App Anatomy: a sociotechnical pattern for continuous delivery infrastructure

Ivan Sanchez
6 min readSep 25, 2021
Human anatomy illustration
Image by Victor Rodriguez via Unsplash


Organisations building multiple applications (services, websites, apps, etc) and adopting Continuous Delivery are required to maintain the infrastructure required to build, configure, and deploy each application.

This Continuous Delivery Infrastructure (CDI) covers aspects such as:

  • Continuous Integration (pipeline definitions)
  • Deployment Procedures (encoded in pipelines or separate tooling)
  • Application/environment configuration for deployment
  • Observability & Monitoring (external applications and dashboards)

As the number of applications and teams grow, those should be standardised across the organisation so teams don’t have to reinvent the wheel and good practices can spread.

The organisation at that stage makes a choice (not always deliberate) of who is responsible for maintaining both the standards and the actual infrastructure.

In some cases, a central team is the one creating and maintaining at least part of the CDI for teams. That usually means slower lead times for changes in that area, as creating and updating any aspect of the infrastructure will require coordination with a different team. In return, this team has the opportunity to implement standards and facilitate good practices and reuse across delivery teams.

An alternative approach is letting teams have access to tools and environments so they can set up things the way they need when they need it. This means greater autonomy for teams to evolve their solution and experiment with new approaches. Unfortunately, it means that it becomes less likely teams will approach things similarly, there’s the extra overall effort required by each team, and it’s likely teams will have to learn various lessons the hard way before they get to a good place.

In addition, making sense of this landscape and answering simple questions such as who owns a particular service in production, or has the application been scanned for vulnerabilities also becomes harder and harder depending on the approach chosen.