3/30/2017 2:03:08 PM
WhiteSource Bolt detects vulnerable open source components
Scan Open Source,Open Source Safe,Visual Studio,CI Server
https://appdevelopermagazine.com/images/news_images/Scanning-Open-Source-Components-App-Developer-Magazine_eb2ha3el.jpg
App Developer Magazine

WhiteSource Bolt detects vulnerable open source components



Richard Harris Richard Harris in Open Source Thursday, March 30, 2017
18,215

A continuous open source security and compliance management company has announced the launch of a new open source management tool.

WhiteSource, a continuous open source security and compliance management company, has announced the launch of a new open source management tool integrated within the Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS) platforms - the WhiteSource Bolt (Bolt).

Bolt is fully immersed within the VSTS and TFS products, so users can detect vulnerable open source components, get remediation suggestions and generate comprehensive, up-to-date open source inventory, licenses and security vulnerabilities reports inside the Microsoft Visual Studio environment.

Bolt was developed by WhiteSource and Microsoft Visual Studio teams to answer the need of software development teams. It automatically detects vulnerable open source components and continuously tracks open source usage and licenses. The platform is a lightweight solution that will help software developers to identify problematic open source components earlier in the development process, therefore increasing the overall security and quality of released applications and avoiding surprises before and after release.

The full WhiteSource solution can integrate with the entire software development lifecycle (SDLC): repositories, build tools, CI servers, issue trackers and other application security tools. It also automates the entire process of open source components selection, approval and management. Thus, including automated policy enforcement, developers’ tool for the evaluation process and remediation guidance.

“WhiteSource Bolt provides Microsoft Visual Studio customers greater control and visibility over their open source usage and will help software development team increase open source adoption without compromising on security” said WhiteSource CEO and Co-Founder, Rami Sass. “Microsoft’s continuous integration server is a major global platform and we’re proud that Microsoft has chosen WhiteSource to offer their customers a native open source security and compliance solution.”

Microsoft’s Visual Studio Team Services and Team Foundation Server, an enterprise-grade server for teams to share code, track work, and ship software - for any language, is one of the foremost platforms of its kind. It’s collaborative nature as a platform for shared projects makes it an ideal place for WhiteSource’s open source component management, allowing teams to save time and produce better code.

“For any team using open source components, the key question is ‘What vulnerabilities are we reusing in our project and how quickly can we remediate them?,’” said Sam Guckenheimer, Product Owner for VSTS at Microsoft. “WhiteSource Bolt can answer these concerns directly in the CI pipeline and provide immediate feedback with every build. Bolt is a major step in enabling smooth Rugged DevOps inside VSTS and TFS.”


Get your Pi Day 2019 Shirt

Love Is Like Pi Never Ending T-Shirt Math Pi day Gift Shirt. Perfect Shirt to celebrate Pi Day 2019. Great gift whether you just love Math or you are a Math Student, Teacher or similar.

475 Tax Deductions for Businesses and Self-Employed Individuals

Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.

A hands-on guide to mastering mobile forensics for iOS and Android

Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.

Gps tracker for kids

The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.

The Latest Nerd Ranch Guide (3rd Edition) to Android Programming

Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.