Open-Source Software Management From Sonatype

Sonatype Insight manages the use of open-source software in enterprise systems development

Sonatype has delivered Insight, a new suite of software products and services to help ensure the integrity of open-source components in the software supply chain of enterprise systems.

Sonatype Insight provides visibility and control of open-source component use by development teams to enable user organisations to benefit from the economic and development efficiencies of open source without quality, security or licensing risks, the company said.

Java Developer Appeal

Sonatype Insight is non-intrusive and tightly interwoven with existing development processes, the company said. User organisations can gain actionable intelligence about open-source use at any stage of the application-development process. After applications are released to production, Sonatype Insight continuously monitors their bill-of-materials and alerts users if new quality or security defects are uncovered.

Wayne Jackson, CEO of Sonatype, said in a statement, “As the pervasiveness of open source continues, the market opportunity for Insight is tremendous and should appeal to all Java software developers (six million and counting) and any company in the world that has used open-source components at any point during the development of mission-critical applications.”

Sonatype officials said Sonatype Insight leverages the Central Repository – the repository for open-source software (OSS) components used by more than 40,000 organisations and containing more than 300,000 Java components from open-source projects. Indeed, according to Sonatype, in addition to containing more than 300,000 Java components, the Central Repository is on pace to support 90 percent of all Java open-source projects by the end of 2011.

Moreover, as the principal caretaker of the Central Repository, Sonatype can provide more than manual checks and first-generation scans to discover the composition of applications. Sonatype Insight goes deeper to find flawed components, even when they are hidden deep in an application’s dependency tree. As a pioneer in open-source development tools, Sonatype designed Insight to integrate with the development process to ensure only components that meet an organisation’s quality, security and licensing standards are used – from the design stage through to production, the company said.

Three Components

Sonatype Insight is comprised of three integrated products:

Management Insight: Provides visibility, proactive monitoring and actionable intelligence about organisationalOSS usage including security, licence and quality metadata for components.

Development Insight: Enables proactive management ofOSS component usage throughout the software development process. Plug-ins for existing development tools deliver quality, security and licensing information where it is needed without disrupting the development process.

Application Insight: Analyses and continuously monitors the composition of software applications, ensuring that they do not have hidden security, licence or quality risks caused by incorporating problematic OSS components. The product notifies users immediately of newly discovered flaws in components – even after applications are in production.

“The launch of Insight is a defining moment for Sonatype in its corporate history and marks a turning point in our strategic direction,” said Jason van Zyl, founder and CTO of Sonatype, in a statement. “Building on our deep roots in open-source development, we have built a product that integrates with the development process to provide helpful, proactive information rather than being a burden or afterthought to developers. Sonatype Insight delivers actionable information to the right people, in the right context, at the right time – without disrupting their development processes.”

“Without a governance program and an accompanying management policy, the IT organisation cannot hope to manage, audit or track open-source assets that come into or leave the enterprise, and it cannot measure the appropriate use of open-source assets within the broader IT portfolio,” said Mark Driver, an analyst with the Gartner market research firm.

Moreover, according to Gartner, by 2016, OSS will be included in mission-critical software portfolios within 99 percent of Global 2,000 enterprises, up from 75 percent in 2010. Meanwhile, a January 2011 survey of 1,600 software developers, team leads and architects conducted by Sonatype found that 87 percent of component use is ungoverned.