward solution using hooks. It works hand-in-hand with existing async data-fetching libraries like <a href=""/radar/tools/axios"">axios</a>, <a href=""/radar/languages-and-frameworks/fetch"">Fetch</a> and <a href=""/radar/languages-and-frameworks/graphql"">GraphQL</a> since they are built on promises. As an application developer, you simply pass a function that resolves your data and leave everything else to the framework. We like that it works out of the box but still offers a lot of configuration when needed. The developer tools, unfortunately not yet available for <a href=""/radar/languages-and-frameworks/react-native"">React Native</a>, also help developers new to the framework understand how it works. For React Native, you can use a <a href=""https://github.com/bgaleotti/react-query-native-devtools"">third-party developer tools plugin</a> utilizing <a href=""/radar/tools/flipper"">Flipper</a>. In our experience, version 3 of React Query brought the stability needed to be used in production with our clients.</p>"
Swift Package Manager1,Adopt,Languages and Frameworks,TRUE,"<p>When introduced in 2014, Swift didn't come with a package manager. Later, <strong><a href=""https://github.com/apple/swift-package-manager"">Swift Package Manager</a></strong> was created as an official Apple open-source project, and this solution has continued to develop and mature. Our teams rely increasingly on SwiftPM because most packages can be included through it and the processes for both creators and consumers of packages have been streamlined. In the previous Radar, we recommended trialing, but we now believe it makes sense to select it as the default when starting new projects. For existing projects using tools like CocoaPods or <a href=""/radar/tools/carthage"">Carthage</a>, it might be worth a quick experiment to gauge the level of effort to migrate and to check whether all dependencies are available.</p>"
Yjs1,Adopt,Languages and Frameworks,TRUE,"<p>Conflict-free replicated data type (CRDT) algorithms are proven to be able to automatically distribute and merge changes among peers without conflicts. But in practice, even for small enough data, these algorithms usually require a significant amount of memory to trace all the changes made by different peers, thus making them impractical. <strong><a href=""https://yjs.dev/"">Yjs</a></strong> is a carefully optimized CRDT implementation that keeps memory consumption at a reasonable level for large data sets and millions of modifications. It also provides bindings for popular text editors, which greatly reduce the cost of building collaborative tools.</p>"
Azure Bicep,Trial,Languages and Frameworks,TRUE,"<p>For those who prefer a more natural language than JSON for infrastructure code, <strong><a href=""https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview?tabs=bicep"">Azure Bicep</a></strong> is a domain-specific language (DSL) that uses a declarative syntax and supports reusable parameterized templates for modular resource definitions. A <a href=""https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-bicep"">Visual Studio Code extension</a> provides instant type safety, intellisense and syntax checking, while the compiler allows bidirectional transpilation to and from Azure Resource Manager (ARM) templates. Bicep's resource-oriented DSL and native integration with the Azure ecosystem make it a compelling choice for Azure infrastructure development.</p>"
Camunda,Trial,Languages and Frameworks,TRUE,"<p>Since we last mentioned <strong><a href=""https://camunda.com/"">Camunda</a></strong>, we've seen many of our teams and clients use the platform, making it one of our preferred workflow engines in cases where a workflow engine is a good fit for the domain. Camunda offers workflow and decision engines that can be integrated as a library in your Java code. This makes it easy to test, version and refactor workflows, alleviating some of the downsides of other more low-code workflow engines. We've even seen Camunda used in environments with high performance requirements. Teams also like how easy it is to integrate with <a href=""/radar/languages-and-frameworks/spring-boot"">Spring Boot</a> and its nice user interface.</p>"
