There's no guarantees in life except for death and taxes... and that your software library dependencies will probably be out of date next week 😅. Software doesn't maintain itself - at least not yet - so developers need to spend time keeping things functional and up to date.

In this Expert Chat, we talk with Jeroen Fürst - a long time Kentico MVP and architect at TrueLime a Kentico Gold partner digital agency.

Jeroen shares his perspective on how his team keeps their Kentico solutions up to date, why it's never been easier than with Xperience by Kentico's continuous and incremental release cycle, and how he explains the value of this work to his agency's clients.

Expert chat

What's the value?

I think a technical audience might quickly jump to discussing the "how" or maybe even the "why" DXP project dependencies need to be kept up to date.

But this conversation starts with a higher level variation of the "why" question - what's the value, both generally and with Xperience by Kentico, in keeping dependencies up to date? Jeroen shares his thoughts.

It's important that software gets its updates regularly [...] because software nowadays gets attacked a lot, there are security vulnerabilities inside software, and you need to address them.

Luckily the software nowadays is easier to update coming from very early versions of Kentico [...] but nowadays it's very common that these updates are smaller in scale, meaning that monthly or every 2 months we can apply patches or even Refreshes [...] with an additional benefit of getting new features.

Jeroen also mentions that the peace of mind this security focus brings gives confidence to the IT teams his clients have, but marketers see less value here. They are more interested in the new features and capabilities being delivered monthly in Xperience by Kentico.

This makes a lot of sense! The value can vary from person to person. It's important to identify and communicate it to each stakeholder.

Renovate keeps you up to date

Jeroen explains his team uses Renovate, brining automation to dependency management.

Renovate is an automated dependency update tool. It helps to update dependencies in your code without needing to do it manually. When Renovate runs on your repo, it looks for references to dependencies (both public and private) and, if there are newer versions available, Renovate can create pull requests to update your versions automatically.

Fellow Kentico MVP, Liam Goldfinch, wrote about using a similar technology called Dependabot to keep an Xperience by Kentico project up to date.

Jeroen mentions his team is investing in Renovate because it makes the work of updating dependencies easier.

The time to go to the next version is getting easier with less risks because the software automation part, testing, ect... has quite matured over the last couple of years and therefore we can apply these updates when they become available to keep our software up to date.

Smaller more frequent updates, applied through automation are easier for a team to manage. This means it's easier to communicate the value to clients since the cost in developer hours is lower.

Higher value and lower cost means better ROI, which is something that marketing teams are definitely interested in with their DXP solution investments.

What happens if you get behind?

Another important point to remember is the opportunity cost of not keeping a project's dependencies updated now. If you wait, and keep putting off the updates to save time and money you could end up with a much higher total cost later.

Has technology moved on in the meantime? Is there budget available to do a large number of updates all at once? Taking this approach almost never involves automation, which means increased cost.

Jeroen says this can put a team in a position where they have a choice to make - go through the process of applying all the updates or start a rebuild. No one likes hearing the dreaded R word!

If the updates are on a more regular basis and smaller, piece by piece, then it's much easier to keep on track and be aligned with the latest that is coming out.

This statement from Jeroen peels back the layer of the dependency management onion a bit. It's not only important that dependencies are updated regularly. It's also important that it's both possible and easy to update your dependencies regularly.

If a library or framework you use only releases major version updates every 3 years, you'll have 3 years of changes to incorporate into your project. If instead the dependency releases an update every month, there's only so much that could have changed in that time - it's inherently easier to incorporate into your project and far less risky.

This is a great example of why Xperience by Kentico's monthly Refreshes and evergreen product strategy are extremely important. You need your dependencies to support that strategy you want to take, otherwise you'll constantly be fighting against them.

A different business strategy

Who would have thought that a software release cycle would have an impact on the way a digital agency, like TrueLime, interfaces with clients?

Looking at it from a company perspective, it forces us to change our way of work [...]. We inform our clients "next year you need to reserve capacity so we can apply these fixes so in the end you will benefit from us having this software up-to-date".

It's more of a built-in nowadays while maybe compared to 4-5 years ago we had to sell every upgrade to our client and convince them. There's a benefit to having that [single] upgrade but it's a pain because usually the length and amount of hours you need to spend in upgrades is quite large.

Aligning a sales or support team's process with a product's licensing and support policies isn't uncommon, but tying it to dependency management could be new for many.

You need to mature as an organization to get this in place. This isn't something that we fixed from one day to another. We had to have lots of discussions, figure out how and where to invest, and what kinds of automation makes sense.

Jeroen's perspective on this shift in client management and team process is something I completely agree with and encourage other teams to consider.

Wrap up

The conversation doesn't end here. Jeroen and I also discuss what you need to think about when selecting a dependency because that's the first step in keeping it up to date in your project.

What happens if only one person on a team understands that library or framework? How difficult will it be to keep incorporate its updates even if they're released on a frequent, consistent cadence?

When do you adopt new technology as a dependency? How do you evaluate the cost of learning and compare it to the value that new technology can bring?

Who makes these decisions? Teams, technical leadership, clients? What if you are integrating a 3rd party product in your Xperience by Kentico solution - is this integration a dependency that needs to be managed as well?

While not an answer, a key goal to keep our focus on is "does this bring value to the client?".

Be sure to watch the whole video and let me know in the comments how your team communicates the value of keeping dependencies up to date to stakeholders.