Simpro Knowledge Base

Source Library

Source Library visual map

This page records the external sources used to shape the first version of this wiki and gives the team a starting point for ongoing research.

Engineering, Delivery, And AI-Assisted Development

  • Awesome Platform Engineering curated list: https://github.com/shospodarets/awesome-platform-engineering
  • Eric Evans Domain-Driven Design Reference: https://www.domainlanguage.com/ddd/reference/
  • Martin Fowler microservices guide: https://martinfowler.com/microservices/
  • GraphQL official learning documentation: https://graphql.org/learn/
  • Kubernetes documentation: https://kubernetes.io/docs/home/
  • Docker documentation: https://docs.docker.com/
  • ByteByteGo: https://bytebytego.com/
  • ByteByteGo Visual Dev Guides: https://bytebytego.com/visual-dev-guides
  • Microsoft Azure Architecture Center: https://learn.microsoft.com/en-us/azure/architecture/
  • Microsoft Cloud Design Patterns: https://learn.microsoft.com/en-us/azure/architecture/patterns/
  • AWS Well-Architected Framework: https://aws.amazon.com/architecture/well-architected/
  • AWS Architecture Center: https://aws.amazon.com/architecture/
  • Google Cloud Architecture Framework: https://cloud.google.com/architecture/framework
  • Nx monorepo concepts: https://nx.dev/docs/concepts/decisions/why-monorepos
  • Turborepo documentation: https://turborepo.dev/docs
  • Webpack Module Federation: https://webpack.js.org/concepts/module-federation/
  • single-spa microfrontends concept: https://single-spa.js.org/docs/microfrontends-concept/
  • Martin Fowler, Micro Frontends: https://martinfowler.com/articles/micro-frontends.html
  • Microsoft Engineering Fundamentals Playbook: https://microsoft.github.io/code-with-engineering-playbook/
  • Microsoft Engineering Fundamentals Checklist: https://microsoft.github.io/code-with-engineering-playbook/engineering-fundamentals-checklist/
  • Google Engineering Practices Documentation: https://google.github.io/eng-practices/
  • Google Engineering Practices, Code Review: https://google.github.io/eng-practices/review/
  • SonarQube documentation: https://docs.sonarsource.com/sonarqube-server/
  • ESLint documentation: https://eslint.org/docs/latest/
  • Prettier documentation: https://prettier.io/docs/
  • Google DORA, State of AI-assisted Software Development 2025: https://dora.dev/dora-report-2025/
  • Google blog summary of the 2025 DORA report: https://blog.google/innovation-and-ai/technology/developers-tools/dora-report-2025/
  • GitHub Octoverse: https://github.blog/news-insights/octoverse/
  • SLSA supply-chain security framework: https://slsa.dev/
  • Thoughtworks Technology Radar: https://www.thoughtworks.com/radar/
  • Thoughtworks Technology Radar Vol. 34 announcement, April 15, 2026: https://www.thoughtworks.com/en-gb/about-us/news/2026/combat-ai-cognitive-debt-radar-v34
  • Thoughtworks Technology Radar Vol. 34 PDF: https://www.thoughtworks.com/content/dam/thoughtworks/documents/radar/2026/04/tr_technology_radar_vol_34_en.pdf
  • Microsoft Engineering, Building Paved Paths: https://devblogs.microsoft.com/engineering-at-microsoft/building-paved-paths-the-journey-to-platform-engineering/
  • GitHub Engineering Blog: https://github.blog/engineering/

