What is a Package Dependency Manager?

This is an excerpt from Out of the Wild: A Beginner’s Guide to Package and Dependency Management, a Sonatype Guide. This is the first of three installments.

What Do We Mean When We Say Package and Dependency Management?

Terms like package manager, dependency management, repository, and repository manager are thrown around a lot in software development. Most people have at least a vague understanding of their meanings, but sometimes it’s hard to know if we’re all speaking a common language, with a common understanding, when these discussions arise.

Let’s get to the heart of what we mean when we talk about these terms in the context of DevOps.

Keeping in mind the definition of DevOps we arrived at in our own What is DevOps? article, as a “discipline rooted in collaboration and communication,” with “a common goal of shortening software delivery cycles and improving the stability of deployments,” there are many different concepts, practices, and toolsets that organizations can leverage to help enable those goals.

Some of the most common DevOps concepts and related tooling include Source Control Management (SCM) solutions like GitHub, CI/CD servers like Jenkins or Bamboo for automating stages of your software development lifecycle (SDLC), automated infrastructure configuration management tooling like Anisble, Terraform, Chef or Puppet, and containerization and orchestration tools like Docker and Kubernetes.

But there is another equally important DevOps concept, practice, and related toolset that is talked about less often than those mentioned above. Olivia Glenn-Han talks about this lesser-discussed topic in her article, The Universal Package Manager – The Most Critical Link in Your DevOps Toolchain. The Universal Package Manager can be a key component in helping “further the technical and cultural goals of DevOps” in your organization.

So let’s dive deeper into the concept and practice of package and dependency (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Ember DeBoer. Read the original post at: