Alternatives to Black Duck logo

Alternatives to Black Duck

SonarQube, Veracode, Checkmarx, Postman, and Postman are the most popular alternatives and competitors to Black Duck.
46
122
+ 1
0

What is Black Duck and what are its top alternatives?

Black Duck is a software composition analysis tool that helps organizations identify and manage open source components included in their software. It offers features such as scanning code repositories for open source components, identifying security vulnerabilities, and ensuring license compliance. However, Black Duck can be expensive for smaller organizations and may have a steep learning curve.

  1. WhiteSource: WhiteSource is a comprehensive open source security and compliance management platform. It offers automated vulnerability and license risk management, as well as continuous monitoring of open source components. Pros: Easy to use interface, integration with popular CI/CD tools. Cons: Pricing may not be suitable for all budgets.
  2. Snyk: Snyk is a developer-first security tool that helps in finding and fixing vulnerable dependencies in open source libraries. It offers continuous monitoring, automated fixes, and integration with popular development tools. Pros: Developer-friendly interface, robust vulnerability database. Cons: Limited support for custom policies.
  3. Sonatype Nexus Lifecycle: Sonatype Nexus Lifecycle is a policy-driven open source governance tool that helps in identifying and remediating security vulnerabilities and license compliance issues in open source components. Pros: Detailed component information, customizable policies. Cons: Complex setup and configuration process.
  4. FOSSA: FOSSA is a tool that provides automated license scanning, dependency analysis, and compliance reporting for open source software. It helps in tracking dependencies, ensuring license compliance, and managing security vulnerabilities. Pros: Easy integration with popular repositories, detailed compliance reports. Cons: Limited support for on-premise deployments.
  5. Black Duck Synopsys: Black Duck, now a part of Synopsys, offers a comprehensive software composition analysis tool with features like scanning code repositories for open source components, identifying security vulnerabilities, and ensuring license compliance. Pros: Established in the market, strong security database. Cons: High pricing, complex setup.
  6. Flexera: Flexera provides a software composition analysis tool that helps organizations manage open source components, identify vulnerabilities, and ensure licensing compliance. It offers automated scans, policy enforcement, and reporting capabilities. Pros: Integration with popular development tools, detailed vulnerability reports. Cons: Limited support for custom workflows.
  7. SourceClear: SourceClear is an open source security platform that helps in identifying security vulnerabilities in open source dependencies. It offers real-time security monitoring, vulnerability remediation, and integration with development tools. Pros: Real-time vulnerability alerts, customizable policies. Cons: Limited support for non-standard development environments.
  8. Contrast Security: Contrast Security offers a software composition analysis tool that helps in identifying and fixing security vulnerabilities in open source components. It provides continuous monitoring, automated fixes, and integration with popular development tools. Pros: Interactive application security testing, seamless integration. Cons: Limited support for complex projects.
  9. Code Dx: Code Dx is a vulnerability management tool that helps organizations consolidate and correlate application vulnerabilities identified by multiple tools, including software composition analysis tools. It offers reporting, prioritization, and remediation capabilities. Pros: Centralized vulnerability management, customizable reporting. Cons: May require expertise to interpret results.
  10. JFrog Xray: JFrog Xray is a universal software composition analysis tool that helps in identifying vulnerabilities, license violations, and security issues in open source components. It offers integration with popular repositories, automated scans, and detailed reports. Pros: Universal compatibility, scalable for large organizations. Cons: Complex setup process.

Top Alternatives to Black Duck

  • SonarQube
    SonarQube

    SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving. ...

  • Veracode
    Veracode

    It seamlessly integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain, and blocking threats while in production. ...

  • Checkmarx
    Checkmarx

    It is a provider of state-of-the-art application security solution: static code analysis software, seamlessly integrated into development process. ...

  • Postman
    Postman

    It is the only complete API development environment, used by nearly five million developers and more than 100,000 companies worldwide. ...

  • Postman
    Postman

    It is the only complete API development environment, used by nearly five million developers and more than 100,000 companies worldwide. ...

  • Stack Overflow
    Stack Overflow

    Stack Overflow is a question and answer site for professional and enthusiast programmers. It's built and run by you as part of the Stack Exchange network of Q&A sites. With your help, we're working together to build a library of detailed answers to every question about programming. ...

  • Google Maps
    Google Maps

    Create rich applications and stunning visualisations of your data, leveraging the comprehensiveness, accuracy, and usability of Google Maps and a modern web platform that scales as you grow. ...

