DevOps and Open Technologies

WhiteSource Acquires Renovate to Automate Dependency Updates

WhiteSource has acquired Renovate, a provider of an open source automated dependency update platform that the company plans to make available for free.

Rhys Arkins, co-founder of Renovate who is now director of product for WhiteSource, said that as software projects become more complicated, there’s an increased need for a mechanism to identify and track dependencies and automatically update them as changes and updates are made.

That requirement is becoming especially acute with the rise of microservices-based applications, which substantially increase the number of dependencies that exist within and between applications, added Arkins. Microservices make it possible for DevOps teams to build and deploy applications faster, but the dependencies between the microservices often result in an application environment that becomes too complex to manage. Most recently, Renovate added support for Helm Charts used to package applications in Kubernetes environments, on which many microservices are now being deployed.

In addition, WhiteSource plans to add support for Cocoapods, a dependency manager for Swift and Objective-C Cocoa projects.

Prior to the acquisition, WhiteSource was reselling the Renovate platform, which has more than 150 contributors. Now that WhiteSource owns the Renovate platform, including a hosted GitHub application and self-hosted GitHub and GitLab applications, the company has decided to make it available for free under the WhiteSource Renovate brand name.

In the future, The WhiteSource Renovate app will add support for Bitbucket Cloud and Azure DevOps, thereby expanding the sources of dependency data that can be employed to make updates less risky and time-consuming, said Arkins. In effect, WhiteSource wants its automated dependency platform to become a natural extension of any continuous integration/continuous delivery (CI/CD) platform, he added.

Arkins said that when it comes to managing dependencies, the biggest challenge is getting developers to identify them. In the absence of a platform for managing that process, developers will either not declare dependencies at all or, more commonly, not provide the right version number for a specific release of software on which their application is dependent. The more automated that process becomes, the less likely it is DevOps teams will find applications breaking because of a dependency that they were unaware of or lost track of at some point during the project.

With the rise of DevOps, many organizations are now employing a more structured approach to dependencies. However, Arkins noted, many organizations are unaware that an open source platform is available that automatically updates all dependencies.

WhiteSource is best known for helping organizations discover vulnerabilities in open source code. With the acquisition of Renovate, the company is furthering its ambitions to become a provider of software composition analysis tools.

It remains to be seen just how many organizations will incorporate an automated dependency update platform into their DevOps processes. While many organizations have embraced DevOps, the level of maturity in terms of DevOps sophistication is uneven. The more software projects an organization launches, however, the more likely it becomes apparent there is a need for a better way to manage software dependencies.

Mike Vizard

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Recent Posts

Building an Open Source Observability Platform

By investing in open source frameworks and LGTM tools, SRE teams can effectively monitor their apps and gain insights into…

17 hours ago

To Devin or Not to Devin?

Cognition Labs' Devin is creating a lot of buzz in the industry, but John Willis urges organizations to proceed with…

18 hours ago

Survey Surfaces Substantial Platform Engineering Gains

While most app developers work for organizations that have platform teams, there isn't much consistency regarding where that team reports.

1 day ago

EP 43: DevOps Building Blocks Part 6 – Day 2 DevOps, Operations and SRE

Day Two DevOps is a phase in the SDLC that focuses on enhancing, optimizing and continuously improving the software development…

1 day ago

Survey Surfaces Lack of Significant Observability Progress

A global survey of 500 IT professionals suggests organizations are not making a lot of progress in their ability to…

1 day ago

EP 42: DevOps Building Blocks Part 5: Flow, Bottlenecks and Continuous Improvement

In part five of this series, hosts Alan Shimel and Mitch Ashley are joined by Bryan Cole (Tricentis), Ixchel Ruiz…

1 day ago