WhiteSource, the leader in continuous open source security and compliance management, today announced the launch of a new open source management tool integrated within the Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS) platforms – the WhiteSource Bolt. WhiteSource also announced all Visual Studio Enterprise 2017 subscribers will be offered a free six-month subscription to the WhiteSource Bolt tool.
WhiteSource Bolt runs within the continuous integration pipeline of the VSTS and TFS products, so users can detect vulnerable open source components, get remediation suggestions and generate comprehensive, up-to-date open source inventory, licenses and security vulnerabilities reports inside the Microsoft Visual Studio build environment.
This unique solution was developed to answer the need of software development teams. It automatically detects vulnerable open source components and continuously tracks open source usage and licenses. WhiteSource Bolt is a lightweight solution that will help software developers to identify problematic open source components earlier in the development process, therefore increasing the overall security and quality of released applications and avoiding surprises before and after release.
The full WhiteSource solution can integrate with the entire software development lifecycle (SDLC): repositories, build tools, continuous integration (CI) servers, issue trackers and other application security tools. It also automates the entire process of open source components selection, approval and management. Thus, including automated policy enforcement, developers’ tool for the evaluation process and remediation guidance.
“WhiteSource Bolt provides Microsoft Visual Studio users greater control and visibility over their open source usage and will help software development teams increase open source adoption without compromising on security” said WhiteSource’s CEO and co-Founder, Rami Sass. “Visual Studio Team Services is a major continuous integration platform and we’re proud to offer Microsoft customers a native open source security and compliance solution.”
Microsoft’s Visual Studio Team Services and Team Foundation Server, an enterprise-grade server for teams to share code, track work, and ship software – for any language, is one of the foremost platforms of its kind. Its collaborative nature as a platform for shared projects makes it an ideal place for WhiteSource’s open source component management, allowing teams to save time and produce better code.
“Any team using open source components faces key questions about what vulnerabilities might exist in those components and how quickly can they be remediated” said Shawn Nandi, Senior Director, Cloud App Dev and Data Marketing for Microsoft Corp. “WhiteSource Bolt can answer these concerns directly in the CI pipeline and provide immediate feedback with every build. Bolt is a major step in enabling rugged DevOps inside VSTS and TFS, and we’re excited to see our developer community take advantage of this new capability to build with open source.”
For more information about the WhiteSource benefit for Visual Studio Enterprise subscribers visit WhiteSource Bolt: Find & Fix Open Source vulnerabilities