Tools
Adopt
-
42. Bruno
Bruno is an open-source desktop alternative to Postman and Insomnia for API testing, development and debugging. It aims to provide superior collaboration, privacy and security with its simple offline-only design. Collections are stored directly in your filesystem — written in a custom plain text markup language, Bru Lang, and can be shared with Git or a version control tool of your choice to collaborate. Bruno is available both as a desktop app and a CLI tool. It also offers an official VS Code extension, with plans for additional IDE support. Bruno has become the default choice for several Thoughtworks teams, but we also advise teams to be on guard when working under VPN and proxy environments, since requests made in such conditions have been reported to fail unexpectedly.
-
43. K9s
K9s has improved its visualization capabilities by integrating more detailed graphs and views. It now offers better representation of logs and metrics and is more flexible in how it displays custom resources (CRDs). The operations on pods have been expanded and include greater integration with debugging tools (e.g., kubectl debug) and enhanced support for multi-cluster environments. Support for CRDs has significantly improved and now provides better navigation and management of these resources as well as smoother interaction with custom resources. The shortcuts panel has also been enhanced to make it more accessible for developers who are less experienced with kubectl. This is a significant improvement, as K9s initially focused primarily on DevOps teams.
-
44. SOPS
SOPS is an editor of encrypted files that supports various file formats of encrypts with KMS. Our advice when it comes to secrets management has always been to decouple it from source code. However, when faced with a choice between full automation (in the spirit of infrastructure as code) and a few manual steps (using tools like vaults) for managing, seeding and rotating seed secrets, teams often face a tradeoff. For example, our teams use SOPS to manage seed credentials for bootstrapping infrastructure. In some situations, however, it's impossible to remove secrets from legacy code repositories. In those instances, we use SOPS to encrypt secrets in text files. SOPS integrates with cloud-managed keystores such as AWS and GCP Key Management Service (KMS) or Azure Key Vault as sources of encryption keys. It also works cross-platform and supports PGP keys. Several of our teams use SOPS by default when they have to manage secrets in the code repository.
-
45. Visual regression testing tools
We've highlighted visual regression testing tools before and have observed their algorithms evolve from primitive pixel-level comparison to sophisticated pattern-matching and optical character recognition (OCR). Early visual regression tools generated many false positives and were only useful in later stages of development when the interface became stable. BackstopJS avoids this problem by configuring selectors and viewports to pinpoint visual tests to specific elements on the page. But machine learning has made it easier to detect and compare visual elements more accurately, even if they happen to have moved or contain dynamic content. These tools have become steadily more useful and are well-positioned to take advantage of the latest developments in AI and machine learning. Several commercial tools such as Applitools and Percy now claim to use AI in their visual regression tests. One of our teams has been using Applitools Eyes extensively and have been happy with the results. Although visual regression tests are no substitute for well-written end-to-end functional tests, they're a valuable addition to the testing toolbox. We're moving them to adopt because they have become a safe default option as one element in a comprehensive UI test strategy.
-
46. Wiz
Wiz has emerged as the cloud security platform of choice on many of our projects. Our teams appreciate that it enables them to detect risks and threats sooner than similar tools as it continuously scans for changes. Wiz can detect and alert on misconfigurations, vulnerabilities and leaked secrets both in artifacts that have yet to be deployed to live environments (container images, infrastructure code) as well as live workloads (containers, VMs and cloud services). We also appreciate the powerful reporting capability for both development teams and leadership. This analysis helps us understand how a vulnerability can affect a given service so that we can resolve issues in that context.
Trial
-
47. AWS Control Tower
AWS Control Tower continues to be our go-to choice for managing AWS accounts in a multi-team environment. It provides a convenient mechanism to preconfigure security and compliance controls that will be automatically applied to new landing zones. This is an example of "compliance at the point of change" because the controls are applied and verified whenever new infrastructure is created, eliminating the need for manual compliance checks later on. AWS Control Tower Account Factory for Terraform (AFT) has continued to evolve since our last volume and is now available in more AWS regions. AFT allows Control Tower accounts to be provisioned by an infrastructure-as-code pipeline. We like that AFT can be customized to send webhooks or take specific actions to integrate safely and securely with external tools like GitHub Actions. Our teams have reported great results using AWS Control Tower to manage accounts, but we do wish AWS would accept community contributions to the project when there are opportunities for enhancement.
-
48. CCMenu
For teams practicing continuous integration it's important to be aware of the state of the central build on the continuous integration (CI) system. Before the pandemic, dashboards on large TV screens in the team rooms provided this information at a glance. With remote working here to stay, a solution is needed that works on individual developer workstations. For the Mac that niche is covered by CCMenu, a small app written by a Thoughtworker. Originally part of CruiseControl, it works with all servers that can provide information in cctray format, including Jenkins and TeamCity. A recent rewrite has added support for GitHub Actions and paved the way for deeper integration with more CI servers and authentication styles.
-
49. ClickHouse
ClickHouse is an open-source, columnar online analytical processing (OLAP) database for real-time analytics. It started as an experimental project in 2009 and has since matured into a highly performant and linearly scalable analytical database. Its efficient query processing engine together with data compression makes it suitable to run interactive queries without pre-aggregation. ClickHouse is also a great storage choice for OpenTelemetry data. Its integration with Jaeger allows you to store massive volumes of traces and analyze them efficiently.
