The 7 Branches of Software Gardening

Martin Thoma
7 min readJul 19, 2021
Photo by Elaine Casap on Unsplash

Software is evolving all the time. Bugs get fixed, the documentation is improved, it is compiled for new operating systems, ported to other devices, new features are added. New developers get trained and old developers leave the team.

People who think software is once written and then finished got it wrong. Software is like a garden: You have to put effort into it to keep the current quality.

To me, software gardening tasks are small- to medium-sized tasks that you can almost always do. If done regularly, they don’t require a lot of effort. Software gardening makes sure that complex changes in the software can be done more easily. It’s about keeping technical debt low by maintaining the existing software.

After reading this article, you will know 7different aspects of software gardening.

1. Update your Dependencies

Photo by Markus Winkler on Unsplash

Most software heavily relies on other software. Even if you decide that your software is feature-complete, the other software still evolves. Most importantly, bugs are found and exploits are developed. That means you need to update your dependency to make sure your software is not vulnerable.

There are other updates of your dependencies that you want. Features get deprecated and responsible developers give hints on how to deal with the deprecation. If you don’t update your dependency in this case, you might end up being at a state where your version does not get security updates any longer. And then you need to either patch the software yourself or deal with many deprecations at once. Believe me, that is not fun. Especially when the developers who originally wrote the code are gone.

The last type of update you definitely want to include is security updates. The National Vulnerability Database (NVD) by NIST can be used to figure out what you need to update. For Python software, you can use safety to get notified. For JavaScript, you can use yarn audit or npm audit .

Make sure you update all the components of your software system. Those are the direct dependencies, indirect dependencies…

Martin Thoma

I’m a Software Engineer with over 10 years of Python experience (Backend/ML/AI). Support me via