Greenkeeper has said goodbye 👋 on June 3rd, 2020! Read more below…
Automated dependency management
Greenkeeper has said goodbye 👋 !
We’re passing the torch on to Snyk, and we’d like you to join in 💖
An Important Message from the Makers of Greenkeeper
We’ll stop Greenkeeper’s operation as an independent service on June 3rd, 2020. For your dependency update needs, we have a brilliant alternative for you: Snyk. The team behind Greenkeeper have spent the past months working with them on next-generation dependency updates as a part of their open-source security product. We invite all of our users to migrate over: Snyk not only has a generous free plan for Open Source repos and small organisations, but also offers dev-friendly security features that Greenkeeper didn’t have. They’re good people, and your repos will be in competent and caring hands.
What happens to my Greenkeeper account?
Before we explain all the how, why and what next: you can easily migrate your Greenkeeper account over to Snyk, from today until the 3rd of June 2020, when Greenkeeper will shut down. Moving to Snyk is opt-in: no-one will be migrated against their will. We’ll answer all your questions concerning your data, feature parity, existing billing periods, plan and pricing differences etc. further below.
All of us have had services we use and love go away at some point, and we’re well aware of the disruption this can cause. We know we won’t be able to make everyone happy, but we’ve worked hard on the migration, and we’re doing our best to make the process as open, transparent, painless and simple as possible 🌅
So what happened and how did we get here?
When we started out in 2015, Greenkeeper was one of the first dependency update services. In the following years, several competitors appeared, and last year, dependency updates finally arrived in the mainstream: on platform level, and as part of larger services. We realised that we also needed a larger partner to keep up with this development.
Since it isn’t feasible to just take Greenkeeper and plug it into Snyk, we’ve teamed up with them to build a new generation of dependency update service that is an integral, seamless part of Snyk. This also means that we’ll be focusing on this in the future, building the dependency update service we’ve always wanted to, and saying goodbye to Greenkeeper as you know it.
Who are Snyk?
Snyk helps over 400,000 developers worldwide find and fix vulnerabilities and license issues in their open source dependencies and containers. They truly care about automation, the developer workflow, and doing genuine good in the Open Source community while making it safer and more secure. We honestly couldn’t be more happy about this partnership: not only do we agree on how dependency updates should work, our two companies are also well aligned in terms of values 🤝
What’s the roadmap now?
We (Neighbourhoodie) are integrating our future dependency update functionality into Snyk’s service rather than building it as a standalone offering. Greenkeeper’s existing service will be shut down by June 3rd, 2020.
We're inviting Greenkeeper’s users to migrate to Snyk before that date.
New signups to Greenkeeper are no longer possible, starting now.
Subscriptions will not be renewed if they can’t run their full course (eg. your monthly subscription will not renew if there is less than a month left before the shutdown date). Billing will simply stop and the remaining time will be free of charge.
On June 3rd, 2020, the Greenkeeper app will cease operation (monitoring releases, opening PRs and issues).
Why Snyk and Greenkeeper?
We chose Snyk, who had already set out to build the next generation of automated dependency upgrade tool, because they share our values and love for the community.
Snyk offers very similar free dependency upgrade features, as well as their well established security-focused functionality.
Their service is completely free and unlimited for Open Source (no limits!), and only charges for private repositories beyond a 200-free-tests per-month limit, as well as for certain advanced functionality.
Snyk is inviting all users to migrate over to their service, and providing support to that effect. They’re also contacting paying Greenkeeper users to directly to assist in the migration.
Snyk have built a special migration workflow to make migrating to their service as effortless as possible.
How do Greenkeeper and Snyk compare in terms of functionality?
Snyk aren't consuming or even integrating the existing Greenkeeper service, as they already have automated dependency upgrade functionality.
However, developers from both companies have collaborated to close the functional gaps between Snyk’s dependency upgrade functionality and the more comprehensive Greenkeeper feature set.
Snyk’s service works a little differently to Greenkeeper:
It does not require or directly engage with a CI tool.
GitHub repositories (just the depency tree in reality) are "imported" into Snyk and are tested regularly for both vulnerabilities and new dependency versions.
PRs are then raised to remediate any vulnerabilities, as well as to bump any out-of-date dependencies.
Snyk will never knowingly introduce a new vulnerability, and limits the number of simultaneously open pull requests to avoid being too noisy (it’s a configurable limit!)
These ☝️ address the top feature requests from existing Greenkeeper users.
How do I migrate to Snyk?
Update: the migration period is now over and you can now longer automatically migrate your repos to Snyk, but you can still sign up withm them separately
During our partnership, a combined team of Neighbourhoodie and Snyk developers has worked to make migration to Snyk super easy
Opting into the migration will take you to a special Snyk sign-up page.
You can select any of Snyk’s authentication mechanisms.
After signup, Snyk will walk you through the setup of the GitHub integration and the importing of your projects.
From there, daily testing is automated, and PRs will be raised to update out-of-date dependencies (as well as fix any vulnerabilities found).
Once you're set up with Snyk, Greenkeeper will perform a clean up job on your repos: it will remove all open Greenkeeper issues and PRs, as well as open a final PR to remove its badge from repo readmes, any existing greenkeeper.json config files, as well as any Greenkeeper config inside package.json files. Finally, your Greenkeeper integrations will be disabled.
What happens if I don’t migrate to Snyk?
Nothing particularly exciting. After the shutdown date, you'll no longer receive any issues or PRs from Greenkeeper. Of course, we'll also stop billing you before that date.
Your Greenkeeper branches, issues and PRs will be left as they are, since we can't know if you still want to merge them after the shutdown date.
Any GitHub and npm tokens we have will be deleted on the shutdown date.
We’d like to thank all past and present customers and Open Source users for their trust in pioneering automated dependency updating, and one of the first automated development tools overall. We have changed the industry in a big way and we couldn’t be more happy to make our impact permanent by joining forces with Snyk.