The Essential Project Forum

We're working the playbooks to have a more complete (and current) list of technology and applications. One thing I'm wondering is how much detail to track for in-house applications with regard to build-time dependencies (i.e. npm packages) that are required to build an application versus run-time dependencies that are required to run the application in production (i.e. NodeJS, .NET).

Given the amount of libraries required in a build configuration and how often these change, I question the value that tracking these would bring. Certain major components would be useful to know they exist in a solution (i.e. log4j) to ensure lifecycle is managed appropriately, but we may not need to know everything.

I'm curious to know what level of detail others are tracking here and what benefit it provides for you?

The vast majority of our users focus purely on the run-time technology products supporting Applications. As you suggest, there are occasions when build-time technologies are included inwhich case I believe that what is important is to have consistent and reasonably clear heuristics for when to include them; for example, if they have a significant impact on the business or broader IT landscape from a security or vendor lifecycle status point of view.