Sunday, 7 June 2015

Managing open source component

Building any software need lots of efforts including resource, time, money etc. It is really a great pleasure when it goes live or get released. In parallel, fear may come with the doubt of having bugs (even though testing is done). You can fix bugs related to software feature or functionality but the once which can hit badly are
  • Security vulnerability 
  • Licensing risk of open source component.
  • Outdated open source component.

Above checks needs to be done during the development phase and ruled out any discrepancy related to security or legal.
WhiteSource provides one fine platform to solve such issues without putting much effort by developers, So that they can concentrate on core development instead of spending time on finding these issues which can be easily handled by WhiteSource.

WhiteSource is an open source management solution which does

  • Open source licensing and compliance management
  • Open Source security vulnerabilities alerts and management
  • Executive dashboards, policy enforcement, and reporting

WhiteSource checks your software and generates open source inventory report, including detail from open source. The WhiteSource team has good understanding of open source components and they keep the inventory updated. 

WhiteSource covers almost all commonly used languages and provide detail report, This tool can track all your open source components used knowing or unknowingly within your software.

It sends alerts for any potential issue observed in open source component used by software. It does check for outdated/expired component, It provides detail on security issues found in any opensource component.

WhiteSource does not store(keep track of) any software component which is not open source, this means it's safe and your code will not be touched.

CI tool Integration (Jenkins)

They best part of the tool is that it has plugin available for the widely used CI tool - Jenkins.
WhiteSource Jenkins plugin is the best and easy way to integrate with WhiteSource to run the checks during build and integration phase in an automatic way.
Its very easy to use, not even just for Maven project also for free style projects.
Easy to configure and use within project. Only token needs to be added and plugin automatically takes care of everything.
Multiple options are available at job level to define the project and modules to be included.
Logs are pretty descriptive when plugin start processing in Jenkins job.

WhiteSource basic principle talks about
Managing the component vs governing the component.
Leave the managing part up to WhiteSource and only concentrate governance at component level in your software.