We're releasing a product today that is something of a break from our other products: Nexus Professional, Insight for CI. First, it's a service that anyone can use, it isn't aimed at developers who use Maven or Nexus or any build tool whatsoever. Second, there's no download or setup process for this product that takes longer than 60 seconds. Anyone with an email address, Java, and access to an application's binaries can run an Insight scan in minutes, and we'll send you a free summary report covering licensing and security issues that may be present in your application.
Why would you do this? Simple, it's the difference between knowing about potential license conflicts and security issues and not. Today's applications are seldom developed from scratch, instead they are assembled from a collection of high-quality, open source components. Your application is likely a collection of components and libraries that are covered under an array of different licenses, and some of these licenses expose you to a set of obligations if you distribute software. In addition to license obligations, the components are also associated with a database of known security vulnerabilities.
Running the Insight Application Health Check scan to generate a summary report is free, and once you run this service you'll know if your application has potential licensing and security issues. You don't have to configure a repository manager to scan, and you don't have to setup Jenkins or Hudson jobs to scan a project's build. We've made it very straightforward to get started, and here's a video summary of the process:
[iframe width="560" height="315" src="http://www.youtube.com/embed/videoseries?list=PL0FE8CA8091BCEE27&hl=en_US" frameborder="0" style="border: 1px solid black;" allowfullscreen/]
- Open up a web brower.
- Go to this web page.
- Agree to the EULA, and download the Insight Application Health Check scanner.
- Double-click on the Self-executing JAR.
- Fill in your email address and select an archive that contains your application alongside any of its dependencies.
- Click on Start Scan.
That's it. If it takes you longer than 2-3 minutes, I'd be surprised. Once you click on Start Scan, the Insight Application Health Check scanner scans your application's files and gathers a fingerprint for each file. It sends this fingerprint (and nothing else) back to the Insight service, and you'll receive an Insight Application Health Check report in a few minutes.
The sample report is enough to get started, here are the details. What you can see in this report is a high level summary of the components Insight found in your application, the severity of any security issues present, and the mix of licenses in your application. If you see something that captures your interest, you can then purchase a detailed report for $99 (a limited time discount off of the regular price for this report).
These detailed reports don't just identify where the security and licensing problems are. They go a step further than that. Every artifact that presents an issue is summarized and a graphical overview of the various versions of that artifact is presented to help you make an informed decision to address these issues. If you want more information about the detailed report, watch this video:
[iframe width="560" height="315" src="http://www.youtube.com/embed/nga_VBWa-Vw" frameborder="0" style="border: 1px solid black;" allowfullscreen/]