  • Elasticsearch
    Elasticsearch

    Elasticsearch is a distributed, RESTful search and analytics engine capable of storing data and searching it in near real time. Elasticsearch, Kibana, Beats and Logstash are the Elastic Stack (sometimes called the ELK Stack). ...

Black Duck alternatives & related posts

SonarQube logo

SonarQube

1.7K
53
Continuous Code Quality
1.7K
53
PROS OF SONARQUBE
  • 26
    Tracks code complexity and smell trends
  • 16
    IDE Integration
  • 9
    Complete code Review
  • 2
    Difficult to deploy
CONS OF SONARQUBE
  • 7
    Sales process is long and unfriendly
  • 7
    Paid support is poor, techs arrogant and unhelpful
  • 1
    Does not integrate with Snyk

related SonarQube posts

Simon Reymann
Senior Fullstack Developer at QUANTUSflow Software GmbH · | 30 upvotes · 11.2M views

Our whole DevOps stack consists of the following tools:

  • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
  • Respectively Git as revision control system
  • SourceTree as Git GUI
  • Visual Studio Code as IDE
  • CircleCI for continuous integration (automatize development process)
  • Prettier / TSLint / ESLint as code linter
  • SonarQube as quality gate
  • Docker as container management (incl. Docker Compose for multi-container application management)
  • VirtualBox for operating system simulation tests
  • Kubernetes as cluster management for docker containers
  • Heroku for deploying in test environments
  • nginx as web server (preferably used as facade server in production environment)
  • SSLMate (using OpenSSL) for certificate management
  • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
  • PostgreSQL as preferred database system
  • Redis as preferred in-memory database/store (great for caching)

The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

  • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
  • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
  • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
  • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
  • Scalability: All-in-one framework for distributed systems.
  • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
See more
Ganesa Vijayakumar
Full Stack Coder | Technical Architect · | 19 upvotes · 5.5M views

I'm planning to create a web application and also a mobile application to provide a very good shopping experience to the end customers. Shortly, my application will be aggregate the product details from difference sources and giving a clear picture to the user that when and where to buy that product with best in Quality and cost.

I have planned to develop this in many milestones for adding N number of features and I have picked my first part to complete the core part (aggregate the product details from different sources).

As per my work experience and knowledge, I have chosen the followings stacks to this mission.

UI: I would like to develop this application using React, React Router and React Native since I'm a little bit familiar on this and also most importantly these will help on developing both web and mobile apps. In addition, I'm gonna use the stacks JavaScript, jQuery, jQuery UI, jQuery Mobile, Bootstrap wherever required.

Service: I have planned to use Java as the main business layer language as I have 7+ years of experience on this I believe I can do better work using Java than other languages. In addition, I'm thinking to use the stacks Node.js.

Database and ORM: I'm gonna pick MySQL as DB and Hibernate as ORM since I have a piece of good knowledge and also work experience on this combination.

Search Engine: I need to deal with a large amount of product data and it's in-detailed info to provide enough details to end user at the same time I need to focus on the performance area too. so I have decided to use Solr as a search engine for product search and suggestions. In addition, I'm thinking to replace Solr by Elasticsearch once explored/reviewed enough about Elasticsearch.

Host: As of now, my plan to complete the application with decent features first and deploy it in a free hosting environment like Docker and Heroku and then once it is stable then I have planned to use the AWS products Amazon S3, EC2, Amazon RDS and Amazon Route 53. I'm not sure about Microsoft Azure that what is the specialty in it than Heroku and Amazon EC2 Container Service. Anyhow, I will do explore these once again and pick the best suite one for my requirement once I reached this level.

Build and Repositories: I have decided to choose Apache Maven and Git as these are my favorites and also so popular on respectively build and repositories.

Additional Utilities :) - I would like to choose Codacy for code review as their Startup plan will be very helpful to this application. I'm already experienced with Google CheckStyle and SonarQube even I'm looking something on Codacy.

Happy Coding! Suggestions are welcome! :)

Thanks, Ganesa

See more
Veracode logo

Veracode

65
0
A simpler and more scalable way to increase the resiliency of your global application infrastructure
65
0
PROS OF VERACODE
    Be the first to leave a pro
    CONS OF VERACODE
      Be the first to leave a con

      related Veracode posts

      Shared insights
      on
      VeracodeVeracodeBlack DuckBlack Duck

      Hi Everyone, I am using Black Duck for my project...I need some advantages on Blackduck as compared to Veracode and other tools..... I don't have any idea about other tools, So I am not able to compare practically.. Please help me.