Gradle Kotlin DSL,Trial,Languages and Frameworks,TRUE,"<p>Previously, we blipped about the Android Gradle plugin Kotlin DSL, or <strong>Gradle Kotlin DSL</strong>, which added support for <a href=""/radar/languages-and-frameworks/kotlin"">Kotlin</a> Script as an alternative to <a href=""/radar/languages-and-frameworks/groovy"">Groovy</a> for Android projects using <a href=""/radar/tools/gradle"">Gradle</a> build scripts. The goal of replacing Groovy with Kotlin is to provide better support for refactoring and simpler editing in IDEs and, ultimately, to produce code that is easier to read and maintain. For teams already using Kotlin, it also means working on the build in a familiar language. We now suggest trialing Kotlin DSL as an alternative language to Groovy for Gradle projects in general, especially if you have large or complex Gradle build scripts. Many IDEs now include support for the migration of existing projects. Some caveats remain, and we suggest checking the <a href=""https://docs.gradle.org/current/userguide/kotlin_dsl.html"">documentation</a> for the most up-to-date details, including the prerequisites. We had a team with an at least seven-year-old, 450-line build script migrate successfully within a few days.</p>"
Jetpack Media3,Trial,Languages and Frameworks,TRUE,"<p>Android had several media APIs: Jetpack Media, also known as MediaCompat, Jetpack Media2 and ExoPlayer. Unfortunately, these libraries were developed independently, with different goals but overlapping functionality. Android developers not only had to choose which library to use, they also had to contend with writing adaptors or other connecting code when features from multiple APIs were needed. <a href=""https://developer.android.com/jetpack/androidx/releases/media3""><strong>Jetpack Media3</strong></a> is an API that takes common areas of functionality from the existing APIs — including UI, playback and media session handling — and combines them into a merged and refined API. The player interface from ExoPlayer has also been updated, enhanced and streamlined to act as the common player interface for Media3. After an early access phase, Media3 is now in beta. Although its first release is forthcoming, we've already had positive experiences using it in apps.</p>"
Ladle,Trial,Languages and Frameworks,TRUE,"<p>As <a href=""https://storybook.js.org/"">Storybook</a> grew in popularity, it became more and more of a behemoth. If all you really care about is isolating and testing your React UI components, then <strong><a href=""https://ladle.dev/"">Ladle</a></strong> is the alternative. Ladle supports most of the Storybook API (MDX files are not supported yet) and can be used as a drop-in replacement. It is lightweight and has better integration with <a href=""https://vitejs.dev/"">Vite</a>. It also provides simple and clean APIs that can be easily integrated with other testing frameworks.</p>"
Moshi,Trial,Languages and Frameworks,TRUE,"<p>We're hearing that our <a href=""/radar/languages-and-frameworks/kotlin"">Kotlin</a>-based teams are seeking alternatives to Java frameworks such as GSON when handling JSON. Although it's been around for some time, <strong><a href=""https://github.com/square/moshi"">Moshi</a></strong> has now emerged as a preferred framework for many of these teams. It's easy to migrate from GSON and Moshi provides native support for Kotlin non-nullable types and default parameters. Moshi makes working with JSON faster and easier. If you're currently using a Java framework from within Kotlin to handle JSON, we recommend giving Moshi a try.</p>"
Svelte,Trial,Languages and Frameworks,TRUE,"<p>Among web component frameworks, <strong><a href=""https://svelte.dev/"">Svelte</a></strong> stands out by moving reactivity out of the browser and into the compiler. Instead of optimizing DOM updates by using a virtual DOM and browser optimization tricks, Svelte compiles your code into vanilla framework-less JavaScript code that surgically updates the DOM directly. In addition to the run-time performance benefits, this also allows Svelte to optimize the amount of code the browser has to download without sacrificing features for developers; moreover, it's proven to be performant and battery-friendly for mobile web applications as less code has to execute in the browser itself. Performance benefits aside, our teams have appreciated its friendly learning curve and the maintenance benefits that come from <a href=""https://svelte.dev/blog/write-less-code"">writing less code</a>. Svelte itself is only the component framework, but <a href=""https://kit.svelte.dev/"">SvelteKit</a> adds features to build full web applications.</p>"
