Open in app

Sign in

Write

Sign in

Dependency Analytics by RedHat

Champion Runner
Simply Dev
Published in
3 min readMar 14, 2020

About Red Hat

Red Hat has become associated to a large extent with its enterprise OS Red Hat Linux, Red Hat also offers RHV Red Hat Virtualization. It is standardized across environments, develop cloud-native applications and automate, secure and manage complex environments.

This post is about some new projects by Openshift under Red Hat

I would like to discuss some of the main points I have personally experienced when I saw this project while I was in Singapore for a Summit and I came to know Aagam Shah, who is a Data Scientist at Red Hat.

Dependency Analytics

This is the project it’s actually for Visual Studio, It gives insights about your application dependencies: Security, License compatibility and AI-based guidance to choose appropriate dependencies for your application.

This extension supports projects that use Maven, based on the Node ecosystem and Python. The team is also extending it for other languages as well if you want you can contribute to the Repos mentioned below and extension support under Go language is in progress.

  • Flags a security vulnerability(CVE) and suggests a remedial version
  • Shows Github popularity metrics along with the latest version
  • Suggests a project level license, check for conflicts between dependency licenses
  • AI-based guidance for additional, alternative dependencies

So once you install this extension, It scans your application for security vulnerabilities.So below are the features and functions explained with a demo

Right-click on a manifest file(pom.xml/package.json) and choose the ‘Dependency Report ‘ to display it. This report gives insights into your dependencies

For Multi-Module Maven Application

right-click on root pom.xml in the editor and choose ‘Dependency Analytics Report’

It creates a folder target in the workspace which is used for processing of manifest files, needed for generating stack reports. So kindly add-in .gitignore.

My views and experience — It is a very good extension and is a very good Open Source project for young developers and it accesses only your manifests and license files.

There are certain issues that experienced but I have seen that they have already been reported as an issue by there team on Github so I hope they will get fixed .

Some more official sources where you can more updates or can even fix some Bugs

https://marketplace.visualstudio.com/items?itemName=redhat.fabric8-analytics

https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension

https://github.com/fabric8-analytics

https://youtu.be/mnedVZ29Mlw

Red Hat Summit
Linux
Open Source
Trending
Analytics

--

--

Champion Runner
Simply Dev

Written by Champion Runner

25 Followers
Editor for

A Techno Utopian who’s a hobby is thinking and analyzing the Nature| AI at @deeplearningai_ Declarative, efficient, and flexible | Programmer in Alpha

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams