Source Control Functional Component

id EAID 08B37A82 5FE6 4c69 8995 597440EDDDBF
Figure 1. Source Control Functional Component Model


The Source Control functional component manages all the source code (and tracks all changes to the source) for a Digital Product. It is the system of record for all sources and configuration changes which fall under version control. The Source Control functional component ensures that access and updates to the source code are securely controlled.

In this context, “Source” also includes code that captures changes and configurations made to package-based software and SaaS applications; for example, configuring or customizing standard packages such as modifying business rules and workflows, configuring APIs, database configuration, etc. The Source Control functional component additionally manages the source code related to infrastructure (referred to as infrastructure as code).

Since all modifications in the source code repository are under change and version control, any source code changes need to be traced back to associated Product Backlog Items. As part of product development, various other automation routines are created such as test scripts, deployment templates, or workflows and monitors (e.g., monitoring as code). These automation scripts are also maintained by the Source Control functional component.

The Source Control functional component supports the Integrate value stream.

Functional Criteria

The Source Control functional component:

  • Shall be the system of record (authoritative source) for all Sources

  • Shall associate the source code repository to the Digital Product (owning the Source)

  • Shall implement the necessary security controls to protect and manage access to source code

  • Shall manage the lifecycle of the Source

  • Shall ensure Source updates are traced back to one or more Product Backlog Items (they understand the origin of changes)

  • Shall allow and promote the reuse of code between products and teams

  • Shall cover all source codes including infrastructure as code, as well as source code for automated Test Cases, monitoring (monitoring as code), etc.

  • Can integrate with external sources such as open-source libraries and third-party vendor repositories

  • Shall integrate with collaboration and communication tools to inform relevant stakeholders of Source updates

  • Shall allow for peer reviews of source code changes/commits

  • Shall allow analytics and statistics of source code changes over time

  • Shall allow the ability to compare Source updates/changes (between the different branches and versions)

  • Shall verify source code quality and conformance to coding and security standards and policies (using Test functional components such as Code Quality Scanning)

  • Shall analyze the code (including all related open-source/third-party source codes) for security issues, vulnerabilities, and risks

  • Shall code or configure Test Cases as part of product development (linked to the Test functional component); automated test scripts are maintained in the Source Control functional component as well

  • Shall integrate with code editors to perform the creation and/or updates of source codes