Spotify to Provide Opinionated Instance of Backstage IDP – DevOps.com

Spotify today announced it is making commercially available an instance of its internal developer portal (IDP) based on the open source Backstage platform the company earlier contributed to the Cloud Native Computing Foundation (CNCF).

Pia Nilsson, senior director of engineering for Spotify, said Spotify Portal for Backstage, available as a private beta today, provides platform engineering teams with low-code/no-code framework for setting up an IDP.

In addition, Spotify is now making enterprise support available for organizations that adopted Backstage, along with additional plug-ins that simplify integrations with tools and platforms from third-party vendors such as New Relic, Atlassian, Snyk and Datadog.

Finally, Spotify is adding capabilities to manage hackathons and surface usage insights. A forthcoming plug-in also promises to make it possible to add data entities to a software catalog residing in Backstage.

Backstage has been gaining traction as an IDP mainly because it provides an extensible framework for centralizing the management of developer environments.

Some organizations have found it challenging to build and deploy Backstage. So Spotify is now making available a more opinionated Spotify Portal implementation that is simpler to deploy, configure and manage using templates, noted Nilsson.

As applications have become more challenging to build there is more focus on improving developer productivity. At the same time, IDPs enable platform engineering teams to streamline the number of tools being employed in a way that serves to reduce the total cost of software development.

Many developers want to add tools as they best see fit, so DevOps teams need to find a way to strike a balance between reducing the cognitive load developers encounter and what could become an overly heavy-handed approach to centralizing DevOps workflows. If talented developers start heading for the exits because they don’t like the experience being provided, IT leaders will find it difficult to replace them.

The hope is that IDPs, when used within the context of platform engineering, will give developers more time to focus on writing business logic. However, application development is as much art as it is science. Just because developers have more time it does not necessarily follow that the insights and inspiration needed to write code automatically ensue. IDPs and platform engineering, at the very least, however, create the opportunity for developers to write more business logic faster. The degree to which that occurs naturally varies from one organization to the next.

Each organization will need to decide to what degree to embrace platform engineering, but regardless of their level of commitment IDPs can play a critical role in making it simpler to onboard developers to new projects, noted Nillson. In addition, an IDP makes it simpler for DevOps teams to track metrics such as the rate at which code is being updated, she said.

IDPs, of course, are not necessarily ideal but with the rise of Backstage there is clearly now more standardization, as DevOps teams continue to seek to eliminate as much friction as possible.

Filed Under: Blogs, Business of DevOps, Continuous Delivery, DevOps Toolbox, Doin’ DevOps, Enterprise DevOps, Features, Low-Code/No-Code, News, Social – Facebook, Social – X Tagged With: IDP, internal developer portal, Low-Code/No-Code, plug-ins, spotify

Secure Coding Practices

Step 1 of 7

14%

Does your organization currently implement secure guardrails in the software development process?(Required)

Yes, extensively across all projects

Yes, but only in specific projects or teams

In the process of implementation

No, but planning to in the near future

No, and no plans to implement

What are the biggest challenges you face in implementing secure guardrails within your development processes? (Select all that apply)(Required)

Lack of awareness or understanding

Technical difficulties in integration

Resistance from development teams

Lack of suitable tools

Cost constraints

Other
Other, tell us more:

How effective do you find secure guardrails in preventing security vulnerabilities in your projects? Rate on a scale from 1 (Not effective) to 5 (Highly effective)(Required)

1

2

3

4

5

To what extent are your secure guardrails automated?(Required)

Fully automated

Mostly automated with some manual processes

Equally automated and manual

Mostly manual with some automation

Entirely manual

What features do you prioritize in a secure guardrail solution? (Rank in order of importance)Ease of integration into existing workflowsComprehensive coverage of security vulnerabilitiesCustomizability for specific project needsMinimal impact on development speedActionable insights and recommendationsSupport for a wide range of programming languages and frameworks

What are your organization’s plans regarding the adoption or enhancement of secure guardrails within the next 12 months?(Required)

Expand the use of secure guardrails to more projects

Enhance the capabilities of existing secure guardrails

Maintain current level of secure guardrail use without changes

Reduce reliance on secure guardrails

No plans related to secure guardrails

What best describes your primary role?(Required)

Security Engineer

DevOps Engineer

Platform Engineer

Security champion on the development team

Software Developer

CISO (or equivalent)

Sr. Management (CEO, CTO, CIO, CPO, VP)

Manager, Director

Other

Δ