Aleph.js,Assess,Languages and Frameworks,TRUE,"<p>There is certainly no shortage of frameworks to build web applications in JavaScript/<a href=""/radar/languages-and-frameworks/typescript"">TypeScript</a>. We've featured many of them in the Radar, but what sets <strong><a href=""https://alephjs.org/docs"">Aleph.js</a></strong> apart in this crowded field is that it's built to run on <a href=""/radar/platforms/deno"">Deno</a>, the new server-side run time created by the original developer of <a href=""/radar/platforms/node-js"">Node</a>. This puts Aleph.js on a modern foundation that addresses several shortcomings and problems with Node. Aleph.js is still new — it’s approaching the 1.0 release at the time of writing — but it already offers a solid developer experience, including hot module replacement. With Deno now way past its <a href=""https://deno.com/blog/v1"">1.0 release</a>, this is a modern choice for projects that can take the risk.</p>"
Astro,Assess,Languages and Frameworks,TRUE,"<p>It's hard to believe, but in 2022, the developer community continues to pump out interesting new frameworks for building web applications. <strong><a href=""https://astro.build/"">Astro</a></strong> is a recent, open-source, multi-page application framework that renders HTML on the server and minimizes the amount of JavaScript sent over the wire. Astro seems particularly well-suited to content-oriented websites that pull from many different sources. We like the fact that although Astro encourages sending only HTML, it still supports — when appropriate — select active components written in the front-end JavaScript framework of your choice. It does this through its <a href=""https://mainawycliffe.dev/blog/island-architecture/"">island architecture</a>. Islands are regions of interactivity within a single page where the necessary JavaScript is downloaded only when needed. Astro is relatively new but seems to support a growing ecosystem of developers and code. It's one to watch as it develops.</p>"
BentoML,Assess,Languages and Frameworks,TRUE,"<p><a href=""https://github.com/bentoml/BentoML""><strong>BentoML</strong></a> is a python-first framework for serving machine-learning models in production at scale. The models it provides are agnostic of their environment; all model artifacts, source code and dependencies are encapsulated in a self-contained format called Bento. It's like having your model ""as a service."" Think of BentoML as the <a href=""/radar/platforms/docker"">Docker</a> for ML models: It generates VM images with pre-programmed APIs ready for deployment and includes features that make it easy to test these images. BentoML can help speed up the initial development effort by easing the start of projects which is why we included it in Assess.</p>"
Carbon Aware SDK,Assess,Languages and Frameworks,TRUE,"<p>When looking at reducing the carbon footprint of an application — the carbon dioxide emissions caused indirectly by running the software — attention is usually directed at making the software more efficient. The thinking is clear: more efficient software needs less electricity and fewer servers, reducing the emissions from electricity generation and manufacturing of the servers. An additional strategy is to make the application <em>carbon aware</em>. This is because the same workload does not always have the same carbon footprint. For example, when run in a data center in a cooler climate, less power for air conditioning is needed; or, when run at a time when more renewable energy is available (more sunshine, stronger winds), less electricity from carbon-based sources is required. With the <a href=""https://github.com/Green-Software-Foundation/carbon-aware-sdk""><strong>Carbon Aware SDK</strong></a>, software engineers can query data sources to discover less carbon-intensive options for a given workload and then move it to a different location or run it at a different time. This makes sense for large workloads that are neither time nor latency sensitive, such as training a machine-learning model. Although the SDK and available data sources are not very comprehensive yet, we believe it's time to start looking at how we can make our systems carbon aware.</p>"
