Understanding Microservice Dependencies: A Complete Taxonomy from 2,659 Sources
In microservice architectures, dependencies are the invisible threads that hold everything together—and when they break, your entire system can unravel. Yet despite their critical importance, there's been no unified framework for understanding, categorizing, and managing these dependencies.
Our multivocal literature review—published in the Journal of Systems and Software (JSS)—synthesized 2,659 sources (1,733 academic papers + 926 grey literature articles) to create the first comprehensive taxonomy of microservice dependencies. We identified 28 distinct dependency types across 6 categories, plus 11 symptom patterns that indicate underlying dependency issues.
The Big Picture
Before diving into details, here's how the 90 synthesized studies map across dependency types, tools, and quality impacts:
The flow reveals a critical insight: Control Dependencies dominate research attention, while Semantic and Quality Attribute Dependencies remain underexplored—despite their significant impact on system maintainability.
The Unified Dependency Taxonomy
We developed a comprehensive taxonomy that organizes all identified dependencies into 6 primary categories and 4 symptom categories. This framework provides a common vocabulary for both researchers and practitioners.
The 6 Primary Dependency Categories (D1-D6)
| Category | Dependency Types | Associated Artifacts |
|---|---|---|
| D1. Data Dependency | Data Schema, Parametric | ORM, DTO, API parameters |
| D2. Control Dependency | Synchronous, Asynchronous, Call-Return, Transaction | Endpoints, Message Events, Method Calls |
| D3. Resource Dependency | Source Code, Core, Starter, Database, Environment, Cluster, Network | Libraries, Containers, Config Files |
| D4. Semantic Dependency | Semantic (functional similarities) | Method Definitions |
| D5. Quality Attributes | Quality Attributes, Security | SLA Documents, Policies |
| D6. Requirement Dependency | Functional/Domain | Business Process Documents |
Key Finding
Control Dependencies (D2) receive the most research attention, but our analysis shows that Resource Dependencies (D3) cause the most cascading failures in production systems. The gap between research focus and practical impact suggests opportunities for tool development.
Understanding Each Dependency Category
D1. Data Dependency
Data dependencies arise when microservices share or interact with common data entities.
Data Schema Dependency occurs when multiple services interact with overlapping database schemas or data transfer objects (DTOs). Changes to schema design can cascade across all dependent services.
Parametric Dependency describes how input parameters influence service behavior and inter-service communication. Configuration changes can silently break downstream services.
Common Pitfall
Shared database schemas between microservices create hidden coupling. When Service A modifies a table structure, Services B, C, and D may fail silently or corrupt data.
D2. Control Dependency
Control dependencies govern how services interact and coordinate their execution.
| Type | Description | Impact |
|---|---|---|
| Synchronous | Service waits for response before proceeding | Tight coupling, latency propagation |
| Asynchronous | Services communicate via message brokers | Temporal decoupling, eventual consistency |
| Call-Return | Method invocations between services | Functional coupling |
| Transaction | Database transactions spanning services | Consistency requirements, distributed locks |
D3. Resource Dependency
Resource dependencies (also called Technology Dependencies) occur when services share infrastructure or code resources.
- Source Code Dependency: Shared libraries between services
- Database Dependency: Multiple services accessing the same database instance
- Environment Dependency: Configuration settings, credentials, environment variables
- Cluster Dependency: Services relying on specific containerized environments (Docker, Kubernetes pods)
- Network Dependency: Reliance on network protocols (HTTP, gRPC, message queues)
D4. Semantic Dependency
Semantic dependencies emerge from functional similarities between services. Services performing similar tasks may need coordinated updates to maintain consistency across the system.
D5. Quality Attributes Dependency
These dependencies relate to non-functional requirements:
- Security: Authentication, authorization, encryption dependencies
- SLA Requirements: Performance, availability, and reliability constraints
D6. Requirement Dependency
Functional dependencies based on business process flows, often mapped using Domain-Driven Design (DDD) principles.
Dependency Symptoms (S1-S4)
Beyond the primary categories, we identified symptom patterns—manifestations of underlying dependencies that indicate potential issues.
| Symptom Category | Types | Description |
|---|---|---|
| S1. Stage of Operation | Development, Deployment, Runtime | When the dependency manifests in the lifecycle |
| S2. Level of Criticality | Hard, Soft | Impact severity when dependency fails |
| S3. Temporal | Temporal | Time-sensitive relationships and state changes |
| S4. Various | Null, Inter-Microservice, Cyclic, Transitive, Inferred | Cross-cutting dependency patterns |
Critical Symptom: Cyclic Dependencies
Cyclic dependencies (S4) occur when services form dependency loops, creating deployment nightmares and scalability barriers. Our review found this pattern in 23% of analyzed systems, often requiring architectural refactoring to resolve.
