Adding Python Support

VersionEye 2.0 started with only 3 languages. Ruby, NodeJS and PHP. Now Python was added as well!

VersionEye supports the package manger PIP. You can simply upload your requirements.txt file to get a BOM (Bill of Materials). By default the ‘requirements.txt’ file contains only the direct dependencies. I would recommend to use Pips freeze feature to lock down all transitive dependencies. That can be achieved with this command:

python -m pip freeze > frozen-requirements.txt

That command will take all direct dependencies from the requirements.txt file, resolve all transitive dependencies and create a new file frozen-requirements.txt which contains ALL (direct & transitive) dependencies with fixed versions. That’s much better then the pure requirements.txt file because the frozen version contains all dependencies which are shipped to production. That contains ALL dependencies which are necessary to run the application.

Here is an example for a Python VersionEye scan:

Try it out and let me know how you like it! Would love to hear your feedback.

If you don’t have an account yet, signup with this promotion code “Ve2Python“. That code is valid until 4th of June and gives you a 50% discount on the monthly subscription!

Security Alerts for Java & Python

A couple months ago VersionEye started to track security vulnerabilities for PHP packages. A couple weeks ago the feature was rolled out for Ruby & Node.JS dependencies as well. And now it’s rolled out for Java & Python!

Now you will see the security tab in your Java & Python projects as well. Just like in the example here.

VersionEye-Java-Project-Security

If you click on the dependency link above you will come to the package detail page where more details to the security issues are visible.

VersionEye-Java-Project-Security_2

If your project dependencies are affected the dependency badge turns to “insecure”, showing everybody that some of the dependencies have security issues.

The security feature is available via the VersionEye API as well. You can filter by language and prod_key. Feel free to build your own integration on it 🙂

VersionEye-API-Security

VersionEye notifies you about security vulnerabilities independently from the version & license notifications. The security notification emails are going out on each Tuesday.

Currently VersionEye is crawling 6 different security sources for this feature. For Java & Python we are using the victims db, which claims to have 0 false positives. Please contribute to this db if you know about a Java or Python security vulnerability and help to make the world a safer place.

Do you know more good security databases which you would like to see integrated with VersionEye? If so contact me on Twitter please.

Most referenced packages

We just updated our language pages. Up to now we only displayed the top 10 followed packages and the 10 currently updated packages. Now we display also the top 10 referenced packages from that language. Here is an example for the Ruby page.

Screen Shot 2014-01-06 at 18.49.42

The first columns shows the top 10 packages with the most references. Rspec is the most referenced package in Ruby! 19498 other GEMs are referencing it. It has more references then Ruby on Rails.

Feel free to checkout the other language pages as well:

https://www.versioneye.com/php
https://www.versioneye.com/Clojure
https://www.versioneye.com/Node.JS
https://www.versioneye.com/Objective-C

Let us know what you think!

VersionEye started its first Meetup group “Geek2Geek”

ImageGeek2Geek is a monthly Berlin Tech Talk. Our goal is to bring software developers with a diverse background together. We noticed that the coding community is often isolated, meaning that PHP devs. are only going to PHP UG’s and Java devs. solely to Java UG’s

However, we believe that we could achieve great things if we connect. If you’re a open source developer, start-up, techie, or geek using Java, Ruby, Python, Node.JS, PHP, JavaScript, R or Clojure, this group is for you!

Our first meetup is on July 23, 2013 and we’re pleased to announce that the speakers for our first Geek2Geek meetup are Christoph Beckmann from KaufDA and Tobias Balling from BLINKIST. This time we will focus on “IT infrastructure for DevOps”.

Christoph Beckmann
Christoph is team lead at KaufDA. He’s developing preferably with the Grails framework and is a DevOp expert. Over the past 2 1/2 years he has helped build the international KaufDA IT team. Previously, he gained experience at a consulting firm in Cologne and founded Germany’s first toilet search engine. Christoph will show how KaufDA manages its infrastructure with puppet in 5 countries.

Tobias Balling
Tobias is CTO at BLINKIST. He’s is currently thinking about the perfect presentation topic. So, more details are coming soon!

Thanks to VersionEye, snacks and beer are available for free, while supplies last. We’re looking forward to meeting you!

How to better support PIP requirements.txt

We recently pushed a new version of VersionEye online. The new version comes with an improved parser for requirements.txt files.

ImageThe new features include:

  • Comments in requirements.txt files can be handled.
  • Lines starting with http:// or https:// will be ignored.
  • Handling of entries without explicit version string.
  • pip.log file support.

Here is a simple example of an entry:

Image

But other comparators work, too now. Like this one here:

Image

Or in case you have only the package name, like this:

Image

The new version can handle the pip.log file. Simply upload it or put in the URL and all the dependencies in the pip.log file will be shown.

Check it out and we’d love to hear your feedback.

5 Ways To Learn Code From The Comfort Of Your Own Browser

5 Ways To Learn Code From The Comfort Of Your Own Browser

One of the big trends of the past couple years, spurred the growing demand for programmers, is the rise of in-browser programming tutorials. Gone are the days when you’d have to buy a book and configure a development environment before you could get your hands dirty with a little code…

Read more

VersionEye: We’ll keep you up to date!

https://www.versioneye.com

Python: Big Data’s secret power tool!

Python: Big Data’s secret power tool!

When it comes to analyzing big data, software packages such as Hadoop or the R statistical language come readily to mind. But at least one company, AppNexus, also relies on the Python programming language to help conduct heavy-duty data analysis.

Read more

VersionEye: We’ll keep you up to date!

https://www.versioneye.com