      See more
      Checkmarx logo

      Checkmarx

      83
      0
      Unify your application security into a single platform
      83
      0
      PROS OF CHECKMARX
        Be the first to leave a pro
        CONS OF CHECKMARX
          Be the first to leave a con

          related Checkmarx posts

          Postman logo

          Postman

          94.5K
          1.8K
          Only complete API development environment
          94.5K
          1.8K
          PROS OF POSTMAN
          • 490
            Easy to use
          • 369
            Great tool
          • 276
            Makes developing rest api's easy peasy
          • 156
            Easy setup, looks good
          • 144
            The best api workflow out there
          • 53
            It's the best
          • 53
            History feature
          • 44
            Adds real value to my workflow
          • 43
            Great interface that magically predicts your needs
          • 35
            The best in class app
          • 12
            Can save and share script
          • 10
            Fully featured without looking cluttered
          • 8
            Collections
          • 8
            Option to run scrips
          • 8
            Global/Environment Variables
          • 7
            Shareable Collections
          • 7
            Dead simple and useful. Excellent
          • 7
            Dark theme easy on the eyes
          • 6
            Awesome customer support
          • 6
            Great integration with newman
          • 5
            Documentation
          • 5
            Simple
          • 5
            The test script is useful
          • 4
            Saves responses
          • 4
            This has simplified my testing significantly
          • 4
            Makes testing API's as easy as 1,2,3
          • 4
            Easy as pie
          • 3
            API-network
          • 3
            I'd recommend it to everyone who works with apis
          • 3
            Mocking API calls with predefined response
          • 2
            Now supports GraphQL
          • 2
            Postman Runner CI Integration
          • 2
            Easy to setup, test and provides test storage
          • 2
            Continuous integration using newman
          • 2
            Pre-request Script and Test attributes are invaluable
          • 2
            Runner
          • 2
            Graph
          • 1
            <a href="http://fixbit.com/">useful tool</a>
          CONS OF POSTMAN
          • 10
            Stores credentials in HTTP
          • 9
            Bloated features and UI
          • 8
            Cumbersome to switch authentication tokens
          • 7
            Poor GraphQL support
          • 5
            Expensive
          • 3
            Not free after 5 users
          • 3
            Can't prompt for per-request variables
          • 1
            Import swagger
          • 1
            Support websocket
          • 1
            Import curl

          related Postman posts

          Noah Zoschke
          Engineering Manager at Segment · | 30 upvotes · 3M views

          We just launched the Segment Config API (try it out for yourself here) — a set of public REST APIs that enable you to manage your Segment configuration. A public API is only as good as its #documentation. For the API reference doc we are using Postman.

          Postman is an “API development environment”. You download the desktop app, and build API requests by URL and payload. Over time you can build up a set of requests and organize them into a “Postman Collection”. You can generalize a collection with “collection variables”. This allows you to parameterize things like username, password and workspace_name so a user can fill their own values in before making an API call. This makes it possible to use Postman for one-off API tasks instead of writing code.

          Then you can add Markdown content to the entire collection, a folder of related methods, and/or every API method to explain how the APIs work. You can publish a collection and easily share it with a URL.

          This turns Postman from a personal #API utility to full-blown public interactive API documentation. The result is a great looking web page with all the API calls, docs and sample requests and responses in one place. Check out the results here.

          Postman’s powers don’t end here. You can automate Postman with “test scripts” and have it periodically run a collection scripts as “monitors”. We now have #QA around all the APIs in public docs to make sure they are always correct

          Along the way we tried other techniques for documenting APIs like ReadMe.io or Swagger UI. These required a lot of effort to customize.

          Writing and maintaining a Postman collection takes some work, but the resulting documentation site, interactivity and API testing tools are well worth it.

