Why Use DeployHub

DeployHub - a Catalog of Supply Chain Evidence

Why Use DeployHub

DeployHub is supply chain evidence catalog for publishing, versioning and sharing microservices and other Components such as DB objects and file objects. DeployHub centralizes everything you need to know about a component-driven architecture including Component level ownership, SBOMs, vulnerabilities, dependency relationships, key values, deployment metadata, consuming applications and versions. DeployHub harvests information from the DevOps pipeline centralizing supply chain data across tools and teams.

Supply Chain Catalog

DeployHub visualizes ‘logical’ application versions in a cloud-native architecture providing a clear view of the software supply chain and their consumers. With this Component level information, DeployHub can easily aggregate metadata up to the ’logical’ application producing application level SBOMs, CVEs, audit reports, deployment inventory and status.

DeployHub is particularly suited for a microservice architecture where hundreds of artifacts and repos are used, and a central view of the entire supply chain from a usage, security, and inventory perspective is required. When you outgrow your excel spreadsheet, its time to consider DeployHub.

DeployHub is based on the open-source Continuous Delivery Foundation project, Ortelius.io

Decoupled Environments are Complex

Migrating to decoupled, cloud-native architecture breaks the way we assemble and configure software. With a decoupled implementation, we no longer build a complete software solution, or Application Version. Instead we manage many moving parts that communicate at run-time based on APIs. The loss of the ‘Application Version’ disrupts the core of software delivery. It impacts most of our standard software practices including the generation of application security level reports. After all, everything is based on an Application Version from tracking changes request, determining differences, tracking relationships and supporting users. Without a method of tracking the logical Application, IT teams struggle to confirm that the software they deliver to end users is safe.

DeployHub is not a ‘microservice registry’ or ‘API Gateway." Instead, DeployHub interacts with the DevOps pipeline to automatically gather supply chain metadata. Tracking microservices and Components in this way facilitates their sharing and reuse across teams. DeployHub serves as an internal market place for finding, tracking and versioning microservices and relating them to the Applications that consume them. The publishing catalog is based on a Domain structure to support a Domain Driven Design.

Versioning - DeployHub’s Secret Sauce

DeployHub versions both Components and ’logical’ Applications. When versioning Components, DeployHub provides insights needed to determine if the service is safe for consumption including:

  • Software Bill of Material
  • Common Vulnerabilities and Exposures (CVE)
  • Swagger Details
  • Readme and Licensing
  • Consuming Applications
  • Ownership
  • Git repo
  • Git Commit (Tag and branch)
  • CI/CD Build Number
  • Container SHA
  • Docker Registry
  • Key Values
  • Deployment Script (Helm Chart, Ansible Playbook, etc.)
  • Any Attributes (DB Name for example)

Application Versions are based on a collection of Component Versions. If a new version of a Component is built or registered, DeployHub auto increments the Component version and the consuming Application version. Dashboards are provided for each new Application version showing:

  • A full map of all the microservices, or Components, the Application version is consuming.
  • An Application Level SBOM, based on all Component SBOMs
  • An Application Level CVE
  • The specific changes that created the new Application version (your new diff report)
  • The audit history
  • Log history
  • Where it is running
  • Trends (Deployment time, success failure rates)

This level of information can also be viewed from the Component level showing similar information to the Application, but instead showing the Applications that are dependent on the microservice (Component).

Other Core Features

Domain-Driven-Design: First and most important is the DeployHub Domain structure for cataloging and sharing microservices. This feature organizes your microservice in a method that encourages reuse and sharing across development teams.

Dependency maps: Shows you the ’logical’ view of your application and which microservices, or Components, it consumes. Once you begin sharing microservices, you need to track who is using the microservice. An Application is a logical collection of Components that make up an entire software solution.

Application Level SBOMs and CVE: DeployHub aggregates all Component level data up to the logical Application Version making it easy to provide security reporting on a complete software system, even when it is decoupled.

Blast Radius: Know your service impact before you ever deploy. DeployHub can provide predictive insights showing what Applications will be impacted by an updated service. DeployHub provides this data in clear maps of dependent Applications and services.

Improved incident response: DeployHub makes it easy to find the owner of microservice or common Component, and contact them through PagerDuty, HipChat, Discord, Slack, email or phone.

Integrates into your CD pipeline: DeployHub is automated via your CD Pipeline to continuously version your decoupled architecture with changes, including where they are deployed.

Agentless Software Releases: If you do not currently use an automated deployment solution, DeployHub includes an agentless release engine for deploying Components and Applications across your Environments. Alternatively, DeployHub can integrate with your existing deployment solutions such as Helm, Spinnaker or any release solution with APIs or CLIs.

Agentless Delivery

If you do not have a centralized solution for automating deployments, DeployHub can help. DeployHub Pro includes a deployment engine for pushing Components to your Endpoints (Clusters, Cloud, etc.) using an agentless architecture. The deployment engine can support containers, DB Updates. and file updates (.dll, .jar, Apex files, Lamda functions, Terraform, z/OS objects, etc.)

This agentless technology works for both cloud native and legacy architectures including:

  • AWS, Google Compute, Azure
  • Cloud Foundry
  • Kubernetes, Docker
  • SalesForce
  • Windows 2008, Windows 2012
  • Solaris, HP-UX, AIX, Linux
  • Microsoft Azure
  • Ubantu, Redhat, SuSe, Debina
  • Tandem, Stratus, IBM iSeries, OpenVMS, Unisys, IBM 4690
  • z/OS
  • Jetty, Tomcat, WebSphere
  • Microsoft IIS, Microsoft SQL Server, Oracle
  • Request Routers and Appliances

Free Version with Optional Pro Upgrade

DeployHub Team

Our free version is based upon the Ortleius open source project. DeployHub Team can be used from the hosted site or installed on premise. It is a strategic and fully open source supply chain catalog that integrates with your DevOps tools. It supports unlimited endpoints, versions, deployments and users. Sign-up at deployhub.com. This version does not include the agentless deployment engine or Group access controls.

DeployHub Pro

For additional security features, agentless deployments and support, DeployHub Pro includes extended Users and Group access controls as well as more granular Domains.

Unique to DeployHub Pro are “Divisional Domains.” These Domains allow you to expand and model your environments based on your organizational top-down structure. It also gives you the ability to restrict microservice read/write access to only certain Groups of Users.

DeployHub Pro also provides integration to tools such as Bugzilla, GitHub Issues and Jira for tracking your complete value stream from change request to final endpoint. It also includes ‘smart’ calendars for scheduling deployments.


Last modified October 26, 2022: Updated CLI info and CD Integration (9f484e0)