Free tool helps developers spot open source security risks
The use of open source components in development projects is commonplace, but vulnerabilities in these components can be easily overlooked and leave the resulting applications insecure.
Open source security and license compliance management company WhiteSource is aiming to make it easier for developers to spot problems in components with the launch of a free tool.
WhiteSource Bolt is designed to fit into a developer's natural ecosystem, allowing software development teams to close the gap that exists between code development and security teams. Additionally, it increases developers' ability to work more efficiently with open source components by alerting in real-time once a vulnerable component is added or a new vulnerability is released for an existing component.
It's available free for all GitHub and Microsoft Azure DevOps users. WhiteSource Bolt supports over 200 programming languages and is powered by WhiteSource's comprehensive vulnerabilities database, which is continuously updated with intelligence sourced from the NVD, security advisories, and popular open source issue trackers.
The tool is capable of providing coverage for both binaries and source libraries, and offers real-time security alerts for reported vulnerabilities with suggested remediation paths to help keep organizations a step ahead of the hackers.
"We are excited to strengthen and expand our offering for developers," says WhiteSource CEO Rami Sass. "WhiteSource Bolt was designed to make developers’ lives simpler and we hope that offering it free of charge to all developers will help companies harness the power of open source."