UCloud logo UCloud logo UCloud
v2026.3.0
  1. UCloud/Core
  2. 1. Introduction
  3. 2. Projects
  4. 3. Accounting
  5. 4. Orchestration
  6. 5. Frontend
  7. UCloud/IM for Slurm-based HPC
  8. 6. Installation
  9. 7. Architecture and Networking
  10. 8. User and Project Management
  11. 9. Filesystem Integration
    1. 9.1. Inter-provider file transfers
  12. 10. Slurm Integration
    1. 10.1. Application Management
    2. 10.2. Built-in Applications
  13. 11. Reference
    1. 11.1. Configuration
    2. 11.2. CLI
  14. 12. Appendix
    1. 12.1. Built-in Application Index
  15. UCloud/IM for Kubernetes
  16. 13. Installation
  17. 14. Architecture and Networking
  18. 15. Filesystem Integration
  19. 16. Compute Jobs
    1. 16.1. Public Links
    2. 16.2. Public IPs
    3. 16.3. License Servers
    4. 16.4. SSH Servers
    5. 16.5. Job Audit Log
    6. 16.6. Virtual machines
  20. 17. Integrated applications
    1. 17.1. Syncthing
    2. 17.2. Integrated terminal
  21. 18. UCX applications
    1. 18.1. Hello world
    2. 18.2. Data binding
    3. 18.3. UI events
    4. 18.4. Component reference
    5. 18.5. API reference
  22. 19. Reference
    1. 19.1. Configuration
    2. 19.2. CLI
  23. Branding for UCloud
  24. 20. Branding and identity for UCloud
  25. H: Procedures
  26. 21. H: Procedures
  27. 22. H: Introduction
  28. 23. H: Auditing
  29. 24. H: Auditing scenario
  30. 25. H: GitHub actions
  31. 26. H: Deployment
  32. 27. H: 3rd party dependencies (risk assesment)
  1. Links
  2. Source Code
  3. Releases

3rd party dependencies (risk assesment)

In this document we cover the core 3rd party dependencies we have in UCloud and assess risk based on the following factors:

  • How essential is the dependency for UCloud?
    • Scale: 1 (low) - 5 (high)
  • How essential is knowledge of the system to develop UCloud (while keeping it stable and secure)?
    • Scale: 1 (low) - 5 (high)
    • The assessment will include if the knowledge is only essential for a single component or system-wide
  • Difficulty of migrating to an alternative technology
    • Scale: 1 (low) - 5 (high)
  • Likelihood of the dependency getting discontinued in the coming 5 years
    • Scale: 1 (low) - 5 (high)

We consider a 3rd party dependency to be anything not created by the SDU eScience Center, examples include:

  • Software library
  • Tool
  • Hosted software (e.g. a database server)
  • Technical specifications

We use the following format:

### Dependency name

- __Website:__ https://example.com
- __Short description:__ Lorem ipsum dolor sit amet, consectetur adipisicing elit.

__Assessment:__

- __How essential is the dependency for UCloud?__ 1 (low) - 5 (high)
- __How essential is knowledge of the system to develop UCloud?__ 1 (low) - 5 (high)
- __Difficulty of migrating to an alternative technology:__ 1 (low) - 5 (high)
- __Alternative technologies:__ (If relevant) We could use ...
- __Likelihood of the dependency getting discontinued in the coming 5 years:__ 1 (low) - 5 (high)

Notes and explanation go here

UCloud/Core and IM

HTTP and WebSockets

  • Website: https://html.spec.whatwg.org/multipage/
  • Short description: UCloud utilizes the Web and WebSockets for all of its services and frontend.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5 (system-wide)
  • Difficulty of migrating to an alternative technology: 5
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Kubernetes

  • Website: https://kubernetes.io/
  • Short description: Container orchestration. This is used both for the deployment of UCloud and scheduling of user jobs.

