Mitigate Software Risk

Governance is about optimizing value with an acceptable risk, depending on your risk tolerance. Software risk is one of the risk categories in the Mendix Governance Value Framework. Mitigating software risk involves ensuring that your software is tested and developed using best practices and reusable components.

How can I ensure limited access to higher environments such as acceptance and production?

Granular, environment-specific permission management is available for deployment and operations-related actions in Mendix Cloud. Under the Permissions tab of the Environments page, each developer can be assigned environment-specific permissions. This way, you can ensure that access to environments that require a higher level of security, such as Acceptance and Production, can be limited to select team members while environments with lower security requirements, like Test, can be more open for all team members.

How can the software packaging and release process be executed?

There are three ways to do the packaging, testing, and deployment of your software applications with Mendix:

    1. Manual Execution – Use a simple, intuitive UI for quick and easy deployments.
      You can manually package, deploy, and promote software with the click of a few buttons. This is the simplest of all the methods and best when you are just getting started with Mendix and want to simply, intuitively see your new features deployed.
    2. Automated with low-code Mendix Pipelines – Automate software delivery low-code style without leaving Mendix.
      Instead of manually executing the build and deployment steps each time for a release, it is possible to design a pipeline that is simply configured with your desired steps and have it executed automatically. A pipeline is analogous to an assembly line where small, manageable tasks are automated. It can be accessed via the Mendix Portal in Mendix. View this short video to get an introduction to it:
    3. Automated with APIs and your choice of third-party CI/CD tool – Automate software delivery by integrating with your tool of choice. Another way to achieve automation is by using Mendix APIs and webhooks in conjunction with third-part or custom-built CI/CD pipeline tooling. Notable tools in this area include, but are not limited to, Gitlab, Jenkins, Buddy, and Azure DevOps. Depending on the tool of your choice, you can create PowerShell, json, or yami scripts to set up a pipeline and have it run automatically upon set conditions. This method does require DevOps experience to set up but gives you all the flexibility you need. It’s relevant when you have specific, custom CI/CD steps to follow or when your organization has a pre-defined CI/CD process that you want to adopt for Mendix apps as well.

You can learn more about all methods of software delivery via this learning path.


  1. How can I ensure that applications built with Mendix are high quality?

     

  2. Mendix provides development teams with an extensive toolset and extension points to set up quality assurance via efficient test automation. Key capabilities, along with code quality and testing, are as follows:

Best Practice Recommender

Best Practice Recommender is an intelligent virtual co-developer that helps you improve your app by inspecting your app model against Mendix development best practices. It detects anti-patterns during design and development, highlights these anti-patterns, suggests how to resolve them, and, in some cases, can automatically fix these issues.

Unit Testing

In order to perform Unit Testing, Mendix has a Unit Testing module that provides an easy interface to manage and run Mendix and JUnit unit tests inside your application. Unit tests can be executed locally by a developer or also be called via remote APIs when they are used in CI/CD processes.

Code quality and open source health analysis

Mendix Quality and Security Management (QSM) offers a dashboard that provides instant insight into the quality of the application models you are building. QSM leverages the metadata-based Model API, performing static analysis of application models against the ISO 25010 industry standard for maintainability by a best-of-breed engine from our partner Software Improvement Group (SIG). Mendix QSM also analyses the status of the open-source components included in your Mendix apps to identify risks early on in the development process.

Load Testing

Load testing of web applications can be done using third-party tools such as JMeter, BlazeMeter, LoadRunner, etc. These tools allow users to record interactions with the web application and playback the interactions while simulating thousands of users and logging performance metrics.

Performance Monitoring

Mendix provides basic performance monitoring in-platform. The Metrics page contains graphs about your app and its environment. You can use this page to monitor the performance and health of your app. For example, you can track the usage growth of your app or debug performance problems. Advanced performance testing can be done by capturing and logging performance metrics in relevant Microflows. These logs and metrics can be captured and visualized using third-party application performance monitoring tools such as DataDog, App Dynamics, DynaTrace, and New Relic. Mendix provides out-of-the-box configuration to use Datadog, AppDynamics, Dynatrace, Splunk Cloud Platform, and New Relic to provide additional monitoring for your Mendix Apps running on Mendix Cloud.

Integration with other tools

Mendix provides an open and extensible toolset, which can be extended to support any number of third-party testing tools. Mendix supports the Selenium and JUnit testing frameworks. Mendix customers have also built testing suites using other third-party testing tools. These can also be triggered via APIs if needed in CI/CD processes.

For more information on this topic, refer to the detailed section on Quality & Test Automation.

How do I oversee the quality of my app landscape?

Mendix Quality and Security Management (QSM) offers a view of quality and open-source status across the Mendix application portfolio. The code quality of each app is measured along various dimensions such as Maintainability, Architecture, Open Source Health, Security, and Reliability to produce an overall rating.

Company admins can also set target scores in line with the organization’s risk appetite. An overview of quality across the app portfolio provides an easy way to identify the apps with poor quality. Company admins and developers can drill into the specific app to view the explanation of scores and take action to improve the quality of the application.

How can I share reusable content with my organization?

Mendix provides a public & private marketplace for sharing reusable components.

In the Public Marketplace, users can find content created and supported by Mendix but also components supplied by the community and partner offerings. With over 1,500 components such as modules, widgets, connectors, and services available, alongside starter apps and solutions, there is a lot of ready-made content to consume. Also, everyone can contribute to the Marketplace and share their content, enriching the marketplace catalog.

The Private Marketplace is where companies can privately share company content amongst their company platform users. The content in the private marketplace can be controlled and curated by administrators, ensuring that it adheres to company guidelines. Developers can easily submit content for approval by their admins and also find available company-approved reusable components, including company starter apps.

Mendix also provides an ability to share Data APIs and business events across the application landscape via Mendix Catalog. Catalog is a dedicated API directory enabling easy API discovery and reuse. It is also possible to govern access to the APIs and data sources via in-built governance capabilities.

How do I govern the components used in my app landscape?

Mendix apps are composable and an app can contain various kinds of dependencies such as modules, widgets, java libraries, etc. As the application landscape grows, it is critical to govern the components to ensure they are in line with your company guidelines. Software Composition is visible in the Control Center to enable this. It illustrates the components of each app as well as a list of unique components and their usage across the app landscape. Developers also have a similar visibility in the Mendix portal.

In addition to that, based on your organization’s compliance policies, company admins also have the ability to curate marketplace content based on their license or ownership. Say, if you would like to encourage your Mendix developers to use only Mendix-supported marketplace content except for exceptions, then you can curate the marketplace with these settings. Upon curation, the Mendix supported content in Marketplace web and in Studio Pro will be marked as recommended. Mendix developers would thus know the company-recommended components even before they start developing.