DevSecOps, Security, And AI Security

  • NIST SP 800-218 Secure Software Development Framework: https://csrc.nist.gov/pubs/sp/800/218/final
  • NIST DevSecOps project: https://www.nccoe.nist.gov/devsecops
  • NIST Zero Trust Architecture SP 800-207: https://csrc.nist.gov/pubs/sp/800/207/final
  • NIST Cybersecurity Framework: https://www.nist.gov/cyberframework
  • CIS Controls: https://www.cisecurity.org/controls
  • Microsoft Security Development Lifecycle: https://www.microsoft.com/en-us/securityengineering/sdl/
  • Microsoft Zero Trust guidance: https://www.microsoft.com/en-us/security/business/zero-trust
  • CISA Secure by Design: https://www.cisa.gov/securebydesign
  • CISA Zero Trust Maturity Model: https://www.cisa.gov/resources-tools/resources/zero-trust-maturity-model
  • CISA Secure Our World: https://www.cisa.gov/secure-our-world
  • OWASP Top 10 for Large Language Model Applications: https://owasp.org/www-project-top-10-for-large-language-model-applications
  • OWASP Top 10 for LLM Applications 2025 PDF: https://owasp.org/www-project-top-10-for-large-language-model-applications/assets/PDF/OWASP-Top-10-for-LLMs-v2025.pdf
  • OWASP Top 10: https://owasp.org/www-project-top-ten/
  • OWASP API Security Top 10: https://owasp.org/API-Security/
  • OWASP Application Security Verification Standard: https://owasp.org/www-project-application-security-verification-standard/
  • OWASP Software Assurance Maturity Model: https://owasp.org/www-project-samm/
  • OWASP Cheat Sheet Series: https://cheatsheetseries.owasp.org/
  • OWASP Web Security Testing Guide: https://owasp.org/www-project-web-security-testing-guide/
  • OWASP Threat Modeling: https://owasp.org/www-community/Threat_Modeling
  • OWASP Threat Dragon: https://owasp.org/www-project-threat-dragon/
  • OWASP ZAP: https://www.zaproxy.org/
  • OWASP Dependency-Check: https://owasp.org/www-project-dependency-check/
  • MITRE ATT&CK: https://attack.mitre.org/
  • SLSA supply-chain security framework: https://slsa.dev/
  • CodeQL documentation: https://codeql.github.com/docs/
  • Semgrep documentation: https://semgrep.dev/docs/
  • Trivy documentation: https://aquasecurity.github.io/trivy/
  • Gitleaks documentation: https://gitleaks.io/
  • Checkov documentation: https://www.checkov.io/
  • OWASP Cryptographic Storage Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html
  • OWASP Transport Layer Security Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html
  • NIST Cryptographic Standards and Guidelines: https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines
  • Mozilla SSL Configuration Generator: https://ssl-config.mozilla.org/
  • Let's Encrypt documentation: https://letsencrypt.org/docs/
  • ISO/IEC 27001: https://www.iso.org/standard/27001
  • AICPA SOC suite of services: https://www.aicpa-cima.com/resources/landing/system-and-organization-controls-soc-suite-of-services
  • PCI DSS: https://www.pcisecuritystandards.org/standards/pci-dss/
  • CSA STAR: https://cloudsecurityalliance.org/star
  • FedRAMP: https://www.fedramp.gov/
  • FIPS 140-3 Cryptographic Module Validation Program: https://csrc.nist.gov/projects/cryptographic-module-validation-program

SRE And Reliability

  • Google SRE book, Service Level Objectives: https://sre.google/sre-book/service-level-objectives/
  • Google SRE book, Embracing Risk: https://sre.google/sre-book/embracing-risk/
  • Google SRE book, Monitoring Distributed Systems: https://sre.google/sre-book/monitoring-distributed-systems/
  • Google SRE book, Practical Alerting: https://sre.google/sre-book/practical-alerting/
  • Google SRE book, Managing Incidents: https://sre.google/sre-book/managing-incidents/
  • Google SRE book, Postmortem Culture: https://sre.google/sre-book/postmortem-culture/
  • Google SRE workbook, Postmortem Culture: https://sre.google/workbook/postmortem-culture/
  • Google SRE Incident Management Guide: https://sre.google/resources/practices-and-processes/incident-management-guide/
  • AWS reliability pillar: https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/welcome.html
  • Azure reliability pillar: https://learn.microsoft.com/en-us/azure/well-architected/reliability/
  • Google Cloud reliability guidance: https://cloud.google.com/architecture/framework/reliability

Performance, Scalability, Observability, And Cost

  • Azure performance efficiency pillar: https://learn.microsoft.com/en-us/azure/well-architected/performance-efficiency/
  • AWS performance efficiency pillar: https://docs.aws.amazon.com/wellarchitected/latest/performance-efficiency-pillar/welcome.html
  • Google Cloud performance optimization: https://cloud.google.com/architecture/framework/performance-optimization
  • AWS cost optimization pillar: https://docs.aws.amazon.com/wellarchitected/latest/cost-optimization-pillar/welcome.html
  • Azure cost optimization: https://learn.microsoft.com/en-us/azure/well-architected/cost-optimization/
  • Google Cloud cost optimization: https://cloud.google.com/architecture/framework/cost-optimization
  • FinOps Foundation: https://www.finops.org/framework/
  • OpenTelemetry documentation: https://opentelemetry.io/docs/
  • Prometheus documentation: https://prometheus.io/docs/introduction/overview/
  • Grafana documentation: https://grafana.com/docs/
  • k6 load testing: https://k6.io/docs/

Product, Design, And Discovery

  • IDEO Design Thinking introduction: https://designthinking.ideo.com/introduction
  • IDEO about page and human-centered design definition: https://www.ideo.com/about
  • Shape Up by Basecamp: https://basecamp.com/shapeup/0.3-chapter-01
  • Shape Up, Place Your Bets: https://basecamp.com/shapeup/2.3-chapter-09
  • Silicon Valley Product Group, Product Model Concepts: https://www.svpg.com/product-model-concepts/
  • Continuous Discovery Habits summary: https://www.ostly.io/continuous-discovery-habits
  • Amazon Working Backwards excerpt: https://www.aboutamazon.com/news/workplace/an-insider-look-at-amazons-culture-and-processes/

