Frequently Asked Questions

Why do I need that?

Why are you using a continuous integration system to run your tests? You could start your tests from the command line! Right? The reason why you are using a CI system is automation! And for the same reason you should use a continuous updating tool like VersionEye. VersionEye will never forget to check your project. It will do the job everyday, notify you and it will never get sick or go on vacation. VersionEye is working 24/7 only for you! It keeps you informed and makes you a better developer!

How can I use VersionEye if my project is not on GitHub/Bitbucket

The GitHub/Bitbucket integration is by far the most used integration at VersionEye. But there are many other ways to use this service.

  • File Upload: You can simply upload a project file to see the out-dated dependencies and the licenses. However that is more a one-time-thing for testing. You don't really want to manually upload your project files every day because that's a lot of work.
  • URL: You can create a VersionEye project from a URL to a project file. VersionEye will fetch your project file every day from the URL and notify you about out-dated dependencies and license violations.
  • API: You can use the VersionEye API to create/update a project. There are already many open source tools build on top of the VersionEye API. For example the VersionEye Maven Plugin.
  • VersionEye Enterprise: Everything you see here you can have as an on-premise solution. You can host VersionEye Enterprise on your own hardware in your own datacenter. That way you are in full control of the privacy.

You can also use the URL feature. Just add the URL to your project file at VersionEye.com and we will fetch your file once a day and notify you about outdated dependencies.
Another way to use VersionEye is through our API. Simply send your project file programatically to our API and we'll send you a JSON object back with all the information you need to know about outdated dependencies. In that way you can integrate our service into your workflow.

Why does VersionEye need writing authorization to my private repositories?

Well, if you sign up with GitHub we only ask for permission to your public repositories. But if you want us to monitor private repositories for you, you have to grant VersionEye access afterwards.
Unfortunately, the GitHub API provides only 1 scope to access your private repositories and that includes writing authorization, even though VersionEye doesn't need it. However, we promise you that we don't have any git write operations in our code base. VersionEye will NEVER change your code! We only look in your project root for a project file we can parse. That's all.
We hope that GitHub will provide a read-only scope for private repositories in the near future.

I can not see my GitHub Organisations!

Through the GitHub API we can only access organisatins where your membership is public. If somebody invites you to an organisation your membership in that organisation is NOT public, by default. Thtat means it will not show up at VersionEye. You have to make your membership in the organisation public to see the repositories of that organisation in VersionEye.

Can I trust VersionEye and give them full permission to read my private repositories?

Yes! We are based in Germany and you probably already know that the Germans are going crazy for privacy! VersionEye is always respecting your privacy! We are not interested in your code! We don't change it and we don't read it. We are only looking in your project root for a project file we can parse. That's all.
Besides, we do this only for the repositories you have choosen. We will never scan ALL your repositories automatically, like some of our competitors. We only scan the repositories and branches you have selected.
If you're still suspicious, simply use the file upload, URL feature or the VersionEye API to submit your project files. With those 3 features we don't get any access to your source code. Beside that we have VersionEye Enterprise, which you can host on your own hardware.

How quick do notifications happen?

There are 2 kinds of notifications at VersionEye. The follow notifications and the project notifications.

The follow notifications you receive once a day. Assume you are following 100 software packages at VersionEye and 20 of them release a new version today. In that case we will not send you 20 emails ;-) You will receive just 1 single email which contains the notifications for today! If there are no follow notifications for you, we don't send out an email!

The project notifications are configurable. By default you get them once a day. Assume you have 100 GitHub projects which get monitored by VersionEye. In that case you will not receive 100 emails every day ;-) You will receive 1 single project email per day with a summary about all your projects.

We try to send out as less emails as possible and as much as necessary!

What happens with migrated / moved packages?

Sometimes a software library is changing his namespace. That is specially a common case in the Java community. For example pdfbox:pdfbox:0.7.3 moved to org.apache.pdfbox:pdfbox:1.8.9. Indeed it's the same project. Currently VersionEye is not handling this problem. Might be that in future we make a connection between those migrated libraries, but right now not.

Can I run the VersionEye software on my own hardware?

Sure, you can! VersionEye is open source and here is described how you can spin up your own VersionEye instance: https://github.com/versioneye/ops_contrib