• Platform
    Mend-io-logo-mark
    AI Native AppSec Platform Take a tour
    Microsoft talks about whitesource - ai
    Mend AI Secure AI powered applications
    Mend sast icon
    Mend SAST Secure proprietary code 10x faster
    Mend container small icon
    Mend Container Container security done right
    Microsoft talks about whitesource - sca
    Mend SCA Decrease open source risk
    Microsoft talks about whitesource - renovate
    Mend Renovate Automate dependency updates
    Expand AppSec coverage
    Microsoft talks about whitesource - dast icon 1 DAST Microsoft talks about whitesource - apis icon 1 API security Microsoft talks about whitesource - eol icon EOL support
    Platform Benefits
    Microsoft talks about whitesource - repoi icon Repo integration Scalability-icon Scalability Microsoft talks about whitesource - reachability icon Reachability
  • Solutions
    Ai models risk - nav bar icon
    AI app security Manage risks in AI models and agents
    Ai-red-teaming-icon-
    AI red teaming Test and secure conversational AI
    Microsoft talks about whitesource - ai gen code security nav bar icon 36x36 1
    AI gen code security Real-time AI code security
    Sbom - nav bar icon
    SBOM Move from static to effective SBOMs
    Runtime-security-nav-bar-icon
    Dynamic testing Test for risks in running applications
    Code scanning - nav bar icon
    Code scanning Find and fix known vulnerabilities
    Open source license nav bar icon
    Open source security Prevent. Prioritize. Automate.
    Open source license - nav bar icon
    Open source compliance Risk management for OSS licenses
    Dependency updates - nav bar icon
    Dependency updates Reduced risk, better code
    Container security container security
    Container security Container security, simplified
  • Company
    About us - nav bar icon
    About us Who we are
    Careers nav bar icon
    Careers Join our team
    Partners - nav bar icon
    Partners Meet our partners
    Events - nav bar icon
    Events Upcoming events
    Newsroom - nav bar icon
    Newsroom The latest Mend.io news
    Contact-us nav bar icon
    Contact us Connect with us
  • Resources
    Resource center - nav bar icon
    Resource center View our latest resources
    Blog - nav bar icon
    Blog The latest AppSec news and insights
    Podcast-icon
    Podcast Insights from leading experts
    Customers - nav bar icon
    Customers View our customer case studies
    Integrations - nav bar icon
    Integrations Find your integration
    Langugages nav bar icon
    Languages Find your language
    Vulnerability database - nav bar icon
    Vulnerability database Mend.io's OSS vulnerability database
    Documentation - nav bar icon
    Documentation Product and feature documentation
    Featured
    Microsoft talks about whitesource - featured image
    A CISO’s Guide to Securing AI from the Start
    Microsoft talks about whitesource - practical guide to sast white paper image
    A Practical Guide to Making the Most of your SAST Investment
Schedule a Demo

Microsoft Talks About WhiteSource

Nov 23, 2016

This video demonstrates how to integrate WhiteSource Bolt (now Mend Bolt) into Visual Studio Team Services (VSTS), now known as Azure DevOps, to automatically scan your open source components for vulnerabilities and license compliance.
You’ll learn how to set up the extension, run your first scan, and interpret the results—all within your existing CI/CD pipeline.

Why Use Mend Bolt in Azure DevOps?

Modern applications rely heavily on open source libraries, but those libraries can introduce hidden security and compliance risks. Mend Bolt is a free extension that brings automated open source scanning directly into your build process in Azure DevOps.

With this integration, every build triggers a scan of your dependencies, helping you catch vulnerabilities and license issues early—before they reach production. The scan runs automatically and delivers a detailed, easy-to-read report inside your DevOps project dashboard.

What the Demo Covers

In this video, you'll see how to:

Install the Mend Bolt extension from the Azure DevOps Marketplace

Configure your build definition to include a Bolt scan step

Run a build and generate a vulnerability report

Review results including severity, affected components, and suggested remediations

Use the results to improve open source security posture without leaving your DevOps environment

Mend Bolt gives teams visibility and control over open source risk with zero manual setup, making it an ideal choice for small teams or those just getting started with AppSec.

© 2025 Mend.io (White Source Ltd.) All rights reserved.