Cloudscape,Assess,Languages and Frameworks,TRUE,"<p><strong><a href=""https://cloudscape.design/"">Cloudscape</a></strong> is an open-source design system that not only has a rich set of components but also 35 interaction and content representation patterns. In addition, it uses <a href=""/radar/techniques/design-tokens"">design tokens</a> for theming and provides element wrappers for all components, which greatly simplifies unit testing. This makes it stand out from other design systems out there.</p>"
Connect,Assess,Languages and Frameworks,TRUE,"<p><a href=""https://connect.build/""><strong>Connect</strong></a> is a family of libraries for building browser- and gRPC-compatible HTTP APIs. Similar to gRPC, you write Protocol Buffer schema and implement the application logic, and Connect generates code to handle marshaling, routing, compression and content type negotiation. However, Connect tries to improve on gRPC in several ways. This includes native support for gRPC-Web without a translating proxy; interoperability with third-party routers or middleware, because <a href=""https://github.com/bufbuild/connect-go"">connect-go</a> is built on top of net/http (unlike grpc-go); and fully generated type-safe clients with the ergonomics of hand-crafted code. We mostly prefer REST and are not a big fan of the RPC approach to building APIs. That said, Connect does seem to address some of our concerns with RPCs, and we encourage you to assess it.</p>"
Cross device SDK,Assess,Languages and Frameworks,TRUE,"<p>As smart devices continue to embed themselves in our lives, we are starting to see new use cases emerge that span across multiple devices. The classic example is a text we start reading on a phone but prefer to finish on a tablet. Other examples include plotting a cycling route on a laptop and then transferring the data to a bike computer for easier navigation or using a mobile phone as a webcam. Such use cases require very specific kinds of features, like the discovery of nearby devices, secure communication and multi-device sessions. Apple started introducing such features a while ago to its own SDKs, and now Google has released the first preview of its <a href=""https://developer.android.com/guide/topics/connectivity/cross-device-sdk/overview""><strong>Cross device SDK</strong></a>. Although the preview has several limitations — for example, only phones and tablets are supported and only two devices at a time — the technology is exciting and can be utilized as it is rolled out over time.</p>"
Cypress Component Testing,Assess,Languages and Frameworks,TRUE,"<p><a href=""https://docs.cypress.io/guides/component-testing/writing-your-first-component-test""><strong>Cypress Component Testing</strong></a> provides a testable component workbench to quickly build and test UI components. You can write component visual regression tests with the same API that you write end-to-end (E2E) UI tests. Although still in beta, component testing will be the most important feature in <a href=""/radar/tools/cypress"">Cypress</a> 10.</p>"
JobRunr,Assess,Languages and Frameworks,TRUE,"<p><strong><a href=""https://www.jobrunr.io/"">JobRunr</a></strong> is a library for background job processing in Java and an alternative to the Quartz scheduler. Our teams have enjoyed using JobRunr's built-in dashboard, which is easy to use and allows the monitoring and scheduling of background tasks. JobRunr is open source and free for commercial use; for features such as job migration and recovery, however, you need to get a paid license.</p>"
Million,Assess,Languages and Frameworks,TRUE,"<p><strong><a href=""https://github.com/aidenybai/million"">Million</a></strong> is a new virtual DOM JavaScript library. Similar to <a href=""/radar/languages-and-frameworks/svelte"">Svelte</a>, it leverages the compiler, <a href=""/radar/tools/vite"">Vite</a>, to create small JavaScript bundles with exceptional rendering performance. The Million library ships as a single NPM package with several modules — including <a href=""https://github.com/aidenybai/million/tree/main/packages/router"">router</a>, <a href=""https://github.com/aidenybai/million/tree/main/packages/jsx-runtime"">jsx-runtime</a> and a module for <a href=""https://github.com/aidenybai/million/tree/main/packages/react"">React compatibility</a> to create single-page applications. Although <a href=""/radar/languages-and-frameworks/react-js"">React</a> popularized the virtual DOM a decade ago, it's fascinating to see new innovations in this space.</p>"
