VersionEye can monitor your project on GitHub/Bitbucket and notify you about out-dated dependencies and license violations. The integration via the GitHub/Bitbucket API works very well and is very convenient.
However. Not everybody is using GitHub/Bitbucket. Through the VersionEye API you can create/update projects as well and take advantage of the VersionEye infrastructure. Assume you created already a project through file upload or via the URL feature. Now you want to update the project every day automatically with your current project file to get the notifications. For that purpose there is a new open source project, versioneye_update at GitHub. It’s a very simple shell script which is using CURL to upload a project file to the VersionEye API. In the first lines of the script the variables need to be configured.
#!/bin/bash
VERSIONEYE_SERVER=https://www.versioneye.com
API_KEY=<YOUR_SECRET_API_KEY>
PROJECT_ID=<YOUR_PROJECT_ID>If that is done, it’s dead easy to update an existing project. Simply run:
./update.sh <PROJECT_FILE>For example:
./update.sh composer.lockTo update an existing project with your current composer.lock file. The script will output the number the dependencies, number of out-dated dependencies and the number of license violations for the case you have a license whitelist assigned to the project at VersionEye.
This project is meant to be executed on a Continuous Integration Server. Ideally you update your VersionEye project with the current project file on each build.
Let me know how this works for you. You are also welcome to open a ticket on the repo or a to send a pull request with improvements 😉
Open Source License Compliance & Security 