Take Control of Your InnerSource Components with InnerSource Insight

Today, Sonatype announced “InnerSource Insight,” an industry-first capability within Nexus Lifecycle that makes it easier and safer for developers to use components developed by others within their organization.

Before we talk about the product or the functionality, we have to dig into why InnerSource is so useful and important.  We’ll start with a short explanation of important concepts within open source to grasp, followed by InnerSource. From there, we can explain why it’s so important to manage, and what we’re doing at Sonatype to make that easier. 

What is a component or dependency? 

To help understand InnerSource, we need to understand some foundational concepts.

The first concept is a form of reusable software code known as a “component” that is easily shared between software projects. This is similar to how a car engine is made up of thousands of parts and some of those parts may be in use across different models.

Sponsorships Available

Sponsorships Available

Sponsorships Available

In software, most components come from open-licensed, publicly available sources that are consumed by other applications.  Like a car, some parts could be thought of as a parent (like an engine) or child (like gear inside the engine).  In this example, the car is parent to the engine and engine is parent to the gear.

When components become dependencies

For developers, these are just components that they use to build with, but when other software starts to rely on these components, they’re often referred to as “dependencies.”  Here, there are two major types:

Direct Dependencies –  Open source components are often added directly to the codebase (or their dependency tree) by software engineers. Further, a direct dependency is referenced directly by the program itself and are the “parents.” They control who their children (transitive dependencies) are, and whether or not they (Read more...)