Which Internal Developer Portal Will 10x Your Team’s Output?

Internal developer portals provide a common user interface for the tools and services your developers use. Standardizing your team's access to these services streamlines development and makes communication easier. These portals have grown in popularity in recent years, as larger software teams look for ways to spend less time and effort on administration of tooling and more on producing quality software.

With a central knowledge repository for your services, tools and documentation, you can increase observability within your organization. You can also automate regular tasks, such as service creation, and generate metrics to track your status and progress.

The expressions “internal developer portal” and “internal developer platform” have been used to describe different but related solutions, the former dealing with developer tooling and standards  and the latter with deployment (infrastructure and access, CI/CD pipelines, deployment best practices). The lines between the two, however, have been progressively blurring, with some portals adding more of the platform capabilities.

More on platform engineering:

• How to Win at Platform Engineering
• Platform Engineering, What It’s For, and How to Get It Right
• How to Build a Platform Team (And Why You Need One)

In this roundup, you'll learn about five of the most widely used internal developer portal solutions, looking specifically at their software catalog features, developer self-service features, scorecards, security and more. By the end of the article, you'll have a better idea about which one may be right for you.

Roadie

Roadie is an easy-to-use system for managing Backstage instances. Backstage is an open platform for managing developer portals, created by Spotify. Martina Iglesias Fernández, Roadie's former CTO who is now a principal software engineer at Equinix Metal, was part of the team that built Backstage and has drawn on that experience to produce Roadie. 

Software Catalog Features

Roadie's structured catalog keeps track of who owns what, making it easy to figure out who to talk to if you have an issue. It also includes a centralized search feature, helping you find what you want among all your services and documentation.

As teams grow and toolchains become more complex, communication channels become more opaque, making these features increasingly useful.

Developer Self-Service Features

Roadie lets developers carry out complicated operations in a few clicks. With its Scaffolder, you can create templates that help you quickly create apps, expand your infrastructure and complete other tasks, such as adding services to specific applications or registering services in Roadie's catalog.

Scaffolder's templates use a similar syntax to GitHub Actions, so any developer familiar with GitHub Actions will have an advantage picking it up.

Scorecards

Roadie includes Tech Insights, its scorecards for Backstage, as a paid extra. These scorecards show you whether standards are being met across your organization. They can also include checks that can be set up to monitor specific items. For example, you can set up a check to tell you if all your components have a README file set or if tools like Jenkins are using the right configuration.

You can drive improvement further with notifications that show team members what they need to change to improve their scores. This gamification can make the road to improvement tangible and fun, though you need to pick metrics carefully to ensure you’re aiming in the right direction.

Integrations and Extensibility

Roadie supports more than fifty plugins and integrations out of the box. These plugins cover many tools, including Jenkins, Prometheus and Jira.

Large organizations with over 100 members ("Growth plan customers" in Roadie's terminology) can publish custom plugins via a private repository, adding further flexibility.

Security Features

Roadie automatically updates and backs up your Backstage instances. It also gives you single sign-on (SSO) to control access. In addition, Roadie is SOC 2 Type 2 certified and conducts regular penetration testing.

Roadie offers GitHub apps with different access requirements. These apps let you choose how much access you grant to your own GitHub account. For example, one version doesn't include the Scaffolder feature, but it doesn't need as many permissions to operate. This means you can avoid providing admin privileges if you don't require that particular feature.

Documentation and Collaboration Features

Roadie's TechDocs feature is designed to gather all your docs from different sources and render them in your IDP. Docs are stored alongside code, making it easy for developers to keep them updated.

Roadie also automatically hunts for documentation in your repos. It turns docs into Markdown files that developers can easily find when making changes.

Roadie Summary

Setting up Backstage as your IDP can be complicated, but Roadie makes it easier. For teams between 100 and 2,000 people, it's an excellent option for getting started.

Roadie is available as a service, but you're not locked in and can switch to your own self-hosted Backstage instance if you outgrow it.

Port

Port lets you build an unopinionated portal based around its blueprints (custom entity definitions). It launched in 2022 and has seen rapid early adoption due to its open nature.

Software Catalog Features

Port's software catalog takes in data from various sources and presents it in a contextualized form. It lets you create blueprints and set up relations between different parts of your catalog, helping your developers understand how their work connects with others. Access to an overview like this helps prevent information siloing.

Port also has an API and an open source extensibility framework that let you control and present the catalog data to your team however you want to. For instance, if you want to build your own visualizations or pipe the info Port gathers into other tools, you can.

Developer Self-Service Features

Port promises an 80 percent drop in Jira tickets, with its guardrails and golden paths allowing developers to work independently and safely. Developers can run day-2 operations, and Port will show them the relevant logs.

Port also lets you quickly create self-service interfaces. You can test these interfaces, validate them and set up approvals so developers can initiate actions, which are then sent for senior staff to sign off on.

Scorecards

Port's scorecards include a range of features and let you set custom standards. You can use standard DevOps Research and Assessment (DORA) metrics to evaluate performance. Kubernetes metrics and health key performance indicators (KPIs) are also included.

