WhiteSource BoltProduct Overview
WhiteSource Bolt product overview
WhiteSource Bolt is a free app developer tool designed to find and help fix open source vulnerabilities. it runs as an app on GitHub and as an extension on Azure DevOps and works by scanning all of your projects and detecting vulnerable open source components. It also provides actionable, validated remediation paths to enable quick resolution. There is support for over 200 programming languages and continuous tracking of multiple open source vulnerabilities databases including the NVD, security advisories, peer-reviewed vulnerability databases, and open source projects issue trackers.
Pros of WhiteSource Bolt
Open-source governance is fully automated once the plug-in is added. Once added to a continuous integration tool, both old and new dependencies are managed without the need for running manual checks.
Cons of WhiteSource Bolt
Some users report false positives. Because of this, developers may need to quickly review flagged vulnerabilities before running fixes.
Breakdown of core features
Supports All Languages
Supporting over 200 programming languages, covering all common package managers. It also works with the most common open source libraries like .Net and .Net core.
Running WhiteSourece Bolt helps your developers identify and fix vulnerabilities in newly added components as well as in existing ones.
WhiteSource Bolt provides actionable and verified suggested fixes for a quick remediation
(Last updated on 12/20/2019 by Marshall Bright)