Assessment:

  • How essential is the dependency for UCloud? 4
  • How essential is knowledge of the system to develop UCloud? 4 (few components), 2 (rest of system)
  • Difficulty of migrating to an alternative technology: 3
  • Alternative technologies: Nomad. Bare-metal deployment and compute on different platform (e.g. slurm).
  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Note that our current Kubernetes deployment uses K3s. See infrastructure documentation for more details.

Docker

  • Website: https://www.docker.com/
  • Short description: Container runtime.

Assessment:

  • How essential is the dependency for UCloud? 3
  • How essential is knowledge of the system to develop UCloud? 2 (system-wide)
  • Difficulty of migrating to an alternative technology: 3
  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Docker is natively supported by all large cloud providers, including AWS and Azure. Docker is unlikely to be discontinued without an alternative in place.

PostgreSQL

  • Website: https://www.postgresql.org/
  • Short description: PostgreSQL is an open source object-relational database system.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5 (system-wide)
  • Difficulty of migrating to an alternative technology: 3
  • Alternative technologies: A different SQL database.
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

PostgreSQL has had active development since 1986 with many large companies using it in production as well as sponsoring development.

Go

  • Website: https://go.dev
  • Short description: Programming language used for IM2 and Core2.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5
  • Difficulty of migrating to an alternative technology: 4
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Frontend

ReactJS

  • Website: https://reactjs.org/
  • Short description: A JavaScript library for building user interfaces.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5
  • Difficulty of migrating to an alternative technology: 5
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Developed by Facebook and used in many different companies and websites.

NPM

  • Website: https://www.npmjs.com/
  • Short description: Node package manager. Used internally in the frontend to manage dependencies.

Assessment:

  • How essential is the dependency for UCloud? 4
  • How essential is knowledge of the system to develop UCloud? 4
  • Difficulty of migrating to an alternative technology: 3
  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Vite

  • Website: https://vitejs.dev/
  • Short description: Tooling + module bundler for JavaScript applications.

Assessment:

  • How essential is the dependency for UCloud? 4
  • How essential is knowledge of the system to develop UCloud? 3
  • Difficulty of migrating to an alternative technology: 3
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

TypeScript

  • Website: https://www.typescriptlang.org/
  • Short description: The entire frontend of UCloud is developed in the TypeScript.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5
  • Difficulty of migrating to an alternative technology: 5
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Redux

  • Website: https://redux.js.org/
  • Short description: State container for JavaScript applications.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 5
  • Difficulty of migrating to an alternative technology: 3
  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Redux is a commonly used library for state management in React-based applications. It has more than 3.5 million weekly downloads on NPM.

Tools

JetBrains IDEs

  • Website: https://www.jetbrains.com/idea/
  • Short description: Integrated Development Environment (IDE) for many different languages. It is used internally to develop the software for UCloud.

Assessment:

  • How essential is the dependency for UCloud? 2
  • How essential is knowledge of the system to develop UCloud? 2
  • Difficulty of migrating to an alternative technology: 1
  • Alternative technologies: Any other text editor. IntelliJ IDEA is not a requirement to develop UCloud.
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Developed by JetBrains who has also developed several of our other dependencies.

Git

  • Website: https://git-scm.com/
  • Short description: Distributed version control system. Used to keep track of changes and merge changes from multiple developers.

Assessment:

  • How essential is the dependency for UCloud? 5
  • How essential is knowledge of the system to develop UCloud? 4
  • Difficulty of migrating to an alternative technology: 3
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

GitHub

  • Website: https://github.com
  • Short description: GitHub provides hosting of our git repository along with issue tracking. It also acts as the CI orchestrator via GitHub actions.

Assessment:

  • How essential is the dependency for UCloud? 3
  • How essential is knowledge of the system to develop UCloud? 3
  • Difficulty of migrating to an alternative technology: 3
  • Alternative technologies: Any other similar hosting platform for Git repositories with CI support
  • Likelihood of the dependency getting discontinued in the coming 5 years: 1
Previous H: Deployment