          See more
          Simon Reymann
          Senior Fullstack Developer at QUANTUSflow Software GmbH · | 27 upvotes · 5.1M views

          Our whole Node.js backend stack consists of the following tools:

          • Lerna as a tool for multi package and multi repository management
          • npm as package manager
          • NestJS as Node.js framework
          • TypeScript as programming language
          • ExpressJS as web server
          • Swagger UI for visualizing and interacting with the API’s resources
          • Postman as a tool for API development
          • TypeORM as object relational mapping layer
          • JSON Web Token for access token management

          The main reason we have chosen Node.js over PHP is related to the following artifacts:

          • Made for the web and widely in use: Node.js is a software platform for developing server-side network services. Well-known projects that rely on Node.js include the blogging software Ghost, the project management tool Trello and the operating system WebOS. Node.js requires the JavaScript runtime environment V8, which was specially developed by Google for the popular Chrome browser. This guarantees a very resource-saving architecture, which qualifies Node.js especially for the operation of a web server. Ryan Dahl, the developer of Node.js, released the first stable version on May 27, 2009. He developed Node.js out of dissatisfaction with the possibilities that JavaScript offered at the time. The basic functionality of Node.js has been mapped with JavaScript since the first version, which can be expanded with a large number of different modules. The current package managers (npm or Yarn) for Node.js know more than 1,000,000 of these modules.
          • Fast server-side solutions: Node.js adopts the JavaScript "event-loop" to create non-blocking I/O applications that conveniently serve simultaneous events. With the standard available asynchronous processing within JavaScript/TypeScript, highly scalable, server-side solutions can be realized. The efficient use of the CPU and the RAM is maximized and more simultaneous requests can be processed than with conventional multi-thread servers.
          • A language along the entire stack: Widely used frameworks such as React or AngularJS or Vue.js, which we prefer, are written in JavaScript/TypeScript. If Node.js is now used on the server side, you can use all the advantages of a uniform script language throughout the entire application development. The same language in the back- and frontend simplifies the maintenance of the application and also the coordination within the development team.
          • Flexibility: Node.js sets very few strict dependencies, rules and guidelines and thus grants a high degree of flexibility in application development. There are no strict conventions so that the appropriate architecture, design structures, modules and features can be freely selected for the development.
          See more
          Postman logo

          Postman

          94.5K
          1.8K
          Only complete API development environment
          94.5K
          1.8K
          PROS OF POSTMAN
          • 490
            Easy to use
          • 369
            Great tool
          • 276
            Makes developing rest api's easy peasy
          • 156
            Easy setup, looks good
          • 144
            The best api workflow out there
          • 53
            It's the best
          • 53
            History feature
          • 44
            Adds real value to my workflow
          • 43
            Great interface that magically predicts your needs
          • 35
            The best in class app
          • 12
            Can save and share script
          • 10
            Fully featured without looking cluttered
          • 8
            Collections
          • 8
            Option to run scrips
          • 8
            Global/Environment Variables
          • 7
            Shareable Collections
          • 7
            Dead simple and useful. Excellent
          • 7
            Dark theme easy on the eyes
          • 6
            Awesome customer support
          • 6
            Great integration with newman
          • 5
            Documentation
          • 5
            Simple
          • 5
            The test script is useful
          • 4
            Saves responses
          • 4
            This has simplified my testing significantly
          • 4
            Makes testing API's as easy as 1,2,3
          • 4
            Easy as pie
          • 3
            API-network
          • 3
            I'd recommend it to everyone who works with apis
          • 3
            Mocking API calls with predefined response
          • 2
            Now supports GraphQL
          • 2
            Postman Runner CI Integration
          • 2
            Easy to setup, test and provides test storage
          • 2
            Continuous integration using newman
          • 2
            Pre-request Script and Test attributes are invaluable
          • 2
            Runner
          • 2
            Graph
          • 1
            <a href="http://fixbit.com/">useful tool</a>
          CONS OF POSTMAN
          • 10
            Stores credentials in HTTP
          • 9
            Bloated features and UI
          • 8
            Cumbersome to switch authentication tokens
          • 7
            Poor GraphQL support
          • 5
            Expensive
          • 3
            Not free after 5 users
          • 3
            Can't prompt for per-request variables
          • 1
            Import swagger
          • 1
            Support websocket
          • 1
            Import curl

          related Postman posts

          Noah Zoschke
          Engineering Manager at Segment · | 30 upvotes · 3M views

          We just launched the Segment Config API (try it out for yourself here) — a set of public REST APIs that enable you to manage your Segment configuration. A public API is only as good as its #documentation. For the API reference doc we are using Postman.

