Securing ‘Open Source’ Apps.


WhiteSource, a leading open source security and management vendor, today released an Azure DevOps repository integration that allows Azure DevOps users to discover all open source components and automatically apply security policies. Users can now receive vulnerability alerts as well as detailed remediation information, including suggested fixes and prioritization notices, all conveniently in their native environment without having to learn a new user interface (UI).
As the time to market for applications shrinks each year, software development teams are challenged to speed up their processes without compromising security. Many software composition analysis (SCA) vendors check the repository for vulnerabilities, but only return the results in their own user interface, which slows down the development process. The WhiteSource for Azure Repos integration automatically scans open source code for security vulnerabilities or license violations with every merge request before the code is merged. If a merge request introduces a new bug, the developer receives immediate feedback to fix the newly introduced vulnerabilities. Positive feedback is given when a pull requirement fixes vulnerabilities. This different view between parent branches avoids workflow interruptions. In addition to Whitesource’s existing integration with all major code repositories including GitHub Packages, JFrog, Bitbucket and GitLab, the new Whitesource integration for Azure Repo enables users to build inventory, security and compliance.

With WhiteSource’s cloud integration for Azure Repos, users can:

1. View automated remediation suggestions WhiteSource Enterprise automatically generates repository pull requests to update vulnerable open source components to the lowest non-vulnerable version.
2. Apply policies Policies are automatically applied to the repository for each merge request. The status and results of each scan are displayed on the Confirmations page.
3. Merge Confidence feature uses crowdsourced data to show the likelihood that an open source component can be updated without interrupting the build. Merge Confidence includes age, acceptance, and upgrade compatibility data to create a confidence score.
4. Find IaC misconfiguration Protect production environments and secure cloud, containers and Kubernetes directly from Azure repositories.

Ori Bach, executive vice president of products at WhiteSource, said scanning for vulnerabilities within the repository is the “far left” organization that can defer its security efforts while continuing to enforce policies and requiring all developers to analyze their code. The cost of patching vulnerabilities increases as you progress through your software development lifecycle. With the WhiteSource for Azure Repos integration, developers can get feedback on their code while it’s still fresh in their minds, making it easier to fix vulnerabilities and help organizations save time and money.

About White Source:

WhiteSource helps companies accelerate secure software development. It provides automated tools that help close security knowledge gaps, integrate easily into the software development lifecycle, and go beyond detection with a remediation-focused approach. Based on the industry’s most comprehensive vulnerability database, WhiteSource offers the broadest coverage of threats and attack vectors. The solution helps companies such as Microsoft, IBM, Comcast, Philips and many others reduce security risks and increase the productivity of their development and security teams.

This article is shared by | A leading resource of inspired clone scripts. It offers hundreds of popular scripts that are used by thousands of small and medium enterprises.