News

Sonatype Adds Build Time Plugin for Hudson and Jenkins

• By John K. Waters
• May 23, 2012

Sonatype on Wednesday unveiled a new continuous integration (CI) component for its evolving Insight tool suite. Dubbed Insight for CI, the component is essentially a plugin for the Hudson and Jenkins CI servers designed to allow software developers to surface quality, security and licensing problems at build time.

"The reality today is that about 80% of the typical Java application comprises open source components and frameworks," Sonatype CMO Charles Gold told ADTmag. "People now have this very complex supply chain, where very often they're doing more assembling of an application than building it. And that just creates a need for more sophisticated information management throughout the software lifecycle."

Launched last year, Sonatype Insight is a suite of products and services designed to help companies better manage their usage of open source Java components. The suite leverages the open source Maven Central Repository (Sonatype now calls it The Central Repository or simply "Central"), which the company administers, to generate actionable intelligence about open source software usage at any stage of the application development process.

The repository is the software development industry's most widely used resource for the exchange of open source components, the company claims. The average enterprise participating in Sonatype's latest annual Open Source Software Development Survey downloads more than 1,000 components each month, Gold said, with an even larger volume from large banks and independent software vendors (ISVs). The survey, which looks at how organizations adopt, use and support open source software, also found that, although reliance on open source components increases year-over-year, limitations on the visibility, control and management of their use throughout the enterprise "continues to plague organizations."

"As open source and better collaborative tools have increased reuse of software libraries and components, it can be difficult to know what exactly is in your product," said RedMonk analyst Stephen O'Grady in a statement. "Sonatype's recent survey highlights the potential dangers of ignorance, and the need for better component intelligence."

"In an Agile organization in particular, the cadence of the CI system is the heartbeat of the process," added Sonatype's VP of product management Brian Fox. "Having that information available continuously like this where it's most relevant and actionable." Sonatype is using the term "component lifecycle management" to describe the process.

Insight for CI component aims to show developers, quickly and precisely, exactly what's in their projects at build time. Among other things, it helps organizations to minimize or eliminate licensing risks, the consequences of which have been in the headlines lately. And having a central control point supports collaboration and consistent policy enforcement.

Sonatype is supporting both the Hudson and Jenkins projects with its Insight suite in an effort to remain agnostic, Gold said. Sonatype's user base is split about 50-50 between the two CI servers, he said. The company expects to support Atlassian's Bamboo CI in a future release. The company is also planning to add Insight plugins for other parts of the application development lifecycle.

Sponsored and licensed by the Apache Software Foundation (ASF), Maven is an open source framework and repository for building and managing any Java-based project. It started as an effort to simplify the build processes in the Jakarta Turbine project (a servlet based framework that helps Java developers quickly build Web applications). Based on the concept of a project object model (POM), Maven can manage a project's build, reporting, and documentation from a central piece of information. The project's goal today is to allow developers to comprehend the complete state of a development project in the shortest period of time. Sonatype is Maven's chief commercial sponsor.