Red Hat OpenShift.io services extension allows developers using more traditional development tools to benefit from the package, security and license analytics that OpenShift.io provides:
- Common Vulnerabilities and Exposures (CVE) analysis highlights code dependencies that have open CVEs against them.
- License analysis determines the license used by the project and its dependencies. If the project already has a license the analysis will show any conflicts between that license and dependency licenses that may be more restrictive. If the project does not have a license, OpenShift.io will suggest a license for the project that is sufficiently permissive to match the license restrictions of the dependencies.
- Suggested dependencies that can be added to your application stack, alternative dependencies to currently used dependencies if any of the currently used dependencies are not typically used together in an application stack
Today OpenShift.io services extension supports projects using Maven and projects build on npm (Node ecosystem). Going forward, additional builders for go and PyPI ecosystems will be supported.
- Maven must be installed on your machine. Provide the Maven executable filepath.
- Node and npm must be installed on your machine. Provide the npm executable filepath.
Note: By default, the mvn
command is executed directly in the terminal, which requires that mvn
is found in your system environment PATH
.
By default, the npm
command is executed directly in the terminal, which requires that npm
is found in your system environment PATH
.
If you do not want to add it into your system environment PATH
, you can specify the maven executable path in settings:
{
"maven.executable.path": "/path-to-maven-home/bin/mvn",
"npm.executable.path": "/path-to-npm-home/bin/npm"
}
- Install the extension.
Note: OpenShift.io services extension includes the OpenShift.io service authorization extension. Therefore, when OpenShift.io services extension is installed it automatically enables authorization of OpenShift.io services from VS Code.
- The analytics are activated when you first access a manifest file in your project (for example,
pom.xml
).
Analytics Insights are presented as part of a report covering CVEs, license issues, and insights provided on the dependencies used - flagging dependencies that are rarely used together and suggesting similar alternatives that are more commonly used:
Alerts for CVEs are also presented in the PROBLEMS tab when you open the pom.xml
manifest file.
You can use this extension to see the analysis report for your project as well as address problems shown in the manifest file editor.
To view the application's stack analysis report for a specific module:
- Open a manifest file (
pom.xml
,package.json
). - Use
Ctrl+Shift+P
on Linux orCmd+Shift+P
on Mac, and then click Generate application stack report on manifest file to see the application's stack analysis report for the manifest file.
To view the application's stack analysis report for the entire project (including multiple sub-modules):
- Use command
Ctrl+Shift+P
on Linux orCmd+Shift+P
on Mac, and then click Generate application stack report on Workspace to view the application's stack analysis report for the entire workspace/project.
This is an open source project, contributions and questions are welcome. If you have any feedback, suggestions, or ideas, reach us on:
- Chat: #openshiftio .
- Log issues: GitHub Repository.
It creates a folder target
in workspace which is used for processing of manifest files, needed for generating stack report. So kindly add target
in .gitignore
.
- Install the dependencies:
npm install
. - Start the compiler in watch mode:
npm run compile
. - Open this folder in VS Code and press
F5
.