Do you have visibility on the software your business builds? Leverage our out-of-the-box GitHub integration to complete your map of your IT landscape.
As an enterprise architect, you know that maintaining visibility over your IT landscape is vital for ensuring its resilience. Gaps in your overview of your application portfolio leave you vulnerable to risk.
We all know that these gaps can happen as a result of ungoverned technology adoption. What about self-built software, though?
Are you including information about the applications your company is building in your development repositories? If you aren’t, then you don’t have a complete picture of your IT landscape.
Software development often moves faster than even your developers can keep up with. It’s easy to find the frameworks and code libraries you built your software from have become unsupported, incompatible, or vulnerable by the time it gets to market or internal release.
To avoid having to scrap or re-engineer the software you’ve built before you’ve even seen the benefits of it, you need to know what it's made of. That’s why we now include an out-of-the-box integration with GitHub within SAP LeanIX.
To get hands-on with our new GitHub integration and see how it drives software discovery and risk mitigation, book a demo:
What Is Self-Built Software?
Over five years ago, Microsoft CEO, Satya Nadella, told business leaders that "every company is now a software company". Automobile companies aren't just selling cars, they're selling the software in the on-board computer; beyond this, they're leveraging the software they created to program the software for those computers, along with the software they use to design those cars and run their assembly line.
Much of the software businesses use is bought-in. This makes sense as it's less effort to buy in the industry standard software rather than compete to create it.
However, there will always be gaps where the software you need for your specific circumstances either doesn't exist or is prohibitively expensive. In those cases, you need developers to build custom software for you.
Since this software is unique to your organization, it therefore becomes a competitive advantage. Everyone uses Microsoft and Salesforce, but only your company can leverage the unique software you have built in-house.
The risk, however, comes from the fact that software creation is a laborious process that relies on the ability to leverage existing best practices and code libraries through GitHub. Developers are only able to create software in the timeframe you need by assembling it from bits of existing code.
The risk comes from the fact that software development relies on code derived from open-source libraries. These can and have been exploited for vulnerabilities and, despite a global interest in building composable architectures, services and technologies don’t always integrate well with each other.
The Risks Of Self-Built Software
Code that was innovative yesterday might be replaced by smarter, cleverer code tomorrow. When it is, your software stops being best-of-breed and enters into your tech debt ledger.
In the best-case scenario, this leads to the slow erosion of your self-built software. In the worst, it opens you up to cyber attack.
Cyber criminals are constantly looking for ways to exploit popular code libraries as cracking a piece of code in a library allows them to hack into a huge variety of different software that includes it. When a vulnerability is exposed in a code library you've used, you need to know immediately if any of your self-built software leverages the compromised code.
This can be extremely difficult. Your developers are innovators by necessity and they will likely have a large library of software and code that they're experimenting on.
Do you know what software they've created and released or plan to do so? Do you know how it fits into your application landscape, interfacing with other software and data?
It's as vital for enterprise architects to have visibility over this self-built software as it is for you to understand the infrastructure of external applications. As such, it's vital to include this in your enterprise architecture repository.
The Value Of Visibility
Software bills of materials (SBOMs) are like the recipe for how your software was made, including all the ingredients. By collating these for all your self-built software, you'll be prepared to rapidly discover everywhere in your IT landscape that vulnerable code has been leveraged.
If you ran a bakery and discovered that a customer was allergic to peanuts, for example, you would need to check the recipes of all your products to find which ones contained peanuts to be safe. Just the same, documented SBOMs allow you to see each piece of software that has a known vulnerability, so you can formulate a plan for dealing with it.
Even simply having visibility over the existence your self-built software is important. Before you buy a new software tool, you should check that your developers haven't already built a suitable tool themselves, and where an application is to be retired, you can confirm your developers aren't wasting time creating applications to integrate with it.
This is why we created an integration between SAP LeanIX and GitHub Enterprise, allowing you to discover your self-built software automatically. This increases the essential application visibility you already get with SAP LeanIX.
Introducing The SAP LeanIX GitHub Integration
SAP LeanIX now provides our GitHub Enterprise integration out-of-the-box. This new capability will automatically discover self-built software within your GitHub instance and create documentation for it in SAP LeanIX, including critical dependencies, potential uses, technology frameworks, and the identities of teams that created and are using it.
SAP LeanIX can also ingest GitHub artifacts and software bills of materials (SBOMs). This allows you to determine how software was built and what code was used.
The GitHub Enterprise integration is available to SAP LeanIX customers now. Start tracking your self-built software today.
To get hands-on with our new GitHub integration and see how it drives software discovery and risk mitigation, book a demo: