Dependency Analytics By Red Hat

About Red Hat

Red Hat has become associated to a large extent with it's enterprise OS Red Hat Linux , Red Hat also offers RHV Red Hat Virtualization. It is standardized across environments , develop cloud-native applications and automate , secure and manage complex environments.

This post is about some new projects by Openshift under Red Hat

I would like to discuss some of the main points I have personally experienced when I saw this project while I was at Singapore for a Summit and I came to know Aagam Shah , who is a Data Scientist at Red Hat.

Dependency Analytics

This is the project it's actually for Visual Studio , It gives insights about your application dependencies: Security , License compatibility and AI based guidance to choose appropriate dependencies for your application.

This extension supports projects that uses Maven , based on Node ecosystem and Python. The team is also extending it for other languages as well , if you want you can contribute in the Repos mensioned below and extension support under Go language is in progress.

• Flags a security vulnerability(CVE) and suggests a remedial version
• Shows Github popularity metrics along with latest version
• Suggests a project level license, check for conflicts between dependency licences
• AI based guidance for additional, alternative dependencies

So once you install this extesnion , It scans your application for security vulnerabilities .So below is the features and functions explained with a demo 

Right click on a manifest file(pom.xml/package.json) and choose 'Dependency Report ' to display it . This report gives insights of your dependencies 

For Multi Module Maven Application 

right click on root pom.xml in editor and choose 'Dependency Analytics Report'

It creates a folder target in workspace which is used for processing of manifest files, needed for generating stack report. So kindly add target in .gitignore.

My viewss and experience - It is a very good extension and is a very good Open Source project for young developers and it accesses only your mainfests and license files.

There are certain issues that experienced but I have seen that they have already been reported as an issue by there team on Github so I hope they will get fixed .

Some more official sources where you can more updates or can even fix some Bugs 

https://marketplace.visualstudio.com/items?itemName=redhat.fabric8-analytics

https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension

https://github.com/fabric8-analytics

https://youtu.be/mnedVZ29Mlw