β Approved Technology Stack¶
This document defines the approved technology stack for building software solutions within the organization.
It establishes mandatory standards to ensure cloud-native consistency, security, maintainability, and long-term scalability.
π Governance Rule
Any technology, framework, or tool not listed in this document is considered not approved for production use.
π― Objectives¶
The objectives of this standard are to:
- Maintain technical consistency across teams
- Reduce security and operational risks
- Enable maintainability and scalability
- Ensure cloud-native readiness
- Standardize build and deployment processes
βοΈ Cloud-Native & Deployment Standards¶
All solutions must adhere to the following principles:
- Solutions must be designed following Azure Cloud-Native practices
- Docker is mandatory as the standard build and packaging mechanism
- Docker images are the deployment artifact
- Docker base images must be kept up to date
- CI/CD pipelines are responsible for:
- Building Docker images
- Validating versions and dependencies
- Promoting images across environments
π Versioning & Lifecycle Policy¶
Mandatory Requirements¶
- All frameworks, runtimes, and technologies must be actively supported
- End-of-Life (EOL) technologies are strictly forbidden
- At minimum, versions must comply with:
major.minor.patchsemantic versioning- Security updates must be available and applied
π Rule
If a framework, runtime, or base image is out of security support, it must not be used, regardless of functionality.
𧩠Backend¶
| Language | Approved Frameworks / Runtimes |
|---|---|
| Python | FastAPI, Flask, Django |
| .NET | .NET 6 or higher |
Backend Standards¶
- APIs must be stateless
- Authentication and authorization must be externalized
- Dependency injection is mandatory
- Containers must not include secrets
- Configuration must be environment-driven
π¨ Frontend¶
| Technology | Approved Usage |
|---|---|
| TypeScript | Angular or React |
| JavaScript | Angular or React |
| HTML5 | Semantic structure |
| SCSS | BEM methodology |
Frontend Standards¶
- Frontends must not manage credentials directly
- Authentication must be delegated to a centralized identity provider
- Applications must be cloud-hosting ready
- Static builds must be containerized or deployed via managed services
ποΈ Databases¶
| Type | Approved Technology |
|---|---|
| Relational | PostgreSQL |
| Relational | SQL Server |
Database Standards¶
- Managed database services are preferred
- Schema migrations must be automated
- Direct database access from frontend is prohibited
πͺ Gateway¶
| Category | Approved Technology |
|---|---|
| Reverse Proxy | NGINX |
| API Gateway | Ocelot |
Gateway Standards¶
- Gateways must not contain business logic
- Gateways must remain stateless
- TLS and certificates must be managed by the platform
- Routing and security policies must be declarative
π Compliance Rule¶
All projects must:
- Use only approved technologies listed in this document
- Follow cloud-native and container-based deployment
- Avoid deprecated or unsupported versions
- Document and justify any exception via an Architecture Decision Record (ADR)