Graph Model

Overview

Polaris uses Neo4j, a graph database, to model the relationships between technologies, systems, teams, and version constraints. This enables powerful queries about technology usage and compliance.

Core Nodes

• Technology — Approved technologies with versions and metadata
• System — Deployable applications and services
• Component — SBOM entries (libraries, packages)
• Team — Organizational teams
• VersionConstraint — Version range constraints for technologies
• License — Software licenses
• Version — Specific versions of technologies
• Repository — Source code repositories
• AuditLog — Change tracking entries

Key Relationships

• Team -[:STEWARDED_BY]-> Technology — Technical governance responsibility
• Team -[:OWNS]-> System — Operational ownership
• Team -[:USES]-> Technology — Actual technology usage
• Team -[:APPROVES]-> Technology | Version — TIME framework approval
• Team -[:MAINTAINS]-> Repository — Repository maintenance
• Technology -[:HAS_VERSION]-> Version — Version tracking
• Component -[:IS_VERSION_OF]-> Technology — Component to technology mapping
• System -[:USES]-> Component — System dependencies
• System -[:HAS_SOURCE_IN]-> Repository — Source code location
• VersionConstraint -[:GOVERNS]-> Technology — Constraint scope
• AuditLog -[:PERFORMED_BY]-> User — Who made the change
• AuditLog -[:AUDITS]-> Entity — What was changed

Query Examples

The graph model enables queries like:

• Find all systems using a deprecated technology
• List teams affected by a license rule change
• Trace component dependencies across systems
• Identify compliance violations
• Track all changes made by a specific user