We're a software company that makes test orchestration / command and control / mission operations software called COSMOS. We have a complex tech stack including Minio, Redis, Keycloak, Ruby on Rails, Python, Vue.js, Vuetify, Docker containers, and Helm charts supporting Kubernetes. All of this software needs to be updated and maintained and that is the topic of this blog post.

COSMOS's main competition is not a similar software suite (they don't exist), but a homegrown set of tools that "we've always used". While build-your-own, i.e. not-invented-here, is a age old phenomenon in the software industry, modern software development makes it increasingly more costly and less efficient. When all you have to do is bump your Ruby or Python version you may consider your little pile of scripts safe from extensive maintenance. But tell that to anyone who's been through the Python 2 -> 3 transition! Even moderately complex frontend development uses hundreds if not thousands of dependencies because you're not only dealing with your immediate dependencies but the dependencies of those dependencies.

When we upgraded COSMOS from version 5 to version 6 the main thrust of the upgrade was going from Vue 2 and Vuetify 2 to Vue 3 and Vuetify 3. This was not a trivial undertaking! This Github PR was 105 commits, affected 371 files and resulted in 9,748 additions and 10,774 subtractions to the code base. This took almost 2 full months with the full time effort of our very talented frontend developer Ryan Pratt.

‍

Modern software also requires keeping an eye on CVEs. Eliminating CVEs in your software is a never ending game of wack-a-mole and requires constantly updating your dependencies. We recently had our Trivy scanner complain about a CVE in golang due to our inclusion of kubectl. In that case, rather than package a new version which still had the CVE, we decided to include kubectl from chainguard. While this works for a tool like kubectl, most of the time we're waiting for upstream dependencies to fix these issues or looking for ways to mitigate them ourselves.

OpenC3's COSMOS gives our customers the best of both worlds. We maintain our software stack, update dependencies and address CVEs. At the same time we provide the source code if you want to make custom changes. Join the growing list of OpenC3 customers who have successfully migrated their existing hardware and software stacks into the easily configurable COSMOS ecosystem. We're happy to support you during this transition so please get in touch!