Sunday, March 31, 2019

Dependency Analytics By Red Hat











About Red Hat

Red Hat has become associated to a large extent with it's enterprise OS Red Hat Linux , Red Hat also offers RHV Red Hat Virtualization. It is standardized across environments , develop cloud-native applications and automate , secure and manage complex environments.

This post is about some new projects by Openshift under Red Hat

I would like to discuss some of the main points I have personally experienced when I saw this project while I was at Singapore for a Summit and I came to know Aagam Shah , who is a Data Scientist at Red Hat.

Dependency Analytics

This is the project it's actually for Visual Studio , It gives insights about your application dependencies: Security , License compatibility and AI based guidance to choose appropriate dependencies for your application.

This extension supports projects that uses Maven , based on Node ecosystem and Python. The team is also extending it for other languages as well , if you want you can contribute in the Repos mensioned below and extension support under Go language is in progress.
  • Flags a security vulnerability(CVE) and suggests a remedial version
  • Shows Github popularity metrics along with latest version
  • Suggests a project level license, check for conflicts between dependency licences
  • AI based guidance for additional, alternative dependencies

 screencast



So once you install this extesnion , It scans your application for security vulnerabilities .So below is the features and functions explained with a demo 


Right click on a manifest file(pom.xml/package.json) and choose 'Dependency Report ' to display it . This report gives insights of your dependencies 


 screencast

For Multi Module Maven Application 
right click on root pom.xml in editor and choose 'Dependency Analytics Report'

 screencast


It creates a folder target in workspace which is used for processing of manifest files, needed for generating stack report. So kindly add target in .gitignore.

My viewss and experience - It is a very good extension and is a very good Open Source project for young developers and it accesses only your mainfests and license files.
There are certain issues that experienced but I have seen that they have already been reported as an issue by there team on Github so I hope they will get fixed .

Some more official sources where you can more updates or can even fix some Bugs 



2 comments:

Dependency Analytics By Red Hat

About Red Hat Red Hat has become associated to a large extent with it's enterprise OS Red Hat Linux , Red Hat also o...