Greenkeeper has said goodbye š on June 3rd, 2020! Read more belowā¦
Greenkeeper
Automated dependency management
Greenkeeper has said goodbye š !
Weāre passing the torch on to Snyk, and weād like you to join in š
An Important Message from the Makers of Greenkeeper
Weāll stop Greenkeeperās operation as an independent service on June 3rd, 2020. For your dependency update needs, we have a brilliant alternative for you: Snyk. The team behind Greenkeeper have spent the past months working with them on next-generation dependency updates as a part of their open-source security product. We invite all of our users to migrate over: Snyk not only has a generous free plan for Open Source repos and small organisations, but also offers dev-friendly security features that Greenkeeper didnāt have. Theyāre good people, and your repos will be in competent and caring hands.
What happens to my Greenkeeper account?
Before we explain all the how, why and what next: you can easily migrate your Greenkeeper account over to Snyk, from today until the 3rd of June 2020, when Greenkeeper will shut down. Moving to Snyk is opt-in: no-one will be migrated against their will. Weāll answer all your questions concerning your data, feature parity, existing billing periods, plan and pricing differences etc. further below.
All of us have had services we use and love go away at some point, and weāre well aware of the disruption this can cause. We know we wonāt be able to make everyone happy, but weāve worked hard on the migration, and weāre doing our best to make the process as open, transparent, painless and simple as possible š
So what happened and how did we get here?
When we started out in 2015, Greenkeeper was one of the first dependency update services. In the following years, several competitors appeared, and last year, dependency updates finally arrived in the mainstream: on platform level, and as part of larger services. We realised that we also needed a larger partner to keep up with this development.
Since it isnāt feasible to just take Greenkeeper and plug it into Snyk, weāve teamed up with them to build a new generation of dependency update service that is an integral, seamless part of Snyk. This also means that weāll be focusing on this in the future, building the dependency update service weāve always wanted to, and saying goodbye to Greenkeeper as you know it.
Who are Snyk?
Snyk helps over 400,000 developers worldwide find and fix vulnerabilities and license issues in their open source dependencies and containers. They truly care about automation, the developer workflow, and doing genuine good in the Open Source community while making it safer and more secure. We honestly couldnāt be more happy about this partnership: not only do we agree on how dependency updates should work, our two companies are also well aligned in terms of values š¤
Whatās the roadmap now?
We (Neighbourhoodie) are integrating our future dependency update functionality into Snykās service rather than building it as a standalone offering. Greenkeeperās existing service will be shut down by June 3rd, 2020.
We're inviting Greenkeeperās users to migrate to Snyk before that date.
New signups to Greenkeeper are no longer possible, starting now.
Subscriptions will not be renewed if they canāt run their full course (eg. your monthly subscription will not renew if there is less than a month left before the shutdown date). Billing will simply stop and the remaining time will be free of charge.
On June 3rd, 2020, the Greenkeeper app will cease operation (monitoring releases, opening PRs and issues).
Why Snyk and Greenkeeper?
We chose Snyk, who had already set out to build the next generation of automated dependency upgrade tool, because they share our values and love for the community.
Snyk offers very similar free dependency upgrade features, as well as their well established security-focused functionality.
Their service is completely free and unlimited for Open Source (no limits!), and only charges for private repositories beyond a 200-free-tests per-month limit, as well as for certain advanced functionality.
Snyk is inviting all users to migrate over to their service, and providing support to that effect. Theyāre also contacting paying Greenkeeper users to directly to assist in the migration.
Snyk have built a special migration workflow to make migrating to their service as effortless as possible.
How do Greenkeeper and Snyk compare in terms of functionality?
Snyk aren't consuming or even integrating the existing Greenkeeper service, as they already have automated dependency upgrade functionality.
However, developers from both companies have collaborated to close the functional gaps between Snykās dependency upgrade functionality and the more comprehensive Greenkeeper feature set.
Snykās service works a little differently to Greenkeeper:
It does not require or directly engage with a CI tool.
GitHub repositories (just the depency tree in reality) are "imported" into Snyk and are tested regularly for both vulnerabilities and new dependency versions.
PRs are then raised to remediate any vulnerabilities, as well as to bump any out-of-date dependencies.
Snyk will never knowingly introduce a new vulnerability, and limits the number of simultaneously open pull requests to avoid being too noisy (itās a configurable limit!)
These āļø address the top feature requests from existing Greenkeeper users.
How do I migrate to Snyk?
Update: the migration period is now over and you can now longer automatically migrate your repos to Snyk, but you can still sign up withm them separately
During our partnership, a combined team of Neighbourhoodie and Snyk developers has worked to make migration to Snyk super easy
Opting into the migration will take you to a special Snyk sign-up page.
You can select any of Snykās authentication mechanisms.
After signup, Snyk will walk you through the setup of the GitHub integration and the importing of your projects.
From there, daily testing is automated, and PRs will be raised to update out-of-date dependencies (as well as fix any vulnerabilities found).
Once you're set up with Snyk, Greenkeeper will perform a clean up job on your repos: it will remove all open Greenkeeper issues and PRs, as well as open a final PR to remove its badge from repo readmes, any existing greenkeeper.json config files, as well as any Greenkeeper config inside package.json files. Finally, your Greenkeeper integrations will be disabled.
What happens if I donāt migrate to Snyk?
Nothing particularly exciting. After the shutdown date, you'll no longer receive any issues or PRs from Greenkeeper. Of course, we'll also stop billing you before that date.
Your Greenkeeper branches, issues and PRs will be left as they are, since we can't know if you still want to merge them after the shutdown date.
Any GitHub and npm tokens we have will be deleted on the shutdown date.
Thatās all.
Weād like to thank all past and present customers and Open Source users for their trust in pioneering automated dependency updating, and one of the first automated development tools overall. We have changed the industry in a big way and we couldnāt be more happy to make our impact permanent by joining forces with Snyk.
From all of us here at Greenkeeper, farewell! š¤š“š