WhiteSource announced that WhiteSource Bolt, its open source security developer tool, is now available for free for all GitHub and Microsoft Azure DevOps users, helping developers work more securely with open source components in their native development environments.
First released in March of 2017 as a paid Microsoft Visual Studio extension, WhiteSource Bolt was designed to fit into a developer's natural ecosystem, allowing software development teams to close the gap that currently exists between code development and security teams.
Additionally, WhiteSource Bolt increases developers' ability to work more efficiently with open source components by alerting in real-time once a vulnerable component is added or a new vulnerability is released for an existing component.
"WhiteSource Bolt enables GitHub developers to build more secure products," said Kyle Daigle, Director of Ecosystem Engineering at GitHub. "By detecting vulnerable open source components as soon as they are added to a GitHub repository and providing remediation recommendations, Bolt simplifies the process of vulnerability management for developers."
WhiteSource Bolt supports over 200 programming languages and is powered by WhiteSource's comprehensive vulnerabilities database, which is continuously updated with intelligence sourced from the NVD, security advisories, and popular open source issue trackers. The developer tool is capable of providing coverage for both binaries and source libraries, and offers real-time security alerts for reported vulnerabilities with suggested remediation paths to help keep organizations a step ahead of the hackers.