VersionEye introduces “Shazam” for software libraries

“Shazaming” software libraries for versions, licenses and security

People love “Shazam” and similar services to instantly know what song is currently playing and who is the singer and author.

VersionEye adopted this concept  to Open Source Software!

Best software development practice is to leverage  software package managers such as Maven or NPM to properly manage 3rd party open source dependencies.

But in reality this is not always the case and many enterprise projects still store them in “lib” directories without further documentation.

So, who finally knows components like “beanutils.jar”?
And more important: which version + software license does it have and are there  potential known security vulnerabilities?

The VersionEye API can automatically identify such components by SHA values and send you the exact GroupId, ArtifactID and Version which allow you to also instantly retrieve:

  • VERSION,
  • LICENSE and
  • potentially known SECURITY vulnerabilities
    from the huge VersionEye database.

The veye_checker makes this process now almost as easy as “shazaming songs”

even for hundreds of components simultaneously.

More info …

Webinar (sorry in German)

Synomic Book on Enterprise Open Source Best Practice