Open Source Usage Gets Some Adult Enterprise Supervision

Michael Vizard

The good news is that because of the emergence of centralized hubs such as Github, it’s never been easier to discover and download open source software. The bad news is there is not much in the way of actually governing that process, which creates all kinds of potential compliance headaches for the IT organization.

To address this issue, Perforce Software has released Perforce Git Fusion, which helps simplify governance by providing an overlay that provides version control across open source applications residing in Git repositories.

According to Randy DeFauw, technical marketing manager for Perforce Software, rather than treat Git as a rival repository, Perforce has decided to extend its governance tools out to an open source repository that the open source community is using as the primary vehicle for distributing code. The challenge facing IT organizations is finding a way to make use of that rich repository of code in a way that not only allows them to comply with any number of regulations, but also make it simpler to track who used what version of what piece of code to build any given application. In essence, management of code repositories is now becoming more federated to accommodate the existence of repositories both inside and outside of the enterprise, says DeFauw.

Git Fusion provides a feature called Repository Remapping that can be used to create new Git repositories using a reconfigured set of data. That, says DeFauw, means Perforce can then maintain the overall project view of releases, components, and workflow and can manage an unlimited number of Git repositories. Developers can also dynamically switch between repositories, adds DeFauw.

Most applications being developed today are really amalgamations of code developed elsewhere. The challenge now is figuring out what modules went into what applications and, from a compliance perspective, what is the provenance associated with that code. None of this means that IT organizations shouldn’t rely on open source code more, it just means they need to know more about where that code actually has been.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.