|
| 1 | +## Title |
| 2 | + |
| 3 | +Unified Source Code Inventory |
| 4 | + |
| 5 | +## Patlet |
| 6 | + |
| 7 | +In a large organization with different legal entities is often hard to get full visibility into all software assets, in particular all source code. This situation reduces the opportunities to increase business value and keep liability costs, such as software maintenance, under control across the organization as a whole. An organization-level source code inventory addresses these issues while exploiting opportunities to identify and support valuable InnerSource assets. |
| 8 | + |
| 9 | +## Problem |
| 10 | + |
| 11 | +Given situations when InnerSource stakeholders do not value source code at the same level as other organization's assets; when source code strategies are ad-hoc and different among legal entities with little consolidation at organization-level; then it becomes harder both to select and support the right InnerSource project candidates as well as maximize business value of such a key asset. |
| 12 | + |
| 13 | +Can you get consistent answers within the organization to questions like? |
| 14 | + |
| 15 | +* How would you find all source code touched by anyone in your legal entity? |
| 16 | +* How would you find out who else can also access each of the above? |
| 17 | +* For new source code, what is your default level of access? |
| 18 | +* How would you know nothing is missing from your inventory? |
| 19 | +* What valuable insights or actions have you gained from your inventory? |
| 20 | + |
| 21 | +## Context |
| 22 | + |
| 23 | +* You work on Legal Entity within a complex Organization under continuous change (e.g., new acquisitions or changing business priorities). |
| 24 | +* You cannot find all source code touched, shared and consumed within the Organization. |
| 25 | +* You do not have a clear policy on default sharing level when creating a new project (e.g., Open Source, InnerSource or Closed Source). |
| 26 | +* You cannot scan significant parts of the Organization's source code looking for duplication, similarity or code smells. |
| 27 | +* You do not know the existing ratios of Open Source, innerSource and Closed Source and their trend. |
| 28 | +* You cannot measure the diversity of contributions and resulting value for a given project. |
| 29 | +* You cannot identify and optimize tech stack diversity. |
| 30 | +* You cannot identify technical debt and determine the priorities for retirement (e.g., dead APIs/source). |
| 31 | + |
| 32 | +## Forces |
| 33 | + |
| 34 | +* Fragmentation of source code hosting systems in the organization. |
| 35 | +* Ad-hoc source code strategies scattered across the different Legal Entities in the organization. |
| 36 | +* Continuously changing map of the relationships between: projects, repositories, products, tech stacks, domains, solutions, platforms, services, components, sub-systems, people, authors, teams, external repositories. |
| 37 | +* Diverse software culture of teams across the organization (e.g., more open to collaboration or more siloed). |
| 38 | + |
| 39 | +## Solutions |
| 40 | + |
| 41 | +### Set up an organization-level source code inventory live dashboard |
| 42 | + |
| 43 | +* Combination of manual and automated input data sources to a single source of truth |
| 44 | +* API available to add new data sources and extend coverage of the source code repository |
| 45 | +* Key meta-data about each repository: |
| 46 | + * Legal Entity |
| 47 | + * URL |
| 48 | + * Version control system (e.g., GIT or SVN). |
| 49 | + * Hosting vendor (e.g., GitHub, Gitlab or BitBucket) and hosting type (e.g., on-prem, private cloud or public cloud). |
| 50 | + * Sharing level (e.g., Open Source, InnerSource, Closed Source). |
| 51 | +* Visualization in place to list all assets with options to filter based on meta-data |
| 52 | +* Enable access to automated source code static analysis tools (e.g., identify duplicated or similar code, flag code smells, benchmark test coverage). |
| 53 | + |
| 54 | +Mockup dashboard | Mockup questionnaire |
| 55 | +:-------------------------:|:-------------------------: |
| 56 | + |  |
| 57 | + |
| 58 | +### Define a Source Code Strategy Assessment Framework |
| 59 | + |
| 60 | +* Help to define a source code strategy including an explicit definition of policies at Organization and Legal Entity levels for: |
| 61 | + * Inventory |
| 62 | + * Sharing |
| 63 | + * Consumption |
| 64 | + * Contribution |
| 65 | + * Ecosystem |
| 66 | +* Example of such a framework: [github.com/trieshard/source-strategy-assessment/blob/master/framework.md](https://github.com/trieshard/source-strategy-assessment/blob/master/framework.md) |
| 67 | + |
| 68 | +## Resulting Context |
| 69 | + |
| 70 | +### For the Organization, Legal Entity and Project maintainers |
| 71 | + |
| 72 | +* We have explicit policies at Organization and Legal Entity level on source code strategy (e.g., where to create new repository or how to select the right sharing level). |
| 73 | +* We can find all source code touched, shared and consumed within the Organization or Legal Entity and take actions as needed. |
| 74 | +* We can measure the diversity of contributions and resulting business value for our project. |
| 75 | +* We can identify technical debt and determine the priorities for retirement (e.g., dead APIs/source). |
| 76 | + |
| 77 | +### For InnerSource governance |
| 78 | + |
| 79 | +* We can scan significant parts of our Organization's source code looking for opportunities of reuse, duplication, similarity or code smells. |
| 80 | +* We know the ratios of Open Source, InnerSource and Closed Source within the Organization so we can steer as needed. |
| 81 | +* We can identify and optimize tech stack diversity. |
| 82 | +* We can create awareness and culture shift on certain Legal Entities as needed (e.g., ratio of Open Source and InnerSource below average). |
| 83 | + |
| 84 | +## Rationale |
| 85 | + |
| 86 | +It creates a dynamic and extendable single source of truth for repositories to capture, visualize and act on source code repositories across the Organization. That helps to create awareness and focus efforts on the right direction. The Source Code Strategy Assessment Framework helps teams to understand the value of intentional explicit policies on how to manage source code. It helps to create both continuous improvement cycles and references within the Organization of what others are doing. |
| 87 | + |
| 88 | +## Known Instances |
| 89 | + |
| 90 | +This is under test at scale at: |
| 91 | + |
| 92 | +* Philips |
| 93 | + |
| 94 | +## References |
| 95 | + |
| 96 | +* Organization and Legal Entity terms as defined in [InnerSource License Pattern Glossary](../2-structured/innersource-license.md#glossary). |
| 97 | +* Explore using this pattern in combination with the [InnerSource Portal](../2-structured/innersource-portal.md) pattern. |
| 98 | + |
| 99 | +## Status |
| 100 | + |
| 101 | +* Initial |
| 102 | + |
| 103 | +## Author(s) |
| 104 | + |
| 105 | +* [David Terol](https://github.com/dterol23) |
| 106 | +* [Simao Williams](mailto://me@simaos.net) |
| 107 | + |
| 108 | +## Acknowledgements |
| 109 | + |
| 110 | +* [Sebastian Spier](https://github.com/spier) |
0 commit comments