Skip to main content

DORA contextual menu: how feature flags transform our application

Anthony Bouyer ·

Optimising customer experience: integrating feature flags with GrowthBook

Since 2024, our Product strategy has resolutely shifted toward stronger customer collaboration. By listening to needs and integrating feedback, we have introduced innovations that transform the user experience. One of the recent pillars is the implementation of feature flags — a revolutionary tool that lets us test, enable or disable features in a targeted, secure way. A look back at this ambitious project, culminating in the integration of GrowthBook into our application.

Project journey: feature-flag adoption

The idea of implementing a feature flags system emerged in early 2024. Initially, we considered developing our own custom solution from scratch. However, after several iterations and given the technical and operational complexity, this project couldn’t deliver.

We then explored open-source alternatives and identified GrowthBook as an ideal candidate. This powerful, modular and self-hosted tool matched our flexibility and security requirements perfectly. Our development teams worked closely with Product and Security teams to guarantee an integration aligned with performance, data-protection and UX standards. This synergy enabled deployment of a robust solution aligned with user needs while respecting regulatory and technical constraints.

What are feature flags?

Feature flags are software mechanisms that let you enable or disable features on the fly, without requiring a full deployment. They offer unmatched flexibility to test new features, gather real-world user feedback and roll out progressively or in a limited way.

One strength of our implementation is the ability to activate these feature flags based on several specific criteria:

  • Domain name: conditions activation for a particular environment, whether dedicated or shared.
  • User: enables features for specific users, easing internal testing or restricted groups.
  • Ecosystem: defines a set of organisations belonging to the same group (e.g., partners or subcontractors of a key client).
  • Organisation: enables features for specific entities such as subsidiaries, subcontractors or operational divisions.

Thanks to this granularity, we can personalise the user experience and limit deployment risks.

GrowthBook: a powerful, technical tool

To meet robustness and flexibility requirements, we chose GrowthBook, an open-source solution integrated directly with our servers — data never leaves our servers.

GrowthBook runs on a real-time evaluation engine. When a user interacts with the application, the tool determines in milliseconds whether a specific feature should be enabled, based on defined rules — domain name, user or ecosystem. This architecture ensures precise, dynamic feature management while maintaining optimal performance.

GrowthBook also offers a complete REST API for programmatic interaction. A REST API is a standardised interface that lets different applications communicate via HTTP requests — sending data (e.g., enabling or disabling a feature) or retrieving information (experimentation results, feature-flag status) using simple formats like JSON.

The GrowthBook API uses personal access tokens or secret keys to connect a specific environment to the GrowthBook application. These tokens guarantee secure communication.

By hosting GrowthBook on our own servers and using its robust API, we ensure transparent, secure integration while offering increased flexibility to meet our users’ specific needs.

Security and reliability: a pillar of our integration

Security was an absolute priority:

  • Secure hosting: GrowthBook is deployed on our internal network, guaranteeing full data control and GDPR compliance.
  • Audits and traceability: every feature-flag decision is recorded — who enabled or disabled a feature, and why.
  • Controlled source code: with an open-source solution, we can review, audit and adapt GrowthBook’s code to our specific needs without depending on a third party.

Concrete application: the DORA contextual menu

The first major use case of this integration was compliance with the DORA regulation (effective from 17 January 2025). With feature flags, we developed a contextual menu letting customers check which application modules help them meet the 5 DORA pillars:

  1. ICT risk management.
  2. ICT incident management.
  3. Resilience testing.
  4. Third-party risk management.
  5. Information and intelligence sharing.

This feature, enabled on demand, allows progressive adoption by users whose ecosystem is affected by this regulation.

Conclusion: a step toward a more agile product

Integrating feature flags with GrowthBook marks a key step in our continuous-improvement journey. By getting closer to real customer needs while guaranteeing security and performance, we take another step toward more agile, proactive compliance and cybersecurity management.

Stay tuned for the next steps in our Product transformation!

Related articles

9 best practices to strengthen cybersecurity in your company

9 best practices to strengthen cybersecurity in your company

Read →
AI Act: who is concerned, by what, and how to comply

AI Act: who is concerned, by what, and how to comply

Read →
Cybersecurity risk assessment: how to identify, evaluate and control threats to your company

Cybersecurity risk assessment: how to identify, evaluate and control threats to your company

Read →