Tools for Industry Practitioners
Our review identified 20+ tools for dependency detection and management. Here are the most useful ones organized by use case:
Dependency Analysis & Visualization
| Tool | Purpose | Analysis Type | Languages | Link |
|---|---|---|---|---|
| GSMART | Generates Service Dependency Graphs (SDGs) | Static | Java | Code |
| MicroDepGraph | Analyzes Docker configs to reveal dependencies | Static | Java | Code |
| SYMBIOTE | Monitors coupling evolution and architectural degradation | Dynamic | Java | Code |
| Code Compass | Deep parsing and visualization of large codebases | Static | C/C++, Java, JS | Code |
| MAAT | Evaluates microservice architecture quality | Both | Java, C#, Python | Code |
Root Cause Analysis & Fault Diagnosis
| Tool | Purpose | Key Innovation | Link |
|---|---|---|---|
| TraceNet | Root cause localization via trace analysis | Operation-level SDG construction | Code |
| T-Rank | Performance diagnosis using spectrum-based analysis | Lightweight, high accuracy | — |
| Triple | Interpretable anomaly detection | STGCN-based Deep SVDD | — |
Resource Management & Autoscaling
| Tool | Purpose | Approach | Link |
|---|---|---|---|
| ChainsFormer | Optimizes resource allocation via dependency chains | Reinforcement learning | — |
| DeepScaler | SLA-aware autoscaling | Deep learning with attention-based GCN | — |
Industry-Grade Observability Platforms
Impact on Software Quality
Our review examined how dependencies affect key quality attributes:
| Quality Attribute | Impacting Dependencies | Management Strategy |
|---|---|---|
| Maintainability | Data Schema, Source Code, Cyclic | Loose coupling, interface contracts, dependency inversion |
| Performance | Synchronous, Network, Transaction | Async patterns, caching, circuit breakers |
| Availability | Hard Dependencies, Runtime, Database | Fault tolerance, graceful degradation, bulkheads |
| Scalability | Control Flow, Cluster, Resource | Horizontal scaling, service mesh, load balancing |
| Security | Security, Environment, Network | Zero trust, secrets management, mTLS |
Key Insight
56% of studies found that poorly managed dependencies directly impact system maintainability. The most effective mitigation strategy is proactive dependency detection during the development phase, before issues propagate to production.
Practical Recommendations
For Architects and Team Leads
- Map dependencies early — Use tools like GSMART or MicroDepGraph during design reviews
- Classify by criticality — Distinguish hard vs. soft dependencies to prioritize resilience efforts
- Monitor coupling evolution — Tools like SYMBIOTE can detect architectural degradation before it becomes critical
- Adopt interface-first development — Define contracts before implementation to prevent hidden dependencies
For Developers
- Avoid shared databases — Expose data through dedicated services with REST APIs
- Prefer asynchronous communication — Reduces temporal coupling and improves resilience
- Use feature flags for gradual rollouts — Enables backward-compatible API evolution
- Implement circuit breakers — Prevents cascading failures from dependency issues
For DevOps Teams
- Integrate dependency scanning into CI/CD — Catch issues before deployment
- Use observability platforms — New Relic, Ortelius, or OpenTelemetry for runtime dependency tracking
- Containerize with clear dependency boundaries — Explicit Dockerfile and Kubernetes manifests
- Automate dependency updates — But with careful testing to prevent breaking changes
Benchmarks for Testing
The research community has developed several benchmarks for testing dependency-related tools:
Open Challenges
Despite significant progress, several challenges remain:
- Automated taxonomy application — No tools yet automatically classify dependencies into our taxonomy
- Cross-language dependency detection — Most tools focus on single languages (Java dominates)
- Runtime vs. design-time gap — Static analysis misses dynamic dependencies; dynamic analysis is resource-intensive
- Semantic dependency detection — Understanding functional similarities requires advanced NLP/ML approaches
- Quality attribute integration — Connecting dependencies to SLA violations remains manual
Citation
@article{abdelfattah2025multivocal,
title={Multivocal study on microservice dependencies},
author={Abdelfattah, Amr S. and Cerny, Tomas and Chy, Md Showkat Hossain
and Uddin, Md Arfan and Perry, Samantha and Brown, Cameron
and Goodrich, Lauren and Hurtado, Miguel and Hassan, Muhid
and Cai, Yuanfang and Kazman, Rick},
journal={The Journal of Systems and Software},
volume={222},
pages={112334},
year={2025},
publisher={Elsevier},
doi={10.1016/j.jss.2025.112334}
}
About This Research
This work was conducted at the University of Arizona in collaboration with the University of Hawaii and Drexel University. Our team combines expertise in software architecture, microservices, and empirical software engineering.
The paper has been published in the Journal of Systems and Software (JSS), a top-tier software engineering journal. The complete replication package including all synthesized studies and extracted data is available on Zenodo.
Appendix: Complete Tool Reference
For practitioners looking for a comprehensive reference, here's the full catalog of dependency management tools organized by category.
Dependency Analysis Tools
| Tool | Dependencies Detected | Analysis | Input | Source |
|---|---|---|---|---|
| ChainsFormer | Control Flow, Call-Return | Dynamic | Traces | — |
| GDC-DVF | Control Flow, Call-Return | Both | Source Code, Traces | — |
| CMEA | Data Schema, Control Flow | Static | Source Code | — |
| MicroQA | Control Flow, Sync/Async | Dynamic | Source Code, Configs | — |
| FSB-RWRank | Control Flow, Call-Return | Both | Traces, Runtime Data | — |
Dependency Visualization Tools
| Tool | Visualization Type | Key Feature | Source |
|---|---|---|---|
| EDM/DDM | Endpoint & Data Matrices | Static analysis of Spring Boot apps | — |
| uViz | Multi-scale views (logical, physical, traces) | Flip Zooming for context preservation | — |
| ChainDet | Network traffic patterns | Real-time dynamic dependency detection | — |
| MCI Tool | Coupling metrics | Relative dependency measurements | — |