Sonatype helps development teams handle code dependencies
Because so much of modern development is reliant on modular components, developers often face the issue of dependency upgrades that break the functionality of their application.
In order to help teams manage this problem Sonatype is launching an Advanced Development Pack that changes the way dependencies are handled.
It enables developers to choose components based on project quality, ease-of-upgrade, and advanced knowledge of abnormal committer behavior, giving them confidence that they've chosen the best quality component available.
It helps developers understand the cost of migrating to a newer or safer version and whether it's possible to do so without breaking their code, as well as he performance of OSS projects when it comes to release frequency, cadence of dependency updates, development team size, and popularity.
It also looks at the frequency in which dependencies have become vulnerable and are remediated, and at when suspicious behavior has been observed in project code commits -- providing an early warning to malicious injection attacks from adversaries
"Developer ownership of the security and reliability of their code is increasingly important. With the Advanced Development Pack, we're bringing the most comprehensive set of data on OSS projects to their fingertips." says Brian Fox, CTO of Sonatype. "As a developer myself, my aim has always been to deliver the highest quality code to customers in the shortest period of time. But when breaking changes, compliance issues, version control, and cybersecurity vulnerabilities pop-up, delivery timelines are challenged. By reducing these speed bumps to delivery, we're going to make a lot of developers happier and enable them to spend more time innovating and less time fixing their code."
You can find out more on the Sonatype blog.