Applications are rarely built from scratch today, but rather tend to leverage myriad tools and libraries as organizations increasingly move to a rapid deployment DevOps style of IT.
Software vendor Sonatype aims to help further enable the DevOps model with its new Nexus software platform that bundles and integrates its component lifecycle management (CLM) product with the Nexus code repository manager.
"We're unifying our combination of solutions as a platform, so that organizations can get the full perspective on how software is built," Wayne Jackson, Sonatype's CEO, told Enterprise Apps Today. "It's a full-on embrace of the role that supply chain concepts play in the context of DevOps."
With DevOps, developers rapidly build code that is continuously updated and pushed into operations. In the typical DevOps mode, deployment and configuration management tools including Chef, Puppet and Ansible and continuous integration tools such as Jenkins and Hudson form the cornerstone of development and deployment efforts.
Where Nexus Fits in DevOps Model
Jackson sees the Nexus platform fitting in the middle of the existing tools used in the DevOps model. Nexus can be thought of as the warehouse of parts that get turned into finished applications as well as the place where finished applications can be versioned, he explained.
"What Nexus has been optimized for now is to be a warehouse for finished goods, where things get versioned reliably and are closely integrated with orchestration and deployment technologies," Jackson said.
A key part of building modern enterprise applications is understanding the licensing requirements of application components. The CLM element of Nexus exposes the licenses of the components that are being used throughout the application development lifecycle, Jackson said. Additionally, metadata about component quality, security and intellectual property is shared for each component.
From a notification perspective, the Nexus platform can continuously help developers with component information throughout the application development and deployment lifecycle. There are different actions and controls for components that are leveraged in Nexus. For example, Jackson said a developer might want to experiment with a component that should not be allowed into production. With Nexus, the developer can be warned if the item should not be deployed and then access to block a given component can be enabled via an integration with a Chef or Puppet plugin.
The lifecycle component of Nexus is not open source, Jackson said, though Sonatype makes the functionality available for open source projects to use. The repository manager component of Nexus, however, is available as an open source project.
As the Nexus platform evolves, Jackson said more capabilities will be added to further limit the risks of intellectual property leakage.
"What we're seeing in a number of our customers is that the IP leakage is accidental," Jackson said. "Many of our customers contribute to open source projects, but many don't actually have close control over what gets contributed."
Sean Michael Kerner is a senior editor at Enterprise Apps Today and InternetNews.com. Follow him on Twitter @TechJournalist.