Your connectors are live. Your inventory is building. Now it’s time to turn raw data into governed outcomes. This guide walks you through your first governance cycle: inspecting what Draftt found, setting the rules, and closing the loop so debt gets eliminated, not just reported.
Phase 1: Identify — Know What You’re Carrying
Read the Room
Open the Tech Debt Inventory. This is ground truth for your entire tech stack: every component, its current version vs. latest available, known CVEs, configuration baseline status, ownership signals, and cost footprint.
Use filters to slice by connector, resource type, severity, or team. Click any resource to open its full governance profile: version gap analysis, dependency chain, blast radius, related findings, and the complete ownership trail.
On your first pass, look for the four patterns that matter most:
- EOL ticking clocks — Components approaching or past their vendor support date. These are the findings that will eventually become incidents.
- Orphaned infrastructure — Resources with no ownership signal from any source. If nobody owns it, nobody is maintaining it.
- Baseline drift — Production resources that diverge from your expected configuration. Encryption disabled, public access open, backup retention too short.
- Silent cost bleed — Resources with zero recent activity still burning budget.
Already connected Port? IDP data is the highest-confidence ownership signal in Draftt. If ownership looks sparse, this is the connector to prioritize next.
Phase 2: Understand — Define What Good Looks Like
Raw inventory is a spreadsheet. Governance requires intent. This is where you declare your organizational standards.
Set Your Governance Baseline
Go to Governance Policies and define two or three rules that represent real organizational priorities. Not aspirational. Real. Rules that, if violated today, would make someone lose sleep:
- “Production databases must not be within 90 days of EOL”
- “All storage must enforce encryption and block public access”
- “No production resource should be unowned”
Draftt evaluates every resource against active policies and surfaces violations as findings — each with what is wrong, why it matters, and a recommended path to resolution.
See Governance Policies for the full configuration guide.
Phase 3: Eliminate — Close the Loop
A finding in a dashboard is a statistic. A finding in the right engineer’s queue with remediation steps and full context is work that gets done. This is where governance becomes operational.
Route Findings to Your Ticketing System
Go to Settings > Integrations and connect your ticketing platform. Tickets can be created manually from any finding or configured to be triggered automatically. Each ticket includes what is wrong, why it matters, and step-by-step remediation guidance.
| Platform | Auth Method |
|---|
| Jira | Atlassian OAuth |
| ServiceNow | OAuth 2.0 Client Credentials |
| Azure DevOps | Entra ID App Registration |
Set Up Alerts
Connect at least one notification channel so findings reach people when they matter.
| Channel | Setup |
|---|
| Slack | Real-time alerts to any channel |
| Microsoft Teams | Adaptive cards with finding context |
| Email | Scheduled digests and event-based alerts |
The Governance Cycle Is Running
You have a closed loop: inventory evaluated against your policies, findings routed as actionable work to the right people through the tools they already use.
Everything from here is refinement. Every suppressed finding, adjusted threshold, and routing rule you configure takes effect on the next scan. 
