These are the slides from the "Continuous Updating with VersionEye" talk at code.talks 2014 in Hamburg. Nowadays modern software development without open source is almost impossible. In average a modern software project has 100 open source components. How do you keep track of these open source dependencies? How do you know that they are still alive? How do you manage the licenses for these dependencies? These are all important questions which get answered in this talk.

1. Continuous Updating

2. Who I am?
• Robert Reiz
• Software Dev since 1998
• I started VersionEye

3. What I do?
• I write crawlers
• I integrate Package Managers
• I integrate SCMs

4. VersionEye
Dependency Management
• 445K Open Source Projects
• 10 Package Managers
• 3 SCMs

5. Why
https://www.versioneye.com/statistics

6. Why

7. Why I want to stay
up-to-date?

8. 100 libraries per
project in avg.

9. How do you keep track
of your Dependencies?

10. Which Licenses are
your dependencies
using?

11. Are your dependencies
still alive?

12. You don’t know ?

13. Every dependency is a
risk factor.

14. 15 years ago we used to work with the WATERFALL MODEL
Requirements
Analysis
Design
Coding
Testing
Accepting

15. But today we are AGILE

16. Everything the Waterfall Model used
to execute in one year ...
!
... we nowadays execute in 2 weeks!

17. The way we develop software
today totally changed!

18. Being AGILE got us
CONTINUOUS Testing
CONTINUOUS Refactoring
CONTINUOUS Integration
CONTINUOUS Delivery
CONTINUOUS Deployment

19. But what about
Continuous Updating?

20. Why should I care about
Continuous Updating?

21. Core committers don’t release
new versions just for fun!

22. They always have good reasons
• Bug Fixes
• Security Fixes
• Speed & Memory optimization
• New Features

23. If you can't fly then run,
if you can't run then walk,
if you can't walk then
crawl,
but whatever you do
you have to keep moving
forward.
Martin Luther King Jr.

24. How do you ensure that new
versions don’t break the system?

25. Semantic Versioning
Migration Paths
Continuous Testing

26. http://semver.org/

27. MAJOR.MINOR.PATCH
1.MAJOR version when you make incompatible API changes
2.MINOR version when you add functionality in a backwards-compatible manner
3.PATCH version when you make backwards-compatible bug fixes.

28. Always follow the
MIGRATION PATH

29. Many small steps are
better than one big step
!
You can do SMALL MIGRATIONS on the fly.
!
BIG MIGRATIONS are risky and expensive.
!
If you miss versions, you miss migration paths, too.
And that leads to TROUBLE!

30. Don’t miss migration paths!
migrate migrate migrate
1 2 3 4
big migration … expensive!

31. Always run your TESTS against new versions

32. 2.245.022 New Releases

33. New$Releases$
Major# Minor/Patch#
6%#
94%#

34. 94% of all new releases are
harmless and you can update
without doubt.

35. Another reason for being current

36. Do you really believe
those young talents
wanna work with
COBOL?
Or other OLD SHIT?

37. Tracking versions is a pain!

38. SOFTWARE LIBRARIES
are NOT like iPhone
Apps!

39. 100 libraries per
project in avg.
After 2 weeks the first libraries are OUT-DATED!

40. Developers are missing critical BUG FIXES
and important UPDATES!

41. Manually checking for
updates is no fun!
!
It cost TIME & MONEY!
!
NOBODY WANTS TO DO IT!

42. So, how do you wanna solve this
PROBLEM

43. You have to
AUTOMATE

44. You need a TOOL for that!

45. GemNotifier Gemnasium VersionEye
Languages Ruby Ruby, Node.JS,
Python 22 Languages
GitHub no yes yes
Bitbucket no no yes
File upload no no yes
URL parsing no no yes
Changelogs no yes in progress
Security no yes in progress
Licenses no no yes
API no no yes

46. www.VersionEye.com
Keeps an eye on more than 445K open source libraries!
Supports 22 Languages and 10 Package Managers!
Integrated with GitHub, Bitbucket, Stash.
Open REST JSON API.

47. Are your dependencies
still alive?

48. KPIs

49. Heat-map for
dead / alive
Dependencies

50. Tags / Labels

51. Which Licenses are
your dependencies
using?

52. License Whitelist

53. DEMO

54. https://www.versioneye.com/api

55. M2
VersionEye
Enterprise
VM
VersionEye.com
CI
Intranet
E-Mail
data sync
SCM
VersionEye Enterprise
Updates via Docker Containers

56. Questions?
@RobertReiz #ContinuousUpdating