Sonatype, the leader in Component Lifecycle Management (CLM), today announced the launch of Insight Application Health Check, the first easy way to analyze the components that make up an application and the latest service in the Sonatype Insight product suite for ensuring the integrity of open-source components at every phase of the software lifecycle.  Insight Application Health Check is a powerful application analysis tool that enables users to pull back the curtain on the true contents of their applications.  In minutes, users can scan and analyze an application, create a list of components, and understand potential risks and opportunities associated with each component.

More than 80 percent of a typical Java application is assembled from existing open-source components and frameworks.  But most organizations have only a limited understanding of the true composition of their most critical applications – which can leave them exposed to potential security, quality, and intellectual property risks.  More alarming is that few development organizations maintain an inventory of open-source components used in production applications – only 32 percent according to a recent study. For the first time, Sonatype is putting tooling in the hands of anyone, anywhere in the software development lifecycle – from an individual developer all the way to a compliance officer.  This is incredibly disruptive in situations where development and compliance functions are disconnected – which is nearly every large organization.  Now organizations have fast and accurate information upfront, to avoid costly and time-consuming rework later.

Insight Application Health Check is ideal for rapid and precise analysis of applications in development, prior to deployment, as well as for spot-checking applications received from external suppliers.  The on-demand service analyzes the composition of software applications, providing comprehensive visibility into previously unknown risks caused by incorporating problematic open-source components.  Users can generate a free summary report that provides a breakdown of every component in the application and alerts them to potential security and licensing problems.  To drill down and explore specific vulnerabilities, users can purchase a one-time Insight Application Health Check report for an introductory price of only $99.

“As the leaders in CLM, Sonatype is dedicated to providing development organizations practical intelligence for component-based software development,” said Wayne Jackson, CEO of Sonatype. “We’ve designed Insight Application Health Check to help organizations discover very quickly and cost effectively whether they have problems in their applications.  Up until now, organizations either had to deal with technical and business risks or invest in expensive and cumbersome scanning technologies and consulting engagements.  Now they have an affordable alternative that yields results in minutes versus days and weeks.”

In an analysis conducted with beta customers around the world, Sonatype found the average application contained:
• More than 800 components, 80 percent of which were open source
• 32 publicly known security vulnerabilities, 85 percent of which are classified as either critical or severe by the Common Vulnerability Scoring System (CVSS) of the US Department of Homeland Security
• 16 components that contain potential licensing issues which could compromise users’ intellectual property.

“Before making a recent acquisition and integrating the company’s technology into our own software portfolio, we used Insight Application Health Check to ensure no licensing issues were present in the code that could impact product integration plans or expose us to future risks,” shared John Goodson, senior vice president of products at Progress Software. “Insight Application Health Check served an important role in the due diligence process.”

All Sonatype CLM products leverage the Central Repository – the software industry’s leading repository for open-source software (OSS) components used by more than 60,000 organizations and containing more than 400,000 Java components from all major open-source projects.  As the principal caretaker of the Central Repository, Sonatype is uniquely positioned to offer organizations more than manual checks and first-generation scans to discover the true composition of critical applications.  Sonatype Insight goes deeper to find flawed components, even when they’re hidden deep in an application’s dependency tree.

To view a sample application composition report generated by Insight Application Health Check go to: