Back in April of this year, Tidelift demonstrated our initial integration with Atlassian Compass during DevOps and Agile Keynote at the Atlassian Team’22 event. Since then, a lot has happened (including participation in our Series C funding round by Atlassian Ventures). We have been working hard to enhance the integration and now have some great news—we have moved to an alpha release!
These latest capabilities are built for teams looking for ways to integrate technical debt mitigation strategies into their regular development cadence without compromising on delivering new features. Tidelift allows organizations to centralize decisions about what open source releases meet the organization’s standards, and provide recommendations on how to remediate issues if a release does not meet the organization's standards.
With the Tidelift integration, teams using Compass can review their application’s open source health on a regular basis during retrospectives or the upcoming development cycle. The Tidelift overview can help teams determine if they need to dedicate time to remediating issues, and discuss any new issues introduced in the previous development cycle. These metrics can be used to prioritize and plan small pieces of work to bring applications up to date over time, making it easier to respond to any serious issues that are unexpectedly discovered and need to be addressed.
Teams can use the project health score to highlight the most impactful areas to improve application resilience and security. The denied packages list will show open source releases in use that do not meet the organization’s standards, and have been denied for new use.
Technical debt is a well-known, but under-considered, drag on a development team’s velocity. Some of it is from conscious decisions for the sake of delivering a feature quicker, but some comes from not having the time to perform maintenance on older features. Fixing something that isn’t causing a problem yet isn’t glamorous and often gets no accolades.
It might well be that applications that are a few years old still work fine, but the open source components they rely on are now multiple major versions behind the latest and no longer receive security updates. Since the code still works, they may be reluctant to make updates that could involve breaking changes, or they may not be able to justify the time and effort required to do so.
The cost of ignoring updates eventually becomes apparent in two ways: when developers have to do a massive upgrade just to build what would otherwise be a simple task, or when a major security issue is discovered. Too often, teams then find themselves with a long list of items to address, multiplied by all the applications they might be responsible for.
With the Tidelift integration with Compass in place, your team will see just the items your organization has determined as worth addressing as part of their regular cadence.