WhiteSource Bolt detects vulnerable open source components
|Richard Harris in Open Source Thursday, March 30, 2017|
A continuous open source security and compliance management company has announced the launch of a new open source management tool.
Bolt is fully immersed within the VSTS and TFS products, so users can detect vulnerable open source components, get remediation suggestions and generate comprehensive, up-to-date open source inventory, licenses and security vulnerabilities reports inside the Microsoft Visual Studio environment.
Bolt was developed by WhiteSource and Microsoft Visual Studio teams to answer the need of software development teams. It automatically detects vulnerable open source components and continuously tracks open source usage and licenses. The platform is a lightweight solution that will help software developers to identify problematic open source components earlier in the development process, therefore increasing the overall security and quality of released applications and avoiding surprises before and after release.
The full WhiteSource solution can integrate with the entire software development lifecycle (SDLC): repositories, build tools, CI servers, issue trackers and other application security tools. It also automates the entire process of open source components selection, approval and management. Thus, including automated policy enforcement, developers’ tool for the evaluation process and remediation guidance.
“WhiteSource Bolt provides Microsoft Visual Studio customers greater control and visibility over their open source usage and will help software development team increase open source adoption without compromising on security” said WhiteSource CEO and Co-Founder, Rami Sass. “Microsoft’s continuous integration server is a major global platform and we’re proud that Microsoft has chosen WhiteSource to offer their customers a native open source security and compliance solution.”
Microsoft’s Visual Studio Team Services and Team Foundation Server, an enterprise-grade server for teams to share code, track work, and ship software - for any language, is one of the foremost platforms of its kind. It’s collaborative nature as a platform for shared projects makes it an ideal place for WhiteSource’s open source component management, allowing teams to save time and produce better code.
“For any team using open source components, the key question is ‘What vulnerabilities are we reusing in our project and how quickly can we remediate them?,’” said Sam Guckenheimer, Product Owner for VSTS at Microsoft. “WhiteSource Bolt can answer these concerns directly in the CI pipeline and provide immediate feedback with every build. Bolt is a major step in enabling smooth Rugged DevOps inside VSTS and TFS.”
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.