          Postman is an “API development environment”. You download the desktop app, and build API requests by URL and payload. Over time you can build up a set of requests and organize them into a “Postman Collection”. You can generalize a collection with “collection variables”. This allows you to parameterize things like username, password and workspace_name so a user can fill their own values in before making an API call. This makes it possible to use Postman for one-off API tasks instead of writing code.

          Then you can add Markdown content to the entire collection, a folder of related methods, and/or every API method to explain how the APIs work. You can publish a collection and easily share it with a URL.

          This turns Postman from a personal #API utility to full-blown public interactive API documentation. The result is a great looking web page with all the API calls, docs and sample requests and responses in one place. Check out the results here.

          Postman’s powers don’t end here. You can automate Postman with “test scripts” and have it periodically run a collection scripts as “monitors”. We now have #QA around all the APIs in public docs to make sure they are always correct

          Along the way we tried other techniques for documenting APIs like ReadMe.io or Swagger UI. These required a lot of effort to customize.

          Writing and maintaining a Postman collection takes some work, but the resulting documentation site, interactivity and API testing tools are well worth it.

          See more
          Simon Reymann
          Senior Fullstack Developer at QUANTUSflow Software GmbH · | 27 upvotes · 5.1M views

          Our whole Node.js backend stack consists of the following tools:

          • Lerna as a tool for multi package and multi repository management
          • npm as package manager
          • NestJS as Node.js framework
          • TypeScript as programming language
          • ExpressJS as web server
          • Swagger UI for visualizing and interacting with the API’s resources
          • Postman as a tool for API development
          • TypeORM as object relational mapping layer
          • JSON Web Token for access token management

          The main reason we have chosen Node.js over PHP is related to the following artifacts:

          • Made for the web and widely in use: Node.js is a software platform for developing server-side network services. Well-known projects that rely on Node.js include the blogging software Ghost, the project management tool Trello and the operating system WebOS. Node.js requires the JavaScript runtime environment V8, which was specially developed by Google for the popular Chrome browser. This guarantees a very resource-saving architecture, which qualifies Node.js especially for the operation of a web server. Ryan Dahl, the developer of Node.js, released the first stable version on May 27, 2009. He developed Node.js out of dissatisfaction with the possibilities that JavaScript offered at the time. The basic functionality of Node.js has been mapped with JavaScript since the first version, which can be expanded with a large number of different modules. The current package managers (npm or Yarn) for Node.js know more than 1,000,000 of these modules.
          • Fast server-side solutions: Node.js adopts the JavaScript "event-loop" to create non-blocking I/O applications that conveniently serve simultaneous events. With the standard available asynchronous processing within JavaScript/TypeScript, highly scalable, server-side solutions can be realized. The efficient use of the CPU and the RAM is maximized and more simultaneous requests can be processed than with conventional multi-thread servers.
          • A language along the entire stack: Widely used frameworks such as React or AngularJS or Vue.js, which we prefer, are written in JavaScript/TypeScript. If Node.js is now used on the server side, you can use all the advantages of a uniform script language throughout the entire application development. The same language in the back- and frontend simplifies the maintenance of the application and also the coordination within the development team.
          • Flexibility: Node.js sets very few strict dependencies, rules and guidelines and thus grants a high degree of flexibility in application development. There are no strict conventions so that the appropriate architecture, design structures, modules and features can be freely selected for the development.
          See more
          Stack Overflow logo

          Stack Overflow

          69K
          893
          Question and answer site for professional and enthusiast programmers
          69K
          893
          PROS OF STACK OVERFLOW
          • 257
            Scary smart community
          • 206
            Knows all
          • 142
            Voting system
          • 134
            Good questions
          • 83
            Good SEO
          • 22
            Addictive
          • 14
            Tight focus
          • 10
            Share and gain knowledge
          • 7
            Useful
          • 3
            Fast loading
          • 2
            Gamification
          • 1
            Knows everyone
          • 1
            Experts share experience and answer questions
          • 1
            Stack overflow to developers As google to net surfers
          • 1
            Questions answered quickly
          • 1
            No annoying ads
          • 1
            No spam
          • 1
            Fast community response
          • 1
            Good moderators
          • 1
            Quick answers from users
          • 1
            Good answers
          • 1
            User reputation ranking
          • 1
            Efficient answers
          • 1
            Leading developer community
          CONS OF STACK OVERFLOW
          • 3
            Not welcoming to newbies
          • 3
            Unfair downvoting
          • 3
            Unfriendly moderators
          • 3
            No opinion based questions
          • 3
            Mean users
          • 2
            Limited to types of questions it can accept

          related Stack Overflow posts

          Tom Klein

          Google Analytics is a great tool to analyze your traffic. To debug our software and ask questions, we love to use Postman and Stack Overflow. Google Drive helps our team to share documents. We're able to build our great products through the APIs by Google Maps, CloudFlare, Stripe, PayPal, Twilio, Let's Encrypt, and TensorFlow.

