About Sonatype

News Releases

Sonatype Delivers Component Intelligence at Build Time with Insight for CI

Published: May 23, 2012 09:22


Sonatype, the leader in component lifecycle management, today announced the availability of Sonatype Insight for Continuous Integration (CI), the company’s latest addition to its Insight line of intelligent tools for component-based software development.  With Insight for CI, software developers can surface quality, security, and licensing problems and enforce open-source policy at build time, before fixes become costly and time consuming.  Insight for CI supports agile development processes with analysis of every component in every build, alerting developers immediately of any changes or policy violations that put their project at risk.

The Sonatype Insight suite of information services and intelligent tools provides unique visibility and control over component quality, security and licensing, enabling organizations to capture the value of open source without the risk.  As modern software applications have evolved from custom code to binary assembly, development organizations have turned to Sonatype for efficient mechanisms to intelligently manage the growing number of software components they rely upon.  With Insight for CI, Sonatype extends component intelligence to Hudson and Jenkins users, helping developers find and fix problems at build time to avoid risks and improve software quality.  

Insight for CI solves a big problem that anyone developing software today should care about – how do you discover security and licensing issues with third party components?” said Scott Wolk, Director of Operations and Quality Assurance at Netbase.  “We've been impressed with how quickly Insight for CI delivers useful results – it’s perfect for our non-stop build process and for running daily checks.  We are avoiding real risks without disrupting our development process.”

Key features in Sonatype Insight for CI include:

  • Component Analysis with Every Build: Insight for CI analyzes every component in every build, including dependencies. Users can set alerts to notify them when components are inappropriately licensed for a project, have known security vulnerabilities or otherwise violate corporate standards or policies.
  • Create Customized Rules that Support Open Source Policies: Insight for CI allows organizations to configure rules to specify which licenses, vulnerabilities or labels should fail builds or when alerts should be issued.  Custom labels provide the flexibility to support open-source policies and meet the specific needs of an organization. For instance, if a developer wants to be sure that all components have been reviewed, a white-list label would be required. Alternately, a build could be configured to allow all components with the exception of those labeled as black-listed.
  • Support for Hudson and Jenkins: Insight for CI will support the open source CI servers Hudson and Jenkins immediately with additional CI servers to be added in coming months.

“The market has moved to agile development and continuous integration to reduce delivery cycles, but this demands having the right information at the right time,” said Jason van Zyl, CTO and Founder of Sonatype. “Insight for CI gives developers the quality, security and licensing information they need, when they need it – at build time.”

As the operators of the Central Repository – the software industry’s primary source for open source components, housing more than 300,000 components and serving more than five billion requests per year – Sonatype has developed a unique set of offerings to help organizations more effectively leverage component-based software development. The company has built a sophisticated infrastructure for mining virtually everything knowable about a given software component, coupled this with public and private metadata resources, and delivers practical intelligence directly into the tools that developers use every day.

To learn more about Sonatype Insight for CI register to attend the May 23, 2012 Webinar here: http://sonatype.com/Services/Webinars or visit the product page: http://www.sonatype.com/Products/Sonatype-Insight/Insight-for-CI

Sonatype is leading the component revolution.  The company’s innovative component lifecycle management products enable organizations to realize the promise of agile, component-based software development while avoiding security, quality and licensing risks.  Sonatype operates the Central Repository, the industry's primary source for open-source components, housing more than 300,000 components and serving more than five billion requests per year from more than 60,000 organizations.  The company has been a pioneer in component-based software development since its founding by Jason van Zyl, the creator of the Apache Maven build management system and the Central Repository.  Since that time, Sonatype has been a leader in core open source software development ecosystem projects used by more than nine million developers including Nexus, m2eclipse, and Hudson.  Sonatype is privately held with investments from Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures.  Visit:  www.sonatype.com or follow Sonatype on Twitter @SonatypeCM

Apache, Apache Maven and Maven are trademarks of the Apache Software Foundation.

Silver Spring, MD