Eylam Milner
Aug 29 · 6 min read
When building legacy or cloud-native applications, codebases can quickly become entangled. This complexity becomes an issue when your teams add additional features, change existing parts of the application, or refactor it. These issues promptly reveal themselves when you deploy the application and are immediately followed by a mad scramble to diagnose what went wrong, fix errors, and roll back releases. This process is much simpler when you use a dependency graph for your application. This graph gives you a clear overview of each part of the codebase and how the different parts work with each other.
To use dependency graphs, follow the steps in this complete guide. Soon you’ll gain more control over your codebase and see your deployments speed up.
According to Pablo Azero of Jalasoft, “A dependency graph is a graph that represents dependencies between objects of some application domain.” That is, it’s a tool that maps out relationships between the different components of an application. It shows both the connections and directions of the dependencies to help you visualize which components depend on each other. The following figure shows an example of a dependency graph.
Dependency graphs can also help map out specific components. For example, you can create a data dependency graph to map out data relationships. Or you might create a GitHub dependency graph to keep track of repositories on the GitHub platform.
Dependency graphs help you manage code and applications better. How so? In any large application, the codebase becomes gnarled and difficult to manage. To achieve a high-level view of the components, you need to abstract the codebase. By doing so, you gain improvements in the following areas:
Now that you understand what dependency graphs are and why you should use them, follow these practical considerations for working with a dependency graph.
Start your dependency graph on paper or another drawing surface. Nothing beats the simplicity of hand drawing to get your ideas from thought to reality. This approach is good for a brain dump of your initial thoughts and is also the fastest way to get started.
Eventually, you’ll need to move to a digital tool to handle the complex nature of your application. Although you can choose from many digital options, opt for an interactive and intuitive tool that shows multiple views for a dependency graph, such as a matrix view. This type of view is especially useful when you need to look at a complex graph from different perspectives to better understand it.
A key aspect of a dependency graph is the ability to visualize it. If you can view the same graph in different layouts, you can greatly improve your understanding of your system’s architecture. The following example illustrates a visualization of a dependency graph.
The tool you choose matters in its ability to render the same dependency graph in more than one way. It must automate visualization of dependencies and not do it manually. Netlify and nDepend are two tools that visualize dependency graphs well. Irrespective of the tool you choose, you must be able to view the same dependency graph in more than one way.
After you visualize your dependency graph, identify and discover the different dependency patterns across the components. By exploring the various patterns and dependencies, you understand how your application functions and how to secure every part of the system.
GitHub generates its own dependency graph for any repository hosted on their platform. They gather data from the manifest and lockfiles and then map this information as a dependency graph. A GitHub dependency graph enables better security for those repositories.
A dependency graph maps out which parts of a system depend on which binaries. Larger and more complex applications have many dependencies. As a result, it can be difficult to identify why certain dependencies exist.
Digital graphing tools help because they provide a reason for a dependency. Depending on the reason, you can then decide, when prompted, whether to continue to allow that dependency or remove it. This way, you can resolve dependency confusion, such as version conflicts, selection errors, and unsafe dependencies.
At some point, you might need to change the structure of your system’s dependencies. For example, you might find redundant dependencies that you must delete. Or you might need to enhance dependencies to improve application performance. Regardless, you might need to change your codebase and can specify them to your overall architecture somewhere in the future. The process is much easier to manage with a dependency graph and results in a better performing application.
As you refactor your legacy application into a cloud-native application, break up dependencies into smaller, more modular parts. You do this step after decomposing an application from a monolith to a collection of microservices in the application layer. Similarly, you must break down dependencies, simplify them, and decouple them from each other.
A key reason to use a dependency graph is to better secure and protect your application. In particular, focus on your continuous integration and delivery (CI/CD) pipeline where your application is born and released to the world.
By using a purpose-built CI/CD security solution, you gain end-to-end visibility into the CI/CD pipeline for powerful security of your software system. The CI/CD security solution must have the following capabilities:
When used in combination with a dependency graph, this type of CI/CD tool gives you impressive control over how you build and ship software with the following capabilities:
When you have a clear view of all dependencies, remove any unnecessary and risky dependencies. The goal is to have as few dependencies as possible, so you have a smaller attack surface—a foundational principle for security. Dependency graphs help you see all dependencies, but it’s up to you to make changes to improve and reduce the number of dependencies in your software system.
Dependency graphs are essential for understanding how the components of your application relate to each other. By creating a dependency graph, you gain different perspectives and deeper insights into how your application’s components work with each other. Once you have your dependency graph, you can use it to improve your application’s testing, manage dependencies, and improve the security posture of your system. Finally, as you adopt dependency graphs to help manage your application codebases, secure and protect the integrity of your application throughout the DevOps CI/CD pipeline.
DevOps has evolved into a standard practice of software development. According to…
Logging in to websites to access your accounts isn’t as secure as…
Today’s businesses and enterprises are heavily dependent on software and applications for…
Cookie | Duration | Description |
---|---|---|
__hssrc | session | This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
elementor | never | This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time. |
JSESSIONID | session | Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
__hssc | 30 minutes | HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. |
bcookie | 2 years | LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID. |
lang | session | This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. |
lidc | 1 day | LinkedIn sets the lidc cookie to facilitate data center selection. |
messagesUtk | 1 year 24 days | This cookie is set by hubspot. This cookie is used to recognize the user who have chatted using the messages tool. This cookies is stored if the user leaves before they are added as a contact. If the returning user visits again with this cookie on the browser, the chat history with the user will be loaded. |
Cookie | Duration | Description |
---|---|---|
__hstc | 1 year 24 days | This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). |
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_1HW5JYG3DC | 2 years | This cookie is installed by Google Analytics. |
_gat_UA-191589358-1 | 1 minute | A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
hubspotutk | 1 year 24 days | This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts. |
Cookie | Duration | Description |
---|---|---|
bscookie | 2 years | This cookie is a browser ID cookie set by Linked share Buttons and ad tags. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
Cookie | Duration | Description |
---|---|---|
AnalyticsSyncHistory | 1 month | No description |
li_gc | 2 years | No description |
UserMatchHistory | 1 month | Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. |