Corporate Code Searching with Krugle
One thing's for sure: the announcement of the FOSSology and FOSSbazaar projects has certainly done a lot to stir up the niche market of open source search/governance firms that are out there. In the last couple of weeks, I have gotten a real education in who's doing what in this surprisingly competitive field.
Let's recap: in the beginning, there was Black Duck, a company dedicated to providing information and services to assist company with license (open or otherwise) management. And it was good. About a year later, Palamida came along and touted the same services. And there was competition.
But it's hasn't stayed with just two companies. This arena has grown, and HP and partners' FOSSology entry has only served to highlight who's who and who's doing what.
As I learned last week during my conversation with Palamida, the focus of a lot of these companies has shifted away from license management into more code search and census services. If you know what you have, the reasoning goes, you will know where your potential security vulnerabilities are.
Turns out that there's even more uses for a code search in your organization, which I learned after talking to Matt Graney, Sr. Director of Product Management at Krugle. Krugle's angle of approach centers on locating code for better integration and development reuse in a client company.
Graney started the conversation with a rather odd point, one which I was going to call him on until he explained it more fully. He indicated that "open source software us a lot like home-grown code... in terms of integration" (emphasis mine). Say huh?
Here's what he's talking about: when a development team is putting something together, ideally they will have access to code that they or their colleagues have written before. This hold true whether the code is proprietary, open, or free. In this sense, there is a lot of similarity across all forms of software development, regardless of license.
Krugle, Inc., began with a community-based source-code search engine (still available as Krugle Public out on Krugle.org), that has a more ubiquitous presence than one might initially suspect: the search engine is the bases for the code searches used by IBM developerWorks, SourceForge, and Yahoo! DeveloperNet.
The commercial version, Krugle Enterprise, sits inside a client's firewall and not only searches for open source code in public repositories like Krugle Public, but also searches internal repositories for code. So, if your a developer and you're looking for a library that does Task X, you can run the search and see what someone in your company may have come up with already. Or expand the search to see what's out in the land o' open source.
What impressed me about this product was that fact it can plug into a lot of different version control systems--Subversion, Team Foundation, or CVS just to name a few--and bring you the most recent version of the code, as well as using the version control information to view the contextual history for the code in question.
Of course, eyebrows might get raised for all this fraternization with Microsoft-based tools. Graney anticipated that sort of comment (possibly because they've gotten flak for it before) with this defense: "We're keeping our eye on the use of open source, but we're not making judgment calls on what license is used."
Krugle Enterprise is installed as a server appliance, usually at the corporate data center, and uses a subscription-based model to generate revenue. Pricing for this product seemed a bit like voodoo: Graney describes something about being based on volume of code, number of users, and rate of code change.
The timing on this conversation was prompted quite a bit by the entrance of FOSSology into this market. Of course, the fact that Krugle Enterprise 2.0 was announced just today had a part to play in the timing, I'm sure. Well, can't blame 'em for that.
Coming away from this discussion, it's clear that while Krugle is really a product for medium to large corporations, there really isn't as much overlap between all of these code search companies as I initially thought. Each one seems to be doing a good job in finding its own specialty niche.
I do have to wonder: how long will it be before we start to see some consolidation in this market? I don't speak specifically of any one company, but there is still some overlap between these companies and projects, and it seems logical that eventually merging a few of the smaller firms might provide customers some broader product choices.