Dependency Analytics by RedHat
About Red Hat
Red Hat has become associated to a large extent with its enterprise OS Red Hat Linux, Red Hat also offers RHV Red Hat Virtualization. It is standardized across environments, develop cloud-native applications and automate, secure and manage complex environments.
This post is about some new projects by Openshift under Red Hat
I would like to discuss some of the main points I have personally experienced when I saw this project while I was in Singapore for a Summit and I came to know Aagam Shah, who is a Data Scientist at Red Hat.
Dependency Analytics
This is the project it’s actually for Visual Studio, It gives insights about your application dependencies: Security, License compatibility and AI-based guidance to choose appropriate dependencies for your application.
This extension supports projects that use Maven, based on the Node ecosystem and Python. The team is also extending it for other languages as well if you want you can contribute to the Repos mentioned below and extension support under Go language is in progress.
- Flags a security vulnerability(CVE) and suggests a remedial version
- Shows Github popularity metrics along with the latest version
- Suggests a project level license, check for conflicts between dependency licenses
- AI-based guidance for additional, alternative dependencies
So once you install this extension, It scans your application for security vulnerabilities.So below are the features and functions explained with a demo
Right-click on a manifest file(pom.xml/package.json) and choose the ‘Dependency Report ‘ to display it. This report gives insights into your dependencies
For Multi-Module Maven Application
right-click on root pom.xml in the editor and choose ‘Dependency Analytics Report’
It creates a folder target
in the workspace which is used for processing of manifest files, needed for generating stack reports. So kindly add-in .gitignore
.
My views and experience — It is a very good extension and is a very good Open Source project for young developers and it accesses only your manifests and license files.
There are certain issues that experienced but I have seen that they have already been reported as an issue by there team on Github so I hope they will get fixed .
Some more official sources where you can more updates or can even fix some Bugs
https://marketplace.visualstudio.com/items?itemName=redhat.fabric8-analytics
https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension