3/30/2017 2:03:08 PM
WhiteSource Bolt detects vulnerable open source components
Scan Open Source,Open Source Safe,Visual Studio,CI Server
App Developer Magazine

WhiteSource Bolt detects vulnerable open source components

Richard Harris Richard Harris in Open Source Thursday, March 30, 2017

A continuous open source security and compliance management company has announced the launch of a new open source management tool.

WhiteSource, a continuous open source security and compliance management company, has announced the launch of a new open source management tool integrated within the Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS) platforms - the WhiteSource Bolt (Bolt).

Bolt is fully immersed within the VSTS and TFS products, so users can detect vulnerable open source components, get remediation suggestions and generate comprehensive, up-to-date open source inventory, licenses and security vulnerabilities reports inside the Microsoft Visual Studio environment.

Bolt was developed by WhiteSource and Microsoft Visual Studio teams to answer the need of software development teams. It automatically detects vulnerable open source components and continuously tracks open source usage and licenses. The platform is a lightweight solution that will help software developers to identify problematic open source components earlier in the development process, therefore increasing the overall security and quality of released applications and avoiding surprises before and after release.

The full WhiteSource solution can integrate with the entire software development lifecycle (SDLC): repositories, build tools, CI servers, issue trackers and other application security tools. It also automates the entire process of open source components selection, approval and management. Thus, including automated policy enforcement, developers’ tool for the evaluation process and remediation guidance.

“WhiteSource Bolt provides Microsoft Visual Studio customers greater control and visibility over their open source usage and will help software development team increase open source adoption without compromising on security” said WhiteSource CEO and Co-Founder, Rami Sass. “Microsoft’s continuous integration server is a major global platform and we’re proud that Microsoft has chosen WhiteSource to offer their customers a native open source security and compliance solution.”

Microsoft’s Visual Studio Team Services and Team Foundation Server, an enterprise-grade server for teams to share code, track work, and ship software - for any language, is one of the foremost platforms of its kind. It’s collaborative nature as a platform for shared projects makes it an ideal place for WhiteSource’s open source component management, allowing teams to save time and produce better code.

“For any team using open source components, the key question is ‘What vulnerabilities are we reusing in our project and how quickly can we remediate them?,’” said Sam Guckenheimer, Product Owner for VSTS at Microsoft. “WhiteSource Bolt can answer these concerns directly in the CI pipeline and provide immediate feedback with every build. Bolt is a major step in enabling smooth Rugged DevOps inside VSTS and TFS.”


Your name and email will not be public or shared in any way.

A new way to manage your development projects

Learn the best ways to organize your app development projects, and keep code straight, clients happy, and breathe a easier through launches.

Read the Linux Bible

The ultimate hands-on Linux user guide.

The Latest Nerd Ranch Guide (3rd Edition) to Android Programming

Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.

Starting your own app business?

How to create a profitable, sustainable business developing and marketing mobile apps.