Revolutionizing DevOps with CALM: The Open-Source Architecture-as-Code Solution
Morgan Stanley’s open-sourcing of CALM (Common Architectural Language Model) marks a significant shift in the finance sector’s approach to innovation and collaboration, enabling dynamic architectural diagrams, reusable patterns, and automated security/compliance workflows.
Introduction to CALM and Its Impact on DevOps
CALM is an “architecture-as-code” solution designed to automate and standardize architectural documentation, compliance, and security validation in enterprise DevOps environments. By translating application design directly into code, CALM allows for dynamic updates and enforcement of standards, significantly reducing deployment review timelines and bottlenecks. As Morgan Stanley’s open-sourcing of CALM demonstrates, this approach can facilitate over 2,000 application deployments across multiple organizations, with 1,400 within Morgan Stanley alone.
Key Features and Benefits of CALM
The key features of CALM include:
- Architecture as Code (AasC): Encodes organizational architectural patterns and design intent as machine-readable code
- Automated Compliance and Security: Automates regulatory, security, and compliance checks, accelerating application deployments and reducing manual bottlenecks
- Industry Adoption and Scale: Facilitates large-scale deployments across multiple organizations
- Open Source and Industry Standardization: Released via FINOS, CALM is intended to serve as an industry-wide standard for architectural governance and compliance automation
- Integration with Existing DevOps Workflows: Supports integrations with tools like OpenShift, ArgoCD, and GitOps-based enforcement
As DevOps.com notes, CALM’s architecture-as-code approach is transforming enterprise DevOps by improving deployment cycles and business agility.
Real-World Examples and Use Cases
CALM has been successfully deployed in various real-world scenarios, including:
- Morgan Stanley Internal Deployments: Over 1,400 deployments internally, where CALM has accelerated architecture approval and compliance sign-off
- Multi-Firm Use: More than 2,000 deployments across industry partners, demonstrating broad adoption beyond Morgan Stanley
- OpenShift Integration: Used alongside compliance operators to validate and enforce architectural and security evidence at scale
- Automated Approval Process: Enables digital signatures across architectural, security, and infrastructure groups, with automated manifest comparison for release audit and change management
As OpenSource For U reports, CALM has reduced compliance review cycles from six months to two weeks in some environments.
Expert Insights and Quotes
According to
Matthew Bain, Distinguished Engineer at Morgan Stanley
, “Calm is already in use in several firms, where it is being used to document architectures of existing systems, enable pattern-based automated security approvals and has already underpinned well in excess of 2,000 application deployments.”
Jim Gough, Distinguished Engineer at Morgan Stanley
, notes, “If you don’t want to use Calm … it’s going to take you six months. So, which do you want? Two weeks or six months?”
Mitch Ashley, VP and Practice Lead Software Lifecycle Engineering at The Futurum Group
, comments, “Morgan Stanley’s open-sourcing of CALM represents a genuine innovation that turns architecture into a machine-readable, dynamic asset rather than a static liability.”
Conclusion and Call to Action
In conclusion, CALM is revolutionizing DevOps by providing an open-source architecture-as-code solution that automates and standardizes architectural documentation, compliance, and security validation. With its key features, benefits, and real-world examples, CALM is poised to become an industry-wide standard for architectural governance and compliance automation. To learn more about CALM and its potential to transform your organization’s DevOps practices, explore the official FINOS CALM project documentation and discover how you can leverage this innovative solution to improve deployment cycles and business agility. Share your thoughts and feedback on this article, and let’s continue the conversation on the future of DevOps and architecture-as-code.
