Sonatype, a company offering a kind of quality control for software components, has extended its reach into the container world.
The Fulton, Maryland-based company announced today a new feature called Lifecycle Container Analysis (LCA) for its Nexus Lifecycle software. LCA looks into containers and analyzes what’s at the application layer inside. Think of it as taking an automated inventory of the parts you’re putting into your application.
Tools for doing this are becoming more important as applications become more complex. Commonly, an application is built from modular parts, pieces of software assembled into a chain. That’s what the microservices movment is about: breaking large applications into pieces that can be debugged and upgraded independently.
The resulting application is like a dish assembled by a chef (a real one — we’re not talking about the Chef configuration tool), says Matt Howard, Sonatype’s senior vice president of marketing.
The problem is that as enterprises become more dependent on software, programmers get pressured to build these applications more quickly. That’s like sending a bunch of cooking assistants off to the refrigerator (equivalent to the container repository). They might not grab the best options for each ingredient.
Sonatype is a hedge against that risk. Its tools can be set up to automatically check for parameters such as licensing terms, the most recent revision date, and known malware problems. Sonatype even offers a firewall that can block any software components that break policy rules.
“Software isn’t a marginal cost of doing business any more,” Howard says. “It is the business, and there are a lot of questions about: How do we go faster? And how do we automate?”
Founded in 2008, Sonatype has built a business out of doing this for “normal” software. The company also runs, on a volunteer basis, the Central Repository for Apache Maven, the open source tool for automating software builds.