Team Design, Operating Model, And Leadership

  • Atlassian Team Topologies overview: https://www.atlassian.com/devops/frameworks/team-topologies
  • Atlassian State of Teams 2025: https://www.atlassian.com/blog/state-of-teams-2025
  • Amazon Leadership Principles: https://www.aboutamazon.com/about-us/leadership-principles
  • Amazon company principles: https://www.aboutamazon.com/about-us
  • Netflix Culture Memo: https://jobs.netflix.com/culture
  • Microsoft Culture and Employee Experience: https://www.microsoft.com/en-us/human-resources/culture-employee-experience
  • Microsoft Careers Culture: https://careers.microsoft.com/us/en/culture
  • Atlassian CALMS framework: https://www.atlassian.com/devops/frameworks/calms-framework
  • Toyota Production System official global page: https://global.toyota/en/company/vision-and-philosophy/production-system/
  • Lean Enterprise Institute, Toyota Production System: https://www.lean.org/lexicon-terms/toyota-production-system/
  • Google Project Aristotle summary via re:Work is commonly referenced for psychological safety, dependability, structure and clarity, meaning, and impact. Add the official re:Work link when available in your team's source list.
  • Gartner Top Strategic Technology Trends for 2026 announcement: https://www.gartner.com/en/newsroom/press-releases/2025-10-20-gartner-identifies-the-top-strategic-technology-trends-for-2026
  • Gartner Top Strategic Technology Trends for 2026 article: https://www.gartner.com/en/articles/gartner-top-10-strategic-technology-trends-for-2024
  • McKinsey Technology Trends Outlook 2025: https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/the-top-trends-in-tech

Frontend Engineering

  • React documentation: https://react.dev/
  • React Thinking in React: https://react.dev/learn/thinking-in-react
  • Next.js documentation: https://nextjs.org/docs
  • Angular documentation: https://angular.dev/
  • Angular style guide: https://angular.dev/style-guide
  • Vue documentation: https://vuejs.org/
  • Nuxt documentation: https://nuxt.com/docs
  • Svelte documentation: https://svelte.dev/docs
  • SvelteKit documentation: https://svelte.dev/docs/kit
  • Astro documentation: https://docs.astro.build/
  • TypeScript documentation: https://www.typescriptlang.org/docs/
  • MDN JavaScript Guide: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide
  • Web.dev performance guidance: https://web.dev/learn/performance/
  • WAI accessibility fundamentals: https://www.w3.org/WAI/fundamentals/
  • Stack Overflow Developer Survey: https://survey.stackoverflow.co/
  • State of JS: https://stateofjs.com/

Language And Stack Practices

  • C# coding conventions: https://learn.microsoft.com/en-us/dotnet/csharp/fundamentals/coding-style/coding-conventions
  • ASP.NET Core best practices: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/best-practices
  • Architect modern web applications with ASP.NET Core and Azure: https://learn.microsoft.com/en-us/dotnet/architecture/modern-web-apps-azure/
  • .NET microservices architecture guide: https://learn.microsoft.com/en-us/dotnet/architecture/microservices/
  • Testing in .NET: https://learn.microsoft.com/en-us/dotnet/core/testing/
  • Entity Framework Core documentation: https://learn.microsoft.com/en-us/ef/core/
  • Python tutorial: https://docs.python.org/3/tutorial/
  • Python virtual environments: https://docs.python.org/3/tutorial/venv.html
  • Python modules and packages: https://docs.python.org/3/tutorial/modules.html
  • Python Packaging User Guide: https://packaging.python.org/
  • Static typing with Python: https://typing.python.org/
  • pytest documentation: https://docs.pytest.org/en/stable/
  • Ruff documentation: https://docs.astral.sh/ruff/

Suggested Internal Sources To Add Later

  • Mark Peters, Mastering Enterprise Platform Engineering. Local EPUB reviewed for themes and table of contents; do not copy copyrighted book text into this KB.
  • Rita Okonkwo, Growth Engineering. Local EPUB reviewed for themes and table of contents; do not copy copyrighted book text into this KB.
  • Company strategy documents.
  • Architecture decision records.
  • Incident postmortems.
  • Customer interview notes.
  • Sales win/loss notes.
  • Support ticket summaries.
  • Product analytics dashboards.
  • Security audit findings.
  • Engineering onboarding material.
  • Platform runbooks.

Team Reference Guide

How To Explain This Page

Use this page as a reference conversation, not as a checklist to read aloud. Start by explaining why the topic matters, then connect it to current team work, and finally ask what behavior should change.

The most useful way to teach this material is to move from concept to example. Explain the principle, show how it appears in daily work, ask the team where it is currently strong or weak, and finish with one small action.

Guidelines For Teams

  • Connect the topic to a current project, customer problem, incident, or decision.
  • Translate concepts into visible behaviors.
  • Keep the guidance lightweight enough to use weekly.
  • Capture decisions, examples, and improvements back into the wiki.
  • Review the page again after a project, incident, or retrospective to update what the team has learned.

Reflection Questions

  • What part of this topic is already working well for us?
  • What part is still mostly theory?
  • What is one behavior we can change in the next 30 days?