What story does your dependency tree tell you about your organisation?

If you're building (internal) tooling, but don't know if your customers are using it, is it worth it? What about spending time building support for frameworks your teams don't use?

There are a whole host of problems that can be solved by understanding the usage of dependencies, including learning what end-of-life software you're using, or which maintainers you should really be funding.

In this tutorial session, you'll get a taste for the insights you can get into your repositories using Open Source tooling, dependency-management-data (DMD) and some immediately actionable steps you can take off the back of it.

This tutorial aims to give participants a practical opportunity to consider that there is a wealth of knowledge they can glean through their dependency tree.

The session will start with an overview of the dependency-management-data (DMD) Open Source project, a quick-start for how to collect data through a few different means and consume it into DMD, after which participants will then be able to ingest their own projects.

Participants will see how they can write (somewhat straightforward) SQL queries to answer questions they didn't realise they've always had, but not had the ability to ask, with the opportunity to explore their own repos and the data they can understand from it.

While exploring the data on their own, participants will also hear from case studies from the companies using DMD (such as Elastic, Deliveroo and GitHub's Open Source Program Office (OSPO), as well as publicly available data), who have had a boost in productivity and insight for for their Platform/Engineering Productivity teams, as they're now able to answer questions they couldn't before using the tooling, and how it has drastically improved the developer experience for these teams in understanding their customers better.

We'll dig into how this can also be useful for product engineering teams, for instance to understand how much of their upcoming time should be allocated towards upgrading from end-of-life software, or understanding if a project that hasn't been maintained in 5 years needs to be replaced.

However, it's not until people have actually seen the value of this data for themselves that they realise they've been lacking this insight, so giving folks an opportunity to try the tooling against their own repos is key to convincing them of the value, so they can then be advocates for this data internally.

The tutorial session will utilise slides for the introduction, then a live demo of a locally-running web application to mirror what participants will be able to see.

We'll also look at how this doesn't require you to use DMD itself - the opposite of this being a vendor/product pitch - but that you can probably take the data in your existing Software Composition Analysis (SCA) tool and get similar insights.

Organisations that are able to start taking this sort of data are in my opinion, much more effective and resilient, and I'm very passionate about teaching others about this!