Our software is built on the shoulders of giants. We use several third parties to perform continuous monitoring, host our apps, etc.; all should be approved on the GSA IT Standards list. A public, but only periodically updated, snapshot of the IT Standards is also available.
While we don’t formally recommend third-party services, a handful have been approved by GSA IT (some we pay for collectively) and provide services which are essential for attaining an Authority-to-Operate (ATO). To get started quickly and to ease the ATO burden, use these systems; pain awaits your project otherwise.
|Back end Performance Monitoring||New Relic APM|
|Continuous Integration||CircleCI and/or GitHub Actions|
|Dependency Analysis||Snyk and/or GitHub|
|Front end Performance Monitoring||Google Analytics (provided by DAP)
Note: New Relic is not approved.
|Infrastructure as a Service (IaaS)||Amazon Web Services GovCloud (provided by cloud.gov)|
|Platform as a Service (PaaS)||cloud.gov|
|Static Site Hosting||Federalist|
|Uptime Monitoring||New Relic Synthetics|
|User Analytics||Digital Analytics Program (DAP)|
We also track a second set of services that aren’t as essential as the above, but which we provide for consistency and shared knowledge across projects. These are good defaults should their need arise; you should generally think twice before building these tools yourself.
|Static Code Analysis||Code Climate Quality|
|Test Coverage Tracking||Code Climate Quality|