In addition, Port allows you to track costs against various contexts. For example, you can track the costs of teams, individual developers and services.

Integrations and Extensibility

Port includes over forty out-of-the-box integrations and lets you create your own custom integrations.

Its blueprints can be used to define anything else you want to include in your portal. That includes assets like microservices, pods, CI jobs and more. Because blueprints can have multiple views, you can tailor them based on your needs.

Ocean, Port's open source extensibility framework, allows anyone to add integrations to the IDP that can be easily shared. Extensions are built in Python, so they do require some coding effort.

Security Features

Port's founders include DevSecOps engineers and cybersecurity experts, which means security is taken seriously. It has an impressive set of features and best practices. In addition, it doesn't store credentials and doesn't make inbound calls to customer networks.

Its Ocean software is open source and runs inside your network, meaning there's no need to expose your network to the outside world to use it.

As well as being SOC 2 compliant, Port conducts regular penetration testing, and data is backed up multiple times per day using AES-256 encryption. It also includes RBAC, letting you control who has access to what and tune roles easily as required.

Documentation and Collaboration Features

Port's extensive documentation includes clear, well-screenshotted information covering pretty much everything you could want to know. There's also an in-depth guide to work through, as well as a resource center, a blog and a selection of webinars.

Its community includes a Slack channel and GitHub, and you can email Port directly if you need further support.

Port Summary

Port aims to let everyone build an IDP in a way that's right for them. It provides visibility and enables self-service for your whole team.

If you want to reduce the amount of time spent on DevOps tasks but want to keep control of your ecosystem, Port may be the right choice for you. However, it's important to note that Port is limited to SaaS.

Cortex

Cortex promises to cut noise, freeing your developers to focus on their work. With its cataloging and scoring features, it aims to help you improve your software development efficiency.

Built by engineers from companies like Twilio and Uber, it launched in 2021, has expanded its feature set over the years and offers much to potential adopters.

Software Catalog Features

Cortex offers immediate visibility and keeps all your documentation in one place. It also keeps a change history, tracks dependencies and shows who owns what. It keeps ownership information up to date through direct integration with identity providers. It also integrates with observability tools like Grafana and Prometheus, letting you present their insights together.

Cortex uses the Cortex Query Language (XQL), which lets you automatically get information from multiple sources. You can write queries that tell you which services are using a particular tool or who's responsible for a particular part of your ecosystem.

Developer Self-Service Features

New services are automatically added to Cortex's catalog, making tracking easier and ensuring you don't miss anything.

Its Scaffolder lets you template services and resources, and it includes input validation for different entity types. Templates can be versioned on a common repo, which makes them easy to access and manage. Cortex also lets you track template use so you can see which ones are used frequently.

Scorecards

Cortex's scorecards are all about accountability. With its gold, silver and bronze standards, you can set goals at different levels. Setting goals is a clear way to show your teams what they're aiming for.

Cards can be given owners and due dates, and they can include DORA metrics. You can also sort them by context to gauge the performance of teams, individuals or products. This helps you spot bottlenecks and allocate resources effectively.

Integrations and Extensibility

Cortex includes more than forty out-of-the-box integrations. These are sorted into categories and let you quickly add functionality. They include plugins for tools like Jenkins, Grafana and Kubernetes, along with most major SaaS platforms.

Beyond that, you can use the Cortex plugin framework to extend its functionality and integrate it with your own systems or with third-party services. You can also extend the capabilities of existing Cortex integrations.

Security Features

Cortex encrypts data in transit using industry-standard methods and mandates HTTPS access to its console. Data at rest is encrypted, and data in use is unencrypted. This is not unusual, though stating it is.

Cortex also has public policies describing how employees are given access to its data, which include hardware monitoring and secrets management, along with mandatory training for all developers. There are also disciplinary procedures for any policy breaches.

Cortex is SOC 2 Type 2 certified.

Documentation and Collaboration Features

Cortex has a range of well-presented documentation, including guides, a reference and detailed information about its API. It also has a blog and regular webinars, along with events in the US and Europe.

The API reference is comprehensive and easy to navigate. As well as having samples of each type of call, it shows multiple sample responses, including error responses. You can also try editing and running calls live from the documentation. Make sure you provide a bearer token, or you'll just get an error response.

Cortex Summary

Cortex helps teams get back on track when their ecosystem's complexity grows beyond their ability to manage it. That makes it ideal for teams that are growing in size. It takes time to set up, and it's a good idea to implement it progressively so you get used to its UI before integrating it with your GitOps workflow.

OpsLevel

OpsLevel is designed around three pillars: visibility, standards and self-service. It offers to build your portal in minutes, not months, making it an attractive proposition for those looking for an immediate productivity boost.

Software Catalog Features

OpsLevel takes full advantage of automation and AI to map relationships across your tech architecture. It can automatically detect services and track which teams use them.