          See more
          Google Maps logo

          Google Maps

          41.5K
          567
          Build highly customisable maps with your own content and imagery
          41.5K
          567
          PROS OF GOOGLE MAPS
          • 253
            Free
          • 136
            Address input through maps api
          • 82
            Sharable Directions
          • 47
            Google Earth
          • 46
            Unique
          • 3
            Custom maps designing
          CONS OF GOOGLE MAPS
          • 4
            Google Attributions and logo
          • 1
            Only map allowed alongside google place autocomplete

          related Google Maps posts

          Tom Klein

          Google Analytics is a great tool to analyze your traffic. To debug our software and ask questions, we love to use Postman and Stack Overflow. Google Drive helps our team to share documents. We're able to build our great products through the APIs by Google Maps, CloudFlare, Stripe, PayPal, Twilio, Let's Encrypt, and TensorFlow.

          See more

          A huge component of our product relies on gathering public data about locations of interest. Google Places API gives us that ability in the most efficient way. Since we are primarily going to be using as google data as a source of information for our MVP, we might as well start integrating the Google Places API in our system. We have worked with Google Maps in the past and we might take some inspiration from our previous projects onto this one.

          See more
          Elasticsearch logo

          Elasticsearch

          34.5K
          1.6K
          Open Source, Distributed, RESTful Search Engine
          34.5K
          1.6K
          PROS OF ELASTICSEARCH
          • 328
            Powerful api
          • 315
            Great search engine
          • 231
            Open source
          • 214
            Restful
          • 200
            Near real-time search
          • 98
            Free
          • 85
            Search everything
          • 54
            Easy to get started
          • 45
            Analytics
          • 26
            Distributed
          • 6
            Fast search
          • 5
            More than a search engine
          • 4
            Great docs
          • 4
            Awesome, great tool
          • 3
            Highly Available
          • 3
            Easy to scale
          • 2
            Potato
          • 2
            Document Store
          • 2
            Great customer support
          • 2
            Intuitive API
          • 2
            Nosql DB
          • 2
            Great piece of software
          • 2
            Reliable
          • 2
            Fast
          • 2
            Easy setup
          • 1
            Open
          • 1
            Easy to get hot data
          • 1
            Github
          • 1
            Elaticsearch
          • 1
            Actively developing
          • 1
            Responsive maintainers on GitHub
          • 1
            Ecosystem
          • 1
            Not stable
          • 1
            Scalability
          • 0
            Community
          CONS OF ELASTICSEARCH
          • 7
            Resource hungry
          • 6
            Diffecult to get started
          • 5
            Expensive
          • 4
            Hard to keep stable at large scale

          related Elasticsearch posts

          Tim Abbott

          We've been using PostgreSQL since the very early days of Zulip, but we actually didn't use it from the beginning. Zulip started out as a MySQL project back in 2012, because we'd heard it was a good choice for a startup with a wide community. However, we found that even though we were using the Django ORM for most of our database access, we spent a lot of time fighting with MySQL. Issues ranged from bad collation defaults, to bad query plans which required a lot of manual query tweaks.

          We ended up getting so frustrated that we tried out PostgresQL, and the results were fantastic. We didn't have to do any real customization (just some tuning settings for how big a server we had), and all of our most important queries were faster out of the box. As a result, we were able to delete a bunch of custom queries escaping the ORM that we'd written to make the MySQL query planner happy (because postgres just did the right thing automatically).

          And then after that, we've just gotten a ton of value out of postgres. We use its excellent built-in full-text search, which has helped us avoid needing to bring in a tool like Elasticsearch, and we've really enjoyed features like its partial indexes, which saved us a lot of work adding unnecessary extra tables to get good performance for things like our "unread messages" and "starred messages" indexes.

          I can't recommend it highly enough.

