• Gain visibility and control at build time in Hudson and Jenkins.
• Find and fix license, security and quality problems quickly.
• Set rules to notify you of problems or to fail builds.

If you register, you’ll also receive access to the recording after the event. So if something comes up and you can’t make it, you won’t miss out.

Reserve Your Seat Here

As an application matures, it essentially becomes frozen in time.  As stability and production support become primary requirements, it is no longer a realistic option to upgrade to a new version of a critical framework.  Upgrading to a newer version of the Spring Framework or Hibernate become impractical when weighed against the need to reduce risk and reduce ongoing support costs for an application that has been deployed to production.

A large-scale project often selects a series of open source dependencies at the initial stages of application development.  Imagine you are working on an important customer service interface for a large company. This system is developed over the course of a number of years, and the first few months are characterized by large architectural changes. At the start of the project, the team experiments with newer versions of open source components and essentially “proves” an architecture.   As the project’s focus shifts toward business requirements and away from technology, management is less likely to give the go ahead for a critical technology upgrade.

In other words, that five year old web application that powers a core part of your business is probably using a five year old version of Hibernate or Spring.  Why?  For stability’s sake.  Why perform an upgrade if the system is still running?

What’s missing in these scenarios is an appreciation of the risks of standing still.  If you develop software using open source components, you are dealing with a steady stream of new releases and a constantly evolving set of relevant projects.  If you depend on an active project like ActiveMQ, Spring, or Hibernate, your development teams are dealing with a steady stream of releases, bug fixes, and bug reports. Good developers pay attention to these events and upgrade components with security risks as they are identified.

The problem arises when an application transitions from active development to production deployment.  When this happens, developers start to play a less important role in the day-to-day operation of the project. While you might have very quickly identified a critical security risk in an encryption library during the peak of the development lifecycle, a mature application doesn’t have as much attention from developers and there’s no good way to merge the steady stream of open source “events” with applications in production.

To address this issue, Sonatype created Application Insight.  Application Insight takes a production application and generates a bill of materials. This bill of materials is cross-checked against a stream of open source events and activity.  You will be notified immediately If a security vulnerability is identified in a component your application depends upon.

In other words, Sonatype’s Application Insight keeps a vigilant watch over applications that might not be getting as much developer attention.   It can identify previously unknown risks so that you can address the issue before it can be exploited.

Learn more about Sonatype Insight at www.sonatype.com/Insight.

Attend our webinar on Thursday, October 6th at 10:30AM EDT (GMT-0400) to see how Insight:

• Helps you manage component quality, security, and licensing
• Integrates with your tools and processes
• Monitors your applications so you’ll know when a new defect is discovered

Take 30 minutes and learn how you can build better software faster while avoiding unnecessary risks.

Register Now

All registrants will receive access to the recording after the event so if something comes up and you can’t make it, you won’t be missing out.

This is an exciting step in the evolution of Sonatype.

From our early beginnings with the Apache Maven project, to our leadership on such key projects as Nexus, m2eclipse, Hudson, p2 and Tycho, and through our stewardship of the Central Repository, we’ve always been committed to transforming software development through the use of open source.

What’s next?  How do we ensure the continued successful adoption and growth of open source in software development?  How do we help balance the beneficial economics, efficiency, and quality of open source with legitimate management concerns about quality, security, and licensing?

This challenge led us to build Insight. Insight lets developers leverage open source freely while reducing unnecessary risks.  It provides visibility and control without bureaucracy.  It enables governance without burden. In short, it’s a product suite that we, as developers, would be pleased to have in our environment.

Feedback from our pre-release customers has been very positive.  They see what we see – organizations need actionable information without disrupting their development processes.  They want to use more open source, but must avoid quality, security, and licensing risks.  They need productivity, not bureaucracy, manual research, and rework.

We’re excited about Insight and about our continued commitment to open source.  I’d encourage you to learn more at www.sonatype.com/insight or to contact me at wayne@sonatype.com if you have questions.