It can detect metadata to generate inferred service descriptions and also hunt for Markdown files, making it easy to set up a docs-as-code approach. All this information is then presented to developers in a single location.

Developer Self-Service Features

OpsLevel uses service templates for speedy service creation, automating basic setup so your team can get straight into building the unique features of each service.

It also lets you automate actions, leading to increased efficiency. For example, you can set up automated responses to incidents. Responses can include a range of actions that you can customize, such as sending out custom messages to different types of users.

Scorecards

OpsLevel's service maturity tracking framework lets you see how up-to-date your software is. It includes a service health guide, with actions for improving each one. There are also rubrics and scorecards that show how the organization as a whole is performing.

If you want to ensure initiatives and standards are maintained throughout your projects, you can. You can also make sure configurations are all up to date. This means OpsLevel is particularly useful for teams that want to make sure different parts of their ecosystem stay closely aligned.

Integrations and Extensibility

OpsLevel has a categorized list of more than fifty built-in integrations. These integrations let you connect to a range of tools that cover areas like security, CI/CD, error tracking and observability.

In addition, some of the integrations offer further extensibility. For example, the custom event integration allows you to send any JSON payload to OpsLevel. The OpsLevel CLI integration allows you to extend OpsLevel yourself and customize it to work with the tools of your choice. Both of these extensions have their own documentation, making them straightforward to work with.

Security Features

OpsLevel is SOC 2 Type 2 certified and has an independent auditor to handle its reports. It encrypts data both in transit (using TLS) and at rest (using AES-256-GCM). It also encrypts tokens used to access third-party services. API tokens and user passwords are salted and hashed with bcrypt, adding a further layer of protection.

You can offer users SSO via Okta, Auth0, Google G Suite or other SAML providers, and you can provision users with SCIM. OpsLevel also practices threat modeling, vulnerability management and tenant isolation.

Documentation and Collaboration Features

The OpsLevel documentation includes readable guides for a huge range of tasks, taking you through each one step by step, as well as providing high-level overviews of the various features and concepts used by the software. As well as standard documentation, OpsLevel also has a regularly updated blog. There are also podcasts and tech talks to help you understand the platform.

OpsLevel Summary

With its quick setup and thirty-day onboarding, OpsLevel aims to quickly make a difference in your workflows. It's a highly visual tool, though it also uses YAML and its CLI for advanced functionality.

If your developers are overwhelmed with routine tasks, OpsLevel aims to centralize and streamline them to make them faster and easier to complete. Its ability to highlight relationships between teams makes it ideal for enterprise-scale organizations.

Atlassian Compass

Designed for large, distributed teams, Atlassian Compass aims to unify your engineering output and present it to your team in one place.

Compass was originally an internal tool that was partly inspired by the need to make ownership of services more transparent. Now, it's open to everyone who wants to improve their developer experience.

Software Catalog Features

The Compass software catalog aims to reduce your developers' cognitive load. It combines information from your APIs, libraries and documentation and also includes metrics and scheduling information.

The catalog lets you track both upstream and downstream dependencies, and it also alerts you to incidents relating to your services. With this information, you can see how an issue in one area will impact others.

Developer Self-Service Features

Compass lets you create templates that include boilerplate code and webhooks. You can use these to quickly build new services following your organization's standard practices.

It also lets you create team dashboards, so each team can focus on its own information. Its CheckOps feature lets you evaluate past performance based on metrics.

Scorecards

Compass lets you track DORA, SPACE and DevEx metrics. These can be tied to particular services and give you a breakdown of which targets you have and haven't met. You can also track ownership information and link it to specific Jira issues.

Integrations and Extensibility

Compass integrates well with other Atlassian products, like Jira. You can create components from within Jira and can also use the GraphQL API to exchange data with Atlassian's tools.

As well as having a range of ready-made integrations for you to use, you can extend Compass further using Atlassian's serverless development platform, Forge.

Security Features

Compass is a relatively new platform, and Atlassian doesn't provide many specifics about its security, but the organization as a whole is SOC 2 certified and is compliant with a range of global and national standards.

Its Cloud Roadmap also shows you its progress, letting you search for features and practices that have been applied to Compass.

Documentation and Collaboration Features

The Compass documentation is a little harder to locate than for other platforms since Compass is a relatively small part of Atlassian's site. However, searching for Compass in Atlassian's general documentation does provide results. You'll find a comprehensive guidance section and an API reference.

Atlassian Compass Summary

Compass can be a source of truth for your software components and documentation. It's particularly useful for those already managing their team in Jira or using other Atlassian software.

For developers and managers who want to control or prevent software sprawl, it's ideal.

Conclusion

There's plenty of competition in the IDP space, with all major players delivering effective ways to help coordinate development. Each of the IDPs reviewed here gives you a single place to manage your software, but they each offer different features and vary in their focus.

Choosing the right one means evaluating how well it fits with your setup and how its workflows suit your team's skills and workflow. Some of the features can be transformative for large, distributed teams but may be overkill for others. Make sure to work out what you want from an IDP so you can choose the best solution.