1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Configuration Management: The Heart of Your Software Development Lifecycle ‎(SDLC)

Does your software development organization have a well defined and implemented configuration management (CM) process? For many organizations, they equate the CM process with having a revision control tool in place. While versioning is a necessary prerequisite to implementing a configuration management process, it is just a small part of the overall DevOps process.

What is Configuration Management?

Configuration Management is the secret weapon that keeps software development teams on track and in control. It’s the set of processes and techniques that ensure changes to software and its accompanying documentation are managed smoothly throughout the entire development journey. 

Configuration management ensures software is developed, tested, and released in a controlled and predictable manner. With teams larger than two, the complexities of managing software become more challenging. This is where configuration management shines. It handles the intricate task of managing and controlling software configuration items (SCIs), the precious products and artifacts birthed during the development process. These include the source code, compiled binaries, documentation, test scripts, and various other related treasures.

But, configuration management isn’t merely about versioning the source code. It’s a vibrant ecosystem of moving parts that ensures everything aligns harmoniously. So, let’s dive in and explore the CM components.

Version Control

Version control is a system or process for managing changes to:

  • Software source code
  • Documents
  • Or any other type of file or artifact

Version control is essential for software development, enabling change tracking and collaboration over time.

In version control, each file version is saved in a repository, preserving earlier iterations. It allows developers to modify files while keeping track of changes. Version control reconciles conflicts, merges changes, and ensures accurate tracking and documentation.


The advantages of version control include:

  1. Allowing concurrent collaboration between developers working on the same codebase without interfering with each other’s projects.
  2. Tracking and documenting changes as they are made.
  3. Easily undoing changes that lead to issues.
  4. Enabling greater ability to have experimental branches of the software to test out new features.

Common version control systems include Git, Subversion (SVN), Mercurial, and Perforce. And, Git is the most commonly available in modern software practices. Each system has its own strengths and weaknesses. Ultimately, the system choice depends on the specific needs of the project or organization. 

Build and Release Management

Versioning alone is insufficient. In fact, the build and release management steps are critical for software consistency and reliability. These steps, often integrated with continuous integration and continuous delivery, automate the entire software delivery process. By streamlining code changes to production deployment, CI/CD pipelines enable swift, dependable, and consistent software delivery which is indispensable in today’s software development landscape.Traditionally, as clients engage with SPK, we try to work towards a modern CI/CD approach to reduce human errors and increase quality. Thus “build and release management” is more of an automated system than a manual step in the process.

Change Management

Change management is the ability to organize and manage all of the changes to software, including documentation. The reason for change management is to confirm that all changes are properly authorized, tested, and documented. All the practices of the CM process are required to have effective change, release and quality management processes. But, identification and CM change control are essential. Basically, if you don’t have a handle on what it is you are planning to change, or test, it is impossible to ensure change requests are properly implemented, or to understand if the release was of suitable quality. 

Traceability Management

Traceability management links and maintains traceability between software development artifacts and project elements. It involves tracking the relationships between requirements, design documents, source code, test cases, and other project artifacts. And, it does this to ensure they are consistent and meet the desired quality standards.


The primary goal of traceability management is to ensure:

  • All project artifacts are connected.
  • The changes made to one artifact are properly reflected in other artifacts. 

This Improves software quality by ensuring requirements are met and components are well-designed, implemented, and tested.

Traceability, by definition, requires that the artifacts linked by the trace relationships be clearly identified and their state properly controlled. Ensuring all artifacts are linked and traceable to each other, and that changes are tracked and communicated.

Auditing Traceability

To ensure successful implementation and effectiveness of the configuration management process, companies should focus on:

  • Correct tool installation.
  • Correct workflow adherence.
  • Addressing security and reliability concerns.
  • Establishing disaster recovery measures.
  • Implementing suitable reporting mechanisms for auditing and status accounting.

In regulated industries, auditors require objective evidence of artifact development using accepted processes. They lack time and interest in understanding organizational infrastructure. Configuration management systems must provide readily accessible objective evidence to meet auditor requirements. For example, CDRH auditors for medical devices or FAA Designated Engineering Representatives for avionics software.

Implementing a revision control tool suffices for individual developers or small unregulated teams. However, most software development organizations require a comprehensive configuration management process. That means understanding industry requirements, leveraging automation tools, and establishing reliable infrastructure and procedures for ongoing implementation.



Identification in configuration management means defining configuration items and their relationships, while assigning unique, unchangeable identifiers. Establishing clear criteria for configuration items and their combinations is essential for an organization’s variant management strategy.

For product development organizations such as automotive suppliers or medical device companies, product families can easily reach over 100 variants. That means alignment between the configuration management process and the variant management strategy is crucial. The CM process differs significantly between organizations with a small number of distinct software products and those with a large variant family and multiple versions requiring support.