Soketi,Assess,Languages and Frameworks,TRUE,"<p><a href=""https://github.com/soketi/soketi""><strong>Soketi</strong></a> is an open-source WebSockets server. If your application is compatible with the <a href=""https://pusher.com/"">Pusher</a> protocol, you can plug Soketi in directly as it fully implements the <a href=""https://pusher.com/docs/channels/library_auth_reference/pusher-websockets-protocol/#version-7-2017-11"">Pusher Protocol v7</a>. We find the <a href=""https://dash.soketi.app/register"">beta support</a> for Cloudflare Workers particularly interesting because it opens the door to using WebSockets at the network edge.</p>"
Stable Diffusion,Assess,Languages and Frameworks,TRUE,"<p>OpenAI's <a href=""https://openai.com/blog/dall-e/"">DALL·E</a> caught everyone's attention with its ability to create <a href=""http://wearemtm.com/2022/07/22/dall-e-2-creating-photorealistic-images-from-text/"">images from text prompts</a>. Now, <a href=""https://stability.ai/blog/stable-diffusion-public-release""><strong>Stable Diffusion</strong></a> offers the same capability but, critically, it's open source. Anyone with access to a powerful graphics card can experiment with the model, and anyone with <a href=""https://huggingface.co/CompVis/stable-diffusion-v1-4#environmental-impact"">sufficient</a> compute resources can recreate the model themselves. The results are <a href=""https://prompthero.com/prompt/1981b47ffa6"">astounding</a> but also raise significant questions. For example, the model is trained on image-text pairs obtained via a <a href=""https://laion.ai/blog/laion-5b/"">broad scrape of the internet</a> and therefore will reflect societal biases, which means it could possibly produce content that is illegal, upsetting, or at the very least undesirable. Stable Diffusion now includes an AI-based <a href=""https://huggingface.co/CompVis/stable-diffusion-safety-checker"">safety classifier</a>; however, given its open-source nature, people can disable the classifier. Finally, artists have noted that with the right prompts the model is adept at mimicking their artistic style. This raises questions about the ethical and legal implications of an AI capable of imitating an artist.</p>"
Synthetic Data Vault,Assess,Languages and Frameworks,TRUE,"<p><strong><a href=""https://github.com/sdv-dev/SDV"">Synthetic Data Vault (SDV)</a></strong> is a synthetic data generation ecosystem of libraries that can learn the distribution of a data set to generate synthetic data with the same format and statistical properties as the source. In the past, we talked about the downsides of using <a href=""/radar/techniques/production-data-in-test-environments"">production data in test environments</a>. However, the nuances of data distribution in production can hardly be replicated manually, resulting in defects and surprises. We believe SDV and similar tools can address this gap by generating production-like data for <a href=""https://sdv.dev/SDV/user_guides/single_table/index.html"">single-table</a>, <a href=""https://sdv.dev/SDV/user_guides/relational/index.html"">complex multi-table</a> and <a href=""https://sdv.dev/SDV/user_guides/timeseries/index.html"">multivariate timeseries</a> data. Although SDV isn't new, we quite like it and decided to highlight it.</p>"
Carbon,Hold,Languages and Frameworks,TRUE,"<p>We're seeing some interest in the <strong><a href=""https://github.com/carbon-language/carbon-lang"">Carbon</a></strong> programming language. That doesn't come as a surprise: it has Google's backing and is presented as a natural successor to C++. In our opinion C++ can't be replaced fast enough as software engineers have shown, over the past decades, that writing safe and error-free C++ code is extremely difficult and time-consuming. While Carbon is an interesting concept with its focus on migration from C++, without a working compiler, it's clearly a long way from being usable and there are other modern programming languages that are good choices if you want to migrate from C++. It's too early to tell whether Carbon will become the natural successor to C++, but, from today's perspective, we recommend that teams look at <a href=""/radar/languages-and-frameworks/rust"">Rust</a> and <a href=""/radar/languages-and-frameworks/go-language"">Go</a> rather than postponing a migration because they're waiting for Carbon to arrive.</p>"