DevOps.com

Where the world meets DevOps

Managing Open source software components

vishal sahasrabuddheBy on 2 Comments

Building any software need lots of efforts including resources, time, money, etc. It is really a great pleasure when it goes live or gets released. In parallel, there is always a chance that bugs may put the release in a difficult condition even after multiple rounds of testing. Teams can fix bugs related to software features or functionality, but the ones which can hit badly are

Recent Posts By vishal sahasrabuddhe
vishal sahasrabuddhe More from vishal sahasrabuddhe
Related Posts
Show more
Show less
  • Security vulnerability.
  • Licensing risk of open source component.
  • Outdated open source component.

The world is moving towards open source in a very fast pace and its growing use in software as components inside the application. Open source components are available free for us, however there could be more risk while using them. A product which is paid and commercial is bound to fix issues and provide adequate support for any vulnerability or security issue and Licensing, But open source software may have a little more of a high risk and its very important to be updated about new releases and available bug fixes.

If open source components are not monitored properly and keep up to date, that may lead the software to become vulnerable.

Above checks needs to be done during the development phase and ruled out any discrepancy related to security or legal. This check can be included as part of build process to make sure it does not pass the fist barrier and caught even before hitting the testing phase. Eventual this can save development and testing effort and their time.

There are tools available which can take care of some/all of verification of open source components in various phases.

Artifactory

This tool can verify the license of the open source component and check its compatibility with various definitions. You can even add your own license definition as per your requirement.

Sonatype Nexus and WhiteSource

These tools will verify the license and keep the component information up to date. They will check for any updates,  bug fixes for any vulnerability issues and notify the user. These tools can do component security vulnerability and license analysis with the latest available information.

Security issues would be the last thing any software developer wants. Even small legal or security problems can put your system/software in a dangerous situation. Better to secure software first then fixing it later.

Reference ->

http://www.scmtechblog.net/2015/06/managing-open-source-component.html

http://www.scmtechblog.net/2015/03/maven-repository-tools-comparison.html 

Sponsored Content
Featured eBook
The Data-Driven Case for CI: What 30 Million Workflows Reveal About DevOps in Practice

The Data-Driven Case for CI: What 30 Million Workflows Reveal About DevOps in Practice

What does a high performing technology delivery team look like? How do you know if your team is doing well? While there have been many widely reported and shared surveys on technology delivery team behavior that define the metrics for high performers (Puppet State of DevOps Report 2019, 2019 Accelerate ... Read More
%d bloggers like this: