WhiteSource Bolt detects vulnerable open source components

WhiteSource, a continuous open source security and compliance management company, has announced the launch of a new open source management tool integrated within the Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS) platforms - the WhiteSource Bolt (Bolt).

Bolt is fully immersed within the VSTS and TFS products, so users can detect vulnerable open source components, get remediation suggestions and generate comprehensive, up-to-date open source inventory, licenses and security vulnerabilities reports inside the Microsoft Visual Studio environment.

Bolt was developed by WhiteSource and Microsoft Visual Studio teams to answer the need of software development teams. It automatically detects vulnerable open source components and continuously tracks open source usage and licenses. The platform is a lightweight solution that will help software developers to identify problematic open source components earlier in the development process, therefore increasing the overall security and quality of released applications and avoiding surprises before and after release.

The full WhiteSource solution can integrate with the entire software development lifecycle (SDLC): repositories, build tools, CI servers, issue trackers and other application security tools. It also automates the entire process of open source components selection, approval and management. Thus, including automated policy enforcement, developers’ tool for the evaluation process and remediation guidance.

“WhiteSource Bolt provides Microsoft Visual Studio customers greater control and visibility over their open source usage and will help software development team increase open source adoption without compromising on security” said WhiteSource CEO and Co-Founder, Rami Sass. “Microsoft’s continuous integration server is a major global platform and we’re proud that Microsoft has chosen WhiteSource to offer their customers a native open source security and compliance solution.”

Microsoft’s Visual Studio Team Services and Team Foundation Server, an enterprise-grade server for teams to share code, track work, and ship software - for any language, is one of the foremost platforms of its kind. It’s collaborative nature as a platform for shared projects makes it an ideal place for WhiteSource’s open source component management, allowing teams to save time and produce better code.

“For any team using open source components, the key question is ‘What vulnerabilities are we reusing in our project and how quickly can we remediate them?,’” said Sam Guckenheimer, Product Owner for VSTS at Microsoft. “WhiteSource Bolt can answer these concerns directly in the CI pipeline and provide immediate feedback with every build. Bolt is a major step in enabling smooth Rugged DevOps inside VSTS and TFS.”