Tools Thoughtworks Technology Radar to continuously monitor code bases and send alerts when a match occurs. Now that we’ve gained more experience with Sourcegraph, we decided to move it into the Trial ring to reflect our positive experience — which doesn’t mean that Sourcegraph is better than Comby. Each tool focuses on a different niche. 57. Syft Trial One of the key elements of improving “supply chain security” is using a Software Bill of Materials (SBOM), which is why publishing an SBOM along with the software artifact is increasingly important. Syft is a CLI tool and Go library for generating an SBOM from container images and file systems. It can generate the SBOM output in multiple formats, including JSON, CycloneDX and SPDX. The SBOM output of Syft can be used by Grype for vulnerability scanning. One way to publish the generated SBOM along with the image is to add it as an attestation using Cosign. This allows consumers of the image to verify the SBOM and to use it for further analysis. 58. Volta Trial When working on multiple JavaScript codebases at the same time, it’s often necessary to use different versions of Node and other JavaScript tools. On developer machines, these tools are usually installed in the user account or the machine itself, which means a solution is needed to switch between multiple installations. For Node itself there’s nvm, but we want to highlight Volta as an alternative that we’re seeing in use with our teams. Volta has several advantages over using nvm: it can manage other JavaScript tools such as Yarn; it also has the notion of pinning a version of the toolchain on a project basis, which means that developers can simply use the tools in a given code directory without having to worry about manually switching between tool versions — Volta simply uses shims in the path to select the pinned version. Written in Rust, Volta is fast and ships as a single binary without dependencies. 59. Web Test Runner Trial Web Test Runner is a package within the Modern Web project, which provides several high-quality tools for modern web development with support for web standards like ES Modules. Web Test Runner is a test runner for web applications. One of its advantages compared to existing test runners is that it runs tests in the browser (which could be headless). It supports multiple browser launchers — including Puppeteer, Playwright, and Selenium — and uses Mocha by default for the test framework. The tests run pretty fast, and we like that we can open a browser window with devtools when debugging. Web Test Runner internally uses Web Dev Server which allows us to leverage its great plugin API for adding customized plugins for our test suite. Modern Web tools look like a very promising developer toolchain, and we’re already using it in a few projects. 60. CDKTF Assess By now many organizations have created sprawling landscapes of services in the cloud. Of course, this is only possible when using infrastructure as code and mature tooling. We still like Terraform, not the least because of its rich and growing ecosystem. However, the lack of abstractions in HCL, Terraform’s default configuration language, effectively creates a glass ceiling. Using Terragrunt © Thoughtworks, Inc. All Rights Reserved. 29