Open Source Usage Gets Some Adult Enterprise Supervision

    The good news is that because of the emergence of centralized hubs such as Github, it’s never been easier to discover and download open source software. The bad news is there is not much in the way of actually governing that process, which creates all kinds of potential compliance headaches for the IT organization.

    To address this issue, Perforce Software has released Perforce Git Fusion, which helps simplify governance by providing an overlay that provides version control across open source applications residing in Git repositories.

    According to Randy DeFauw, technical marketing manager for Perforce Software, rather than treat Git as a rival repository, Perforce has decided to extend its governance tools out to an open source repository that the open source community is using as the primary vehicle for distributing code. The challenge facing IT organizations is finding a way to make use of that rich repository of code in a way that not only allows them to comply with any number of regulations, but also make it simpler to track who used what version of what piece of code to build any given application. In essence, management of code repositories is now becoming more federated to accommodate the existence of repositories both inside and outside of the enterprise, says DeFauw.

    Git Fusion provides a feature called Repository Remapping that can be used to create new Git repositories using a reconfigured set of data. That, says DeFauw, means Perforce can then maintain the overall project view of releases, components, and workflow and can manage an unlimited number of Git repositories. Developers can also dynamically switch between repositories, adds DeFauw.

    Most applications being developed today are really amalgamations of code developed elsewhere. The challenge now is figuring out what modules went into what applications and, from a compliance perspective, what is the provenance associated with that code. None of this means that IT organizations shouldn’t rely on open source code more, it just means they need to know more about where that code actually has been.

    Mike Vizard
    Mike Vizard
    Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.

    Latest Articles