fossa-cli VS Sentry

> where we provide lockfiles that are individually valid

Providing lockfiles is a really interesting idea! That certainly solves the "we need your non-deterministic build tool to reproduce an exact build that we found" problem.

We haven't explored this route yet because a lot of our customers use tools that don't support lockfiles (e.g. Maven - Java in general has a lot of legacy stuff).

If you want to build off of our work, our dependency analysis bit is open source: https://github.com/fossas/fossa-cli

FOSSA | Software Engineers (Mid, Sr., Staff), PMs (Mid, Sr.) | USA, Canada, Remote (able to work ~US time zone hours)| Full-Time

FOSSA builds developer tools to help engineering teams manage their open source. We help enterprise customers discover legal (licensing and copyright) and security (vulnerabilities) risks in their dependencies, provide tooling for them to catch these issues in CI, and automate the tedium around policy enforcement and report generation. As companies adopt more open source, their engineering teams get bogged down by more distractions around compliance and security. We help automate away those distractions.

We build an open-source CLI tool (https://github.com/fossas/fossa-cli) that integrates with compilers and build systems to extract dependency and build information; a backend distributed system for analyzing dependency metadata; and a web application with a policy, reporting, and enforcement engine.

Tech we use includes:

The project I'm trying to build is open source (https://github.com/fossas/fossa-cli). When I got this new system set up, I ran the instructions on our HACKING.md page and immediately tried to build. This failed because I didn't have `llvm` installed, so I `brew install llvm`'d, symlinked into `$PATH`, and tried again. This failed due to: ``` install_name_tool: error: unsupported load command (cmd=0x80000034) `install_name_tool' failed in phase `Install Name Tool'. (Exit code: 1)

First, sign up for a free account at https://sentry.io. Create a new project and make note of your DSN (Data Source Name).

Using APM tools like NewRelic, Sentry, Datadog, etc to monitor the performance of your application and while you're on it, they can help you identify N+1 queries.

However, ensuring the reliability and performance of your Next.js app is equally crucial. That’s where Sentry comes into play. Combined with Sentry, an industry-leading error monitoring platform, Next.js empowers developers to proactively identify and resolve issues that may arise in their applications. In this article, we’ll explore how to integrate Sentry into your Next.js project for effective error monitoring and performance optimization.

Sentry: Error monitoring for applications, including APIs. Also offers application performance monitoring (APM).

Indeed, webapps are not immune to distribution problems. Wayward and invasive browser extensions are a clear threat, as are 3rd-party dependencies (and their dependencies) loaded at runtime. Which is why companies like https://sentry.io exist. I think the difference is that webapps are "distributable by default" and it takes real work to break this. Versus having local desktop apps which require work to distribute. A potent example of the power of defaults.

Sentry produces nothing of value? You don't value an open source error tracking and performance monitoring platform? https://github.com/getsentry/sentry

> You invent something, and then immediately turn it into a cheap commodity by releasing it for free.

Exactly. A 71-line python script https://github.com/getsentry/sentry/commit/3c2e87573d3bd16f6... was groundbreaking when it came out and the fact that it springboarded into a startup is commendable.

sentry.io: 5

Sentry - Open Source Alternative For Error Tracking

11. Sentry