Northwise
Git Tech Discovery

Catalogue from code, not from rumours.

Your technology catalogue is only as useful as it is accurate. Git Tech Discovery populates it from real dependency manifests and flags drift automatically — so you know what's actually running, not what someone remembered to document.

01 / SCAN

Provider-agnostic Git workspace integration

Connect one or more Git workspaces to your Northwise tenant. Scans run on a schedule or on demand. Northwise reads dependency manifests from every repository in the workspace — it never executes code, never modifies repositories, and never stores source files.

Supported providers
  • GitHub (cloud + Enterprise Server)
  • GitLab (cloud + self-hosted)
  • Bitbucket Cloud
  • Azure DevOps
  • Generic Git (SSH or HTTPS)
[Screenshot: Git workspace connection and scan configuration]
Workspace setup — provider selection, scan scope, and schedule
02 / POPULATE

Production deps go in, transitive deps go to review

Direct production dependencies are automatically added to your technology catalogue as Technology elements in the ArchiMate metamodel. Dev dependencies and transitive dependencies go into a suggestions queue — you decide whether to promote them.

The catalogue entries are linked to the Application elements they were discovered in. When you update the ring status of a technology (from Assess to Hold, for example), every application that uses it is immediately visible.

Parsed manifest formats
· npm / package.json
· Maven / pom.xml
· Gradle / build.gradle
· pip / requirements.txt
· Poetry / pyproject.toml
· Composer / composer.json
· Cargo / Cargo.toml
· Go modules / go.mod
· NuGet / .csproj
· Helm charts
· Dockerfile (base images)
[Screenshot: Technology catalogue populated from scan]
Catalogue entries auto-populated with ring status and application links
03 / DETECT DRIFT

Hold or Banned in prod? Automatic Finding.

When a scan detects a technology with a Hold or Banned ring status in a repository mapped to an Application element, Northwise raises a Finding automatically. No manual triage, no waiting for the next quarterly audit.

Findings are linked to the specific application, the specific technology, and the specific scan run. They can be routed directly to a review if the architecture team needs to make a formal decision about remediation or exception.

  • Hold / Banned detection on every scan run
  • Finding links to application, technology, and scan run
  • One-click route to review for exception or remediation decision
  • Closed Findings suppressed in future scans until ring status changes
[Screenshot: Drift findings dashboard]
Drift findings — banned technology detected in production applications

Know what's running before your auditors do.