Sonatype Provides License Analysis for NuGet Gallery Components

Date 2013/9/11 9:06:57 | Topic: Product News

Sonatype has announced an update to both the NuGet gallery and Visual Studio 2013 add-in that provides license data associated for each NuGet package based on the Sonatype Component Lifecycle Management (CLM) platform.
Sonatype's software allows organizations to develop more secure applications by identifying and replacing components with known security and licensing risk throughout the software development lifecycle. Sonatype software includes license analysis support for NuGet Packages and their subcomponents (regardless of language or platform). The license analysis results are now available as a new feature in both the NuGet gallery and Visual Studio enabling developers to get more clear license information and then select packages that fit their policies and legal requirements.

"As NuGet continues to become a more regular part of the developer workflow, it becomes important for developers to easily identify the NuGet packages that best fit their needs," said Scott Hunter, Principal Group Program Manager for the Azure Developer Experience Group at Microsoft. "Sonatype, as a part of their CLM product, has done a great job in analyzing packages and determining, among other characteristics, the appropriate set of license names associated with the package."

The composition of today's applications is often as high as 90% open source components1 and 10% custom source code. Given this, virtually all development organizations must understand and follow licensing conditions for each component and their many subcomponents. This is an often-perplexing task given the hundreds of open source license types, many with unique conditions. Through this product integration, Sonatype will provide up-to-date information directly to the developers in their day-to-day toolset, enabling them to select packages that best suit their legal requirements. 

This article comes from Software Development Tools

The URL for this story is: