Creating a custom library

Edit online

Create a custom resilience library to define requirements and metrics that align with your organization’s internal standards, scoring models, and resilience practices.

Introduced in Concert v2.2, custom libraries allow you to define your own requirements, metrics, weights, indicator types, target score and risk thresholds. Use custom libraries when internal standards or customer application-specific scoring models differ from default Concert libraries.

A custom library follows the same structural model as default libraries. Requirements are organized under the standard resilience categories:
  • Availability
  • Integrity
  • Maintainability
  • Observability
  • Recoverability
  • Scalability
  • Security
  • Usability
Note: Requirements using criteria_type: "snippet_ref" are not supported in SaaS platform.
With each category, you can create any number of requirements and associate metrics to represent the resilience indicators you want to measure. You can create a custom library using:
  • Importing a library package
  • Manual creation through UI (user interface)

Before you begin

Ensure the following before creating a custom library:
  • You must have L1 Admin privileges to create, edit, or delete libraries and metrics.
  • You must have identified the requirements, target scores, and metrics you want to include based on your organization’s resilience model.
  • You must include at least one requirement and one metric for the library to be used in resilience profiles.
  • If your custom library includes code snippets, ensure the snippet is reviewed and approved according to your organization’s security and operational standards. Snippets should accurately reflect your intended evaluation logic and adhere to internal best practices. The snippet_ref criteria_type is not supported in SaaS environments.
    • For snippets of type snippet_ref that represent code executed as part of the requirement (NFR) process, the results must include data_completeness_impact, recommendation, and score.
  • If you plan to import a library package, ensure the archive meets the following constraints:
    • Password-protected archives are not allowed.
    • Supported compression formats: .zip, .tar, .tgz
    • Nested archives are not allowed due to security restrictions (zip-bomb / tar-bomb protection).
    • Archives with excessive compression ratios (>100:1) will be rejected.
    • Archives with more than 1,000 files will be rejected. Extracted archive size must not exceed 1 GB.
    • If your custom library package includes language files, ensure that each file name includes the externals_ prefix (for example, externals_fr.json for a French language file).
    • The file name of list of new input metrics that are part custom library must be in exactly input_data_keys.json.

Method 1: Importing a library package

Concert allows importing a .zip, .tar, or .tgz file containing the required library structure (requirements + metrics). This is ideal for teams that maintain standard scoring packages or want to reuse libraries across environments.

To import a custom library package:
  1. Go to Dimensions > Resilience > Libraries.
  2. Click Create a library and select Import.
  3. Upload a .zip, .tar or .tgz file that contains the library structure.
Note: Concert provides sample library packages in a public GitHub repository.

Method 2: Creating a custom library manually

To create a custom library manually:
Note: If the existing metrics available in Concert do not meet your custom library requirements, you can create new metrics before continuing. Ensure all required metrics exist so that the library can be configured correctly during creation.
  1. Go to Dimensions > Resilience > Libraries.
  2. Click Create library and select Manually.
  3. Enter the library Name, then click Next.
  4. Select a resilience category on the left column (for example, Availability) and click Add requirement.
  5. Enter the requirement details:
    1. Name: A unique name for the requirement.
    2. Target score: The expected resilience score (0-100) that this requirement aim to achieve.
    3. Risk thresholds: The score ranges that determine Critical, High, Medium, and Low risk levels for this requirement.
  6. Click Next to select metrics for the requirement.
  7. In the Select and add metrics panel:
    1. Search for metrics.
    2. Select one or more metrics to associate the requirement.
    3. Default metrics are labeled as Default.
  8. Click Add to include the metrics in the requirement.
  9. After adding metrics, configure each metric as needed:
    1. Use the Edit icon to update the metric.
      1. Update the weightAssign a weight value from 0 to 10 to indicate the relative importance of this metric within the requirement:
        • 0 = Not assessed (metric is excluded from scoring)
        • 1 = Least weight (minimal impact on the overall score)
        • 10 = Most weight (maximum impact on the overall score)

        Metrics with higher weights have greater influence on the calculated requirement score. Use weights to prioritize the metrics that are most critical to your organization's resilience goals.

      2. Adjust levels (0, 25, 75, 100, or custom values). Configure metric levels in either ascending or descending order based on whether higher or lower values indicate better performance:
        • Descending order (e.g., 100, 75, 25, 0): Use when higher metric values indicate better performance. Example: Availability percentage - 99% uptime receives a higher score than 10% uptime.
        • Ascending order (e.g., 0, 5, 10, 20): Use when lower metric values indicate better performance. Example: Downtime hours - 2 hours of downtime receives a higher score than 15 hours of downtime.
        • For a detailed explanation of how Concert calculates scores based on configured levels, see Metric levels in Understanding resilience scoring
      3. Select the indicator type (manual, leading, or lagging).
    2. Use the Remove icon to delete a metric from the requirement.
  10. Repeat the steps to add requirements under other categories as needed.
  11. When all requirements and metrics are configured, click Create.
  12. A confirmation message appears when the library is successfully created.

Note: A custom library cannot be deleted if it is referenced by:
  • A resilience profile.
  • A posture assessment plan.
  • A resilience assessment.

A custom library can be deleted only after all dependent resources are manually removed. Ensure that any profiles, posture plans, or assessments referencing the library are deleted before attempting to remove the library itself.

Exporting libraries

You can export one or more resilience libraries for reuse across environments or for backup purposes. Concert supports exporting default, custom, or a combination of both library types.

To export libraries, refer to the following instructions:
  1. Go to Dimensions > Resilience > Libraries.
  2. Select the libraries you want to export in the checkbox beside Library name column. You can select a single library or multiple libraries in combination.
  3. Click Export.
  4. A confirmation message appears when export is successful.
Note: Export is successful only for valid library_ids. If the export request contains invalid IDs, those IDs are logged with warning messages.

Custom libraries give organizations control over the resilience indicators, scoring thresholds, and metric structures used in Concert. By defining requirements and metrics that match internal standards, organizations can build resilience assessments that accurately reflect their operational environment.

Note: For actions that are generated from custom resilience libraries, the generated recommendations and action plans are based on the requirement definitions, metric descriptions, and overall library configuration. Ensure that custom libraries are configured with accurate and meaningful descriptions to improve the quality of generated recommendations. For information about creating custom libraries, see Guidelines for configuring custom libraries.