Product update: what have we done recently and what are we planning?

Gemnasium has been helping a lot of people to keep their applications stay safe through dependency managements for 6 years now. In the last year, we worked hard but didn’t communicate remotely as well. We intend to change that with more frequent updates about what we do and what we plan.

Let’s go through what’s been happening in the last year or so, and then talk about what’s coming.

Gemnasium Enterprise and the Gemnasium re-write

As you might have seen, we released Gemnasium Enterprise a few weeks ago. It’s an on-premise version that supports GitHub Enterprise, GitLab, Bitbucket Server et al. We worked on that for a while…but it was not just for the enterprise version.

We re-wrote most of Gemnasium during that time, from scratch. We are putting the final touch on the migration to make this new version available to everyone on in a few weeks.

Both Gemnasium Enterprise and the SaaS version ( will share the same code and will have almost the same features. Not only that, but it’ll help us move faster once the new version is fully operational on the SaaS version.

What’s coming soon?

We have a lot of things planned, but let’s go through the most important things we’ll be working on before the end of June.

First of all, we will release support for Yarn in a week or so. Hold tight JavaScript developers; we’ll take all your yarn.lock files shortly!

Next, we will finish the migration to the new infrastructure and web UI. We will release a beta version of it soon, where you’ll be able to migrate your account.

Gemnasium Enterprise has most of the features of the SaaS version, except two: auto-update & reports. We will make these features available for our enterprise customers, too.

We will also deliver two features specific to Gemnasium Enterprise customers:

  • an administration interface to manage the users and global configuration; this can be done now but in the command line
  • support for private registries and dependencies

The most requested dependency management will finally get some love from us: we will add support for Maven! Java developers will finally be able to make sure they’re not using vulnerable or outdated dependencies.

We have more to come, but this is the part of the roadmap that we feel confident committing to for the next quarter :)

Any questions or features requests? Just reach out.

Speak soon!