          See more
          Tymoteusz Paul
          Devops guy at X20X Development LTD · | 23 upvotes · 9.8M views

          Often enough I have to explain my way of going about setting up a CI/CD pipeline with multiple deployment platforms. Since I am a bit tired of yapping the same every single time, I've decided to write it up and share with the world this way, and send people to read it instead ;). I will explain it on "live-example" of how the Rome got built, basing that current methodology exists only of readme.md and wishes of good luck (as it usually is ;)).

          It always starts with an app, whatever it may be and reading the readmes available while Vagrant and VirtualBox is installing and updating. Following that is the first hurdle to go over - convert all the instruction/scripts into Ansible playbook(s), and only stopping when doing a clear vagrant up or vagrant reload we will have a fully working environment. As our Vagrant environment is now functional, it's time to break it! This is the moment to look for how things can be done better (too rigid/too lose versioning? Sloppy environment setup?) and replace them with the right way to do stuff, one that won't bite us in the backside. This is the point, and the best opportunity, to upcycle the existing way of doing dev environment to produce a proper, production-grade product.

          I should probably digress here for a moment and explain why. I firmly believe that the way you deploy production is the same way you should deploy develop, shy of few debugging-friendly setting. This way you avoid the discrepancy between how production work vs how development works, which almost always causes major pains in the back of the neck, and with use of proper tools should mean no more work for the developers. That's why we start with Vagrant as developer boxes should be as easy as vagrant up, but the meat of our product lies in Ansible which will do meat of the work and can be applied to almost anything: AWS, bare metal, docker, LXC, in open net, behind vpn - you name it.

          We must also give proper consideration to monitoring and logging hoovering at this point. My generic answer here is to grab Elasticsearch, Kibana, and Logstash. While for different use cases there may be better solutions, this one is well battle-tested, performs reasonably and is very easy to scale both vertically (within some limits) and horizontally. Logstash rules are easy to write and are well supported in maintenance through Ansible, which as I've mentioned earlier, are at the very core of things, and creating triggers/reports and alerts based on Elastic and Kibana is generally a breeze, including some quite complex aggregations.

          If we are happy with the state of the Ansible it's time to move on and put all those roles and playbooks to work. Namely, we need something to manage our CI/CD pipelines. For me, the choice is obvious: TeamCity. It's modern, robust and unlike most of the light-weight alternatives, it's transparent. What I mean by that is that it doesn't tell you how to do things, doesn't limit your ways to deploy, or test, or package for that matter. Instead, it provides a developer-friendly and rich playground for your pipelines. You can do most the same with Jenkins, but it has a quite dated look and feel to it, while also missing some key functionality that must be brought in via plugins (like quality REST API which comes built-in with TeamCity). It also comes with all the common-handy plugins like Slack or Apache Maven integration.

          The exact flow between CI and CD varies too greatly from one application to another to describe, so I will outline a few rules that guide me in it: 1. Make build steps as small as possible. This way when something breaks, we know exactly where, without needing to dig and root around. 2. All security credentials besides development environment must be sources from individual Vault instances. Keys to those containers should exist only on the CI/CD box and accessible by a few people (the less the better). This is pretty self-explanatory, as anything besides dev may contain sensitive data and, at times, be public-facing. Because of that appropriate security must be present. TeamCity shines in this department with excellent secrets-management. 3. Every part of the build chain shall consume and produce artifacts. If it creates nothing, it likely shouldn't be its own build. This way if any issue shows up with any environment or version, all developer has to do it is grab appropriate artifacts to reproduce the issue locally. 4. Deployment builds should be directly tied to specific Git branches/tags. This enables much easier tracking of what caused an issue, including automated identifying and tagging the author (nothing like automated regression testing!).

          Speaking of deployments, I generally try to keep it simple but also with a close eye on the wallet. Because of that, I am more than happy with AWS or another cloud provider, but also constantly peeking at the loads and do we get the value of what we are paying for. Often enough the pattern of use is not constantly erratic, but rather has a firm baseline which could be migrated away from the cloud and into bare metal boxes. That is another part where this approach strongly triumphs over the common Docker and CircleCI setup, where you are very much tied in to use cloud providers and getting out is expensive. Here to embrace bare-metal hosting all you need is a help of some container-based self-hosting software, my personal preference is with Proxmox and LXC. Following that all you must write are ansible scripts to manage hardware of Proxmox, similar way as you do for Amazon EC2 (ansible supports both greatly) and you are good to go. One does not exclude another, quite the opposite, as they can live in great synergy and cut your costs dramatically (the heavier your base load, the bigger the savings) while providing production-grade resiliency.

          See more