Automate and streamline governance

Before getting started with connecting your data in Cortex, you may need to work across your engineering teams to understand your currently-identified standards.

As an internal exercise, work with your teams to gather a list of all your current engineering standards. Review the list to consolidate redundant requirements, remove unnecessary standards, and narrow down the categories you want to focus on (such as operational efficiency, incident management, etc.).

Step 1.1: Consolidate existing standards

Review your organization's existing standards that you currently track in spreadsheets or other locations. Check for overlapping standards, or requirements that don't serve a helpful purpose.

For example, a team might have a legacy requirement that a repo has at least one commit every 3 weeks. Looking further into the requirement, it appears that engineers have been making a whitespace edit on the repo's README every 3 weeks. In this case, the requirement is not enforcing excellence; you might decide to ignore that requirement moving forward.

Step 1.2: Consolidate your standards categories

With the remaining rules, start narrowing down the overall categories. The things you want to continue measuring — like DORA metrics, Production Readiness, Risk Management, and more — will become your Scorecards in Cortex. Some categories may be closely related and can be consolidated.

In the example from Cortex customer Skyscanner, they started out with 200 markdown files containing various engineering team standards. They narrowed them down to 15 general categories (such as AI Governance, Operational Excellence, and DORA Metrics), then they reviewed the rules to ensure they were up to date and served a purpose.

Before getting started on any use case, it is crucial to import your services, resources, infrastructure, and other entities, and to have clear visibility into the ownership of your entities.

Connecting your entities to Cortex establishes a single source of truth across your engineering organization. It enables the ability to track progress via Scorecards, automate Workflows, and gain insights from Eng Intelligence.

Setting ownership of entities ensures that every service and system is clearly linked to accountable teams or individuals, enabling faster incident response, reducing handoff friction, and making it possible to enforce standards consistently.

The more data you have available, the more actionable and insightful your Scorecards can be.

Relevant integrations

Cortex recommends integrating with tools that provide visibility and control over code, deployments, monitoring, on-call, and documentation. Make sure you have configured integrations for the following categories:

• Version control: Azure DevOps, Bitbucket, GitHub, GitLab

  • Enforce best practices like peer reviews, CI/CD pipelines, and versioning

• On-call: PagerDuty, Opsgenie, Splunk On-Call (formerly VictorOps), xMatters

  • Track on-call responsibilities to confirm that support teams are always assigned

• Project management: GitHub, Jira, Azure DevOps, ClickUp

  • Track incidents, bugs, and compliance issues

• Code quality and security: Checkmarx, Codecov, Mend, Snyk, SonarQube, Veracode, Wiz

  • Enforce code coverage, vulnerability scanning, and other quality measures

Cortex also recommends linking to runbooks and documentation for your entities, ensuring your users have access to critical information.

With your data in Cortex, you have a jumping-off point to start measuring the standards that matter most to your organization.

Scorecards automate the process of checking whether services meet criteria such as ownership, on-call coverage, runbooks, monitoring, and security requirements.

Cortex's templates include predefined rules which can be customized based on your organization's requirements, infrastructure, and goals. Most of the templates are structured into three levels — Bronze, Silver, and Gold — with each representing increasing levels of maturity.

Step 3.1: Define clear levels to be used across all Scorecards

Before creating Scorecards in Cortex, consider using the same level names across all of your Scorecards that measure standards. This consistency enables leaders and engineers across different teams to understand the progress of any given Scorecard.

• In the Skyscanner example, they named their levels "No level," "Baseline," "Mature," and "Advanced."

Step 3.2: Create Scorecards

Create a Scorecard for each of the categories your organization has decided to focus on. You can get started quickly with a prebuilt template. When you use Scorecard templates, you can customize rules and level names.

Cortex has templates for common engineering use cases, such as Production Readiness, AI Governance, Security, DORA Operational Readiness, Incident Preparedness, Code Quality, and more.

1. On the Scorecards page in your workspace, click Create Scorecard.

2. On the template you want to use, click Use.

1. Configure basic settings, including the Scorecard's name, unique identifier, description, and more.

   1. Learn about configuring the basic settings in the Creating a Scorecard documentation.

2. Repeat this process for each Scorecard you want to launch.

As entities are evaluated against Scorecard rules, engineers will see tasks appear on their engineering homepage for the entities they own.

You can use Workflows to streamline and standardize engineering processes by turning best practices and readiness checks into repeatable, self-service automations.

Workflows to establish adherence to best practices

• You can add manual approval steps in a Workflow to require sign-off from specific team members before a service is considered production-ready, ensuring accountability and providing an audit trail.

  • See the documentation on configuring a Manual approval block.

• When Scaffolding new services, you can use templates to ensure that every new service starts with baseline standards (e.g., on-call information, runbooks, SLOs configured, and more).

  • See the documentation on registering a Scaffolder template and configuring a Scaffolder block.

Workflows based on Scorecard progress

In a Workflow, you can use an HTTP request to get an individual entity's score or the latest scores for all entities on a given Scorecard, then configure additional steps to take actions based on the score.

For example, you could create a Workflow that blocks deployment based on Scorecard scores, ensuring that a deployment is blocked if the entity has not met your standards.

• See an example of this Workflow in the template "Deploy to prod based on Scorecard score" in your Cortex workspace:

  

  • When the Workflow runs, it checks whether the entity has achieved the "Gold" level standard in the Scorecard. If it has, the deployment continues. If it has not, the Workflow automatically sends a Slack message to notify the entity owner.

  • The template is prebuilt to point at a Production Readiness Scorecard, but can be modified to point to any Scorecard.

Review reports for visibility into Scorecard progress, compliance, and blockers. The Bird's Eye report gives you quick insight into where gaps are across the organization:

Use Eng Intelligence features — such as the Velocity Dashboard and Metrics Explorer — to understand your baseline metrics.

Review trends in areas such as deployment frequency, incident response, and other indicators that are important to your organization. This helps you identify areas where teams or services are falling behind.