2.2 Scorecard Design
Compass can reduce friction for both developers and governance teams, helping to improve software health and quality while improving velocity. Scorecards help the developer community understand expectations upfront and provide transparency into progress against these expectations. This means less rework for software teams caused by compliance requirements being communicated late in the delivery cycle.
The transparency provided by scorecards means that governance teams can self-serve compliance information, enabling them to support teams that require it and enabling a faster flow for teams on the happy path. This typically results in fewer governance meetings and reporting requirements, removing a common friction point for software teams.
Below are some suggested steps to design scorecards that will be created within Compass.
2.2.1 Identify existing engineering standards or governance requirements
Transitioning existing engineering standards or governance requirements into Compass is the ideal way to get started with scorecards. Using an existing standard means Compass users and governance teams are given a soft entry into the platform, with a standard they are already familiar with.
It’s a good idea to list all of the standards and governance criteria that software teams are required to adhere to and pick one to start with.
Example: Vulnerability standardMegaBank requires that all software components maintain less than 10 open “Critical vulnerabilities”, and less than 10 open “High” vulnerabilities.
2.2.2 Identify data sources for scorecards
Once you have identified the standard, an appropriate data source will be required. Compass scorecards can ingest data from third-party apps and/or via API to provide a contextualized view according to your organization's needs.
It’s a good idea to list all of the standards and governance criteria that software teams are required to adhere to and pick one to start with.
Example: Vulnerability standardMegaBank uses Snyk to track and manage security vulnerabilities across its software estate. Snyk is identified as the source of data for vulnerability information and will be used to populate a Vulnerability Scorecard in Compass. A Snyk app is available in the Marketplace and will be used to connect Compass with Snyk.
2.2.3 Define criteria and weighting
Compass scorecards allow you to define both criteria and a weighting for each criterion. The weighting is used to manipulate the overall score based on the importance or weighting applied to each individual input.
Example: Vulnerability standard MegaBank is far more concerned with the number of open critical vulnerabilities, than the number of open high vulnerabilities. It therefore adds a 75% weighting to critical vulnerabilities, and a 25% weighting on High vulnerabilities.
2.2.4 Documenting Scorecard Design
Use the format below to capture Scorecard design details as you identify existing engineering standards or governance requirements that you want to build in Compass as scorecards. This enables you to get feedback and iterate before you build Compass scorecards.