Channels ▼

Open Source

The Application Component Doctor Will See You Now

Sonatype has launched Insight Application Health Check, an application component analysis designed to assess the integrity of open-source components at every phase of the software lifecycle. As a Component Lifecycle Management (CLM) player, the company says that this is a means of understanding the potential risks and opportunities associated with each component in use.

NOTE: The company says its services go deep to find flawed components, even when they're hidden in an application's dependency tree.

Citing figures which report that more than 80 percent of a typical Java application is assembled from existing open-source components and frameworks, Sonatype warns that "most organizations" have only a limited understanding of the true composition of their most critical applications — which can leave them exposed to potential security, quality, and intellectual property risks.

These tools are intended for both individual developer, compliance officers (if they exist), or other "application lifecycle stakeholder", which is vendor language for "anybody at all". The on-demand service works to analyze the composition of software applications and show visibility into previously unknown risks caused by incorporating what Sonatype wants to label as "problematic" open-source components.

Users can generate a free summary report that provides a breakdown of every component in the application and alerts them to potential security and licensing problems. To drill down and explore specific vulnerabilities, there is a cost.

"Up until now, organizations either had to deal with technical and business risks or invest in expensive and cumbersome scanning technologies and consulting engagements," said Wayne Jackson, CEO of Sonatype. "Now they have an affordable alternative that yields results in minutes versus days and weeks."

All Sonatype CLM products leverage the Central Repository — the software industry's repository for open-source software (OSS) components used by more than 60,000 organizations and containing more than 400,000 Java components from all major open-source projects.

As independent as this is, Sonatype is in fact the principal caretaker of the Central Repository.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.