-
50. Devbox
Despite advances in development tooling, maintaining consistent local development environments remains a challenge for many teams. Onboarding new engineers often entails running commands or custom scripts that can fail unpredictably across different machines and result in inconsistencies. To solve this challenge, our teams have increasingly relied on Devbox. Devbox is a command-line tool that provides an approachable interface for creating reproducible, per-project local development environments, leveraging the Nix package manager without using virtual machines or containers. It has notably streamlined their onboarding workflow because once it has been configured for a codebase, it takes one CLI command (
devbox shell) to reproduce the defined environment on a new device. Devbox supports shell hooks, custom scripts and devcontainer.json generation for integration with VSCode. -
51. Difftastic
Difftastic is a tool for highlighting differences between code files in a syntax-aware way. This is quite different from textual diffing tools, like the venerable Unix
diffcommand. For example, Difftastic will ignore newlines inserted to break up long statements in languages like Java or TypeScript that are semicolon delimited. The tool only highlights changes that impact the syntax of the program. It does this by first parsing the files into abstract syntax trees and then computing the distance between them using Dijkstra's algorithm. We've found Difftastic to be particularly useful for understanding changes when reviewing large codebases. Difftastic can be used on any programming language for which a parser is available and out of the box supports more than 50 programming languages as well as structured text formats like CSS and HTML. This isn't a new tool, but we thought it was worth calling attention to in the age of LLM coding assistants where human-in-the-loop reviews of ever larger codebases are increasingly critical. -
52. LinearB
LinearB, a software engineering intelligence platform, has empowered our engineering leaders with data-driven insights to support continuous improvement. It aligns key areas such as benchmarking, workflow automation and targeted investments in enhancing developer experience and productivity. Our experience with LinearB highlights its ability to foster a culture of improvement and efficiency within engineering teams. Our teams have used the platform to track key engineering metrics, identify areas for enhancement and implement evidence-based actions. These capabilities align well with LinearB’s core value proposition: benchmarking, automating metric collection and enabling data-driven improvements. LinearB integrates with source code, application lifecycle, CI/CD and communication tools and uses both preconfigured and custom engineering metrics to provide comprehensive quantitative insights into developer experience, productivity and team performance. As advocates of DORA, we appreciate LinearB’s strong emphasis on these specific metrics and its ability to measure key aspects of software delivery performance, which are essential for improving efficiency. Historically, teams have faced challenges in gathering DORA-specific metrics, often relying on complex custom dashboards or manual processes. LinearB continues to offer a compelling solution that automates the tracking of these metrics and delivers real-time data that supports proactive decision-making around developer experience, productivity and predictability.
-
53. pgvector
pgvector is an open-source vector similarity search extension for PostgreSQL, allowing the storage of vectors alongside structured data in a single, well-established database. While it lacks some advanced features of specialized vector databases, it benefits from ACID compliance, point-in-time recovery and other robust features of PostgreSQL. With the rise of generative AI-powered applications, we see a growing pattern of storing and efficiently searching embedding vectors for similarities, which pgvector addresses effectively. With pgvector’s growing use in production environments, especially where teams are already using a cloud provider that offers managed PostgreSQL, and its proven ability to meet common vector search needs without requiring a separate vector store, we're confident in its potential. Our teams have found it valuable in projects comparing structured and unstructured data, demonstrating its potential for broader adoption, and we're therefore moving it to the Trial ring.
-
54. Snapcraft build tool
Snapcraft is an open-source command-line tool for building and packaging self-contained applications called snaps on Ubuntu, other Linux distributions and macOS. Snaps are easy to deploy and maintain across hardware platforms, including Linux machines, virtual environments and vehicle on-board computer systems. While Snapcraft offers a public app store for publishing snaps, our teams use the build tool to package the autonomous driving system as a snap without publishing it to the public app store. This allows us to build, test and debug the embedded software system locally while publishing it to an internal artifact repository.
-
55. Spinnaker
Spinnaker is an open-source continuous delivery platform created by Netflix. It implements cluster management and deployment of baked images to the cloud as first-class features. We like Spinnaker's opinionated approach for deploying microservices. In previous editions, we noted its inability to configure pipelines as code, but that has been addressed with the addition of the spin CLI. Even though we don't recommend Spinnaker for simple CD scenarios, it has become a tool of choice for many in complex situations with equally complex deployment pipelines.
-
56. TypeScript OpenAPI
TypeScript OpenAPI (or tsoa) is an alternative to Swagger for generating OpenAPI specs from your code. It’s code-first, with TypeScript controllers and models as the single source of truth and uses TypeScript annotations or decorators rather than requiring more complex files and configurations when using OpenAPI tooling for TypeScript. It generates both 2.0 and 3.0 API specifications and routes can be generated for Express, Hapi and Koa. If you're writing APIs in TypeScript, this project is worth taking a look at.
-
57. Unleash
Although using the simplest feature toggle possible remains our recommended approach, scaling teams and faster development make managing hand-crafted toggles more complex. Unleash is an option widely used by our teams to address this complexity and enable CI/CD. It can be used either as a service or self-hosted. It provides SDKs in several languages with a good developer experience and friendly UI for administration. Although there’s no official support for the OpenFeature specification yet, you can find community-maintained providers for Go and Java. Unleash can be used for simple feature toggles as well as segmentation and gradual rollouts, making it a suitable option for feature management at scale.
Hold
-
74. CocoaPods
CocoaPods has been a popular dependency management tool for Swift and Objective-C Cocoa projects. However, the CocoaPods team announced that the project is in maintenance mode after more than a decade of being a key tool for iOS and macOS developers. While the tool and its resources will remain available, active development will cease. Developers are encouraged to transition to Swift Package Manager, which offers native integration with Xcode and better long-term support from Apple.
Unable to find something you expected to see?
Each edition of the Radar features blips reflecting what we came across during the previous six months. We might have covered what you are looking for on a previous Radar already. We sometimes cull things just because there are too many to talk about. A blip might also be missing because the Radar reflects our experience, it is not based on a comprehensive market analysis.