Status Accounting

The status accounting practice of the CM process drives the execution of the software development lifecycle, especially release management. Key metrics such as the number of outstanding defects,or approved change requests status,are based on the status accounting abilities of the CM process. Status accounting provides insight into the software product’s consistency and completeness.In modern development shops, Agile and iterative development intensifies reliance on CM due to higher change rates versus.more traditional, plan-driven approaches.

To improve quality, time to market, and developer productivity, the software development lifecycle processes should be automated where possible.  Particularly to a key supporting process such as the configuration management process. That said, do not fall into the trap of being forced to adapt your software development methodology and processes to the constraints of a tool. Instead, as part of the up-front planning for your software development project, define the objectives for the CM process, the desired workflows and environment that it must accommodate. With those criteria in place, choose the tool or tools best suited to achieve your goals.

Equally, documentation and training is important to ensure the CM process is implemented correctly and consistently, and that tools are best leveraged.

Status Accounting In Regulated Industries

If you work in a regulated industry, such as medical devices, aerospace, or automotive, not only is documentation and training mandated, typically the tools used to implement the CM process must be qualified. FDA regulations 21 CFR Parts 820 and 11 mandate computer system validation of software tools involved in the development of medical devices or pharmaceuticals.


  • In the commercial aerospace industry, RTCA standard DO-178C defines guidelines for software assurance of airborne software, and supplementary standard DO-330 specifically addresses software development tool qualification. 
  • The automotive industry, ISO 26262 standard addresses functional safety for road vehicles, with section 8-11 addressing requirements for software tool qualification.


In all of the industries cited here, qualification must be completed in the context of:

  1. The software being developed.
  2. The SDLC being employed.
  3. The context of the system the software will be deployed into. In particular the potential risk or safety concerns that software entails.

Configuration Management Tools

Over the past 20 years, software systems have evolved, including open source and enterprise options for configuration management. Various tools with different features and pros and cons are available today. You can learn more about these tools through this blog post about the top DevOps tools. Here are some of the top configuration management tools that are being used today:


Chef is a powerful and flexible automation platform that allows you to manage infrastructure as code. It has a large library of pre-built modules and cookbooks, making it easy to get started with automation. The solution has an open source derivative that is free, along with a hosted platform, and a premium platform with more features.


Puppet is a configuration management tool that provides a declarative language for describing the desired state of systems. It has a large and active community of users and contributors, and is widely used in enterprise environments. Learn more about SPK’s Puppet services here.


SaltStack is a powerful automation and configuration management platform that allows you to manage and orchestrate IT infrastructure at scale. It uses a simple and powerful configuration language called YAML, and has a large library of pre-built modules.


Created by HashiCorp, Terraform is an open-source tool for building, changing, and versioning infrastructure. It provides a simple and consistent way to manage infrastructure across cloud providers and on-premises environments. Learn more about Terraform here.


Git is a version control system that is widely used for managing source code. It provides powerful branching and merging capabilities, and can be used for managing configuration files and other artifacts. The raw git tool is manifested in several other commercially available tools, but Git is the foundational technology being used.


Configuration management is crucial in software development, managing changes, reducing errors, and ensuring timely, high-quality delivery. CM tools benefit both IT and software development teams, streamlining the SDLC process and improving efficiency. In today’s market, fast and efficient software delivery is paramount. SPK’s experts assist in streamlining the delivery and release process with CM tools. Contact us for more information and expert recommendations on configuration management.Contact our team today to learn more about our experience and recommendations with configuration management.

Latest White Papers

A Field Guide to Threat Vectors in the Software Supply Chain

A Field Guide to Threat Vectors in the Software Supply Chain

The software supply chain is made up of many integrated parts, people, and processes. The components range from tools and configurations to code libraries and systems. These components’ goals are developing and delivering software. Unfortunately, risks are high due to...

Related Resources

Creo Composites Design & Manufacturing Capabilities

Creo Composites Design & Manufacturing Capabilities

Engineers typically have a few distinct materials to work with when designing and manufacturing parts. Composite design allows them to combine two or more varying materials to create a new one. This new material is often sustainable and used to design structures. This...

Demystifying Atlassian Cloud Licensing

Demystifying Atlassian Cloud Licensing

Understanding the intricacies of software licensing can be a formidable task.  Atlassian, a leading provider of collaboration and productivity software, offers a range of cloud-based solutions that cater to various business needs. This blog post aims to share...

The Business Case for Moving from ENOVIA to Windchill PLM

The Business Case for Moving from ENOVIA to Windchill PLM

With many PLM solutions on the market, it can be difficult to know which is best for your business needs. Dassault Systèmes’ ENOVIA is a popular choice as it is part of their 3DExperience platform. ENOVIA has the same goal as every PLM software which is to manage a...