Sinocax

Hotline:0512-62382981
please try again.
Your current location:
Homepage
/
/
/
WhiteSource open source code detection product introduction

WhiteSource open source code detection product introduction

  • Categories:Company News
  • Author:
  • Origin:
  • Time of issue:2020-09-16
  • Views:0

(Summary description)Software teams often focus on detecting potential problems in their own code, but neglect to check for known vulnerabilities in open source components. The risk of open source vulnerabilities is often greater, because the vulnerability information and how to exploit the vulnerabilities are known to everyone. Fortunately, 87% of open source vulnerabilities have been patched, so they are relatively easy to correct. WhiteSource has the most extensive security vulnerability database, collecting vulnerabilities from multiple sources and providing detailed repair information. In the software development life cycle (SDLC), including after the software is released, WhiteSource reminds users in real time to proactively fix all problems in advance

WhiteSource open source code detection product introduction

(Summary description)Software teams often focus on detecting potential problems in their own code, but neglect to check for known vulnerabilities in open source components. The risk of open source vulnerabilities is often greater, because the vulnerability information and how to exploit the vulnerabilities are known to everyone. Fortunately, 87% of open source vulnerabilities have been patched, so they are relatively easy to correct. WhiteSource has the most extensive security vulnerability database, collecting vulnerabilities from multiple sources and providing detailed repair information. In the software development life cycle (SDLC), including after the software is released, WhiteSource reminds users in real time to proactively fix all problems in advance

  • Categories:Company News
  • Author:
  • Origin:
  • Time of issue:2020-09-16
  • Views:0
Information
Software teams often focus on detecting potential problems in their own code, but neglect to check for known vulnerabilities in open source components. The risk of open source vulnerabilities is often greater, because the vulnerability information and how to exploit the vulnerabilities are known to everyone. Fortunately, 87% of open source vulnerabilities have been patched, so they are relatively easy to correct. WhiteSource has the most extensive security vulnerability database, collecting vulnerabilities from multiple sources and providing detailed repair information. In the software development life cycle (SDLC), including after the software is released, WhiteSource reminds users in real time to proactively fix all problems in advance
 
When using open source components, companies need to ensure that all components including transitive dependent libraries are followed. WhiteSource accurately detects all open source licenses, including library licenses, and automatically enforces license policies on newly added components. Users can therefore block unwanted components from entering their software.
 
WhiteSource also automates the approval process for new open source components, thus improving development efficiency.
 
Shift Left is the core concept of detecting as many issues as possible early in the software development process. Studies have shown that early detection of security issues can reduce repair costs by 90%.
 
 WhiteSource checks the problematic components when they enter the code or when they are built to ensure that there are no accidents on the day of release. Its Selection Tool helps developers choose the best components during the evaluation phase, thereby improving the overall product quality.
 
    WhiteSource automates the selection, approval, and management process of open source components, including detecting and resolving security and compliance issues. It allows the integration of users' code bases, build tools, CI servers, and application security tools, supporting agile methods and continuous deployment. It also provides transparency for users' security, engineering, DevOps, and legal teams, and controls open source applications.
 
   WhiteSource has its own algorithm to ensure accurate detection without false positives, and is proud of being the most accurate solution on the market. Moreover, WhiteSource has an extremely mature database. Contains more than 3M open source components and 70M source files, covering more than 200 programming languages.
 
In use, WhiteSource calculates the digital signature of each library and cross-compares it with its extensive database. Therefore, it does not scan or analyze the user code, and completely guarantees the confidentiality of the user code. In short, it doesn't look at your code.
 
Features
 
Detect
●In your build and code base, automatically detect all open source components, including transitive dependency libraries.
●Detect known vulnerabilities of components in the software development cycle and provide repair suggestions.
caveat
●Automatically enforce policies in the software development life cycle, and generate real-time alarms for policy violations. The user can therefore cancel the build or start an approval process.
●The alarm settings include the severity of the vulnerability, license type, serious software defects, new versions, age of components and other aspects.
●Get alerts for the most recently discovered vulnerabilities in historical versions. WhiteSource continuously monitors the latest build of each version.
report
●According to the last build, one-click to generate detailed inventory, risk, security, legal and due diligence (Due Diligence) reports.
●Automatically generate release management reports for all licensed release and copyright information, saving time and labor before release.
select
●When developers search for open source components online, select tools (as browser plug-ins) to help provide security, permission, and policy information.
●Users will get a detailed preview of each component, including its vulnerabilities, permissions, and whether the component has been used in your business.
●The selection tool supports all common registrations (MavenCentral, npm, Pypi, etc.) and web pages with package references (StackOverFlow, Tutorials, etc.).
Advantage
●Wide coverage, support more than 200 languages ​​including containers
●The positioning is accurate, and the algorithm with independent intellectual property rights guarantees no false positives
●Easy to repair, providing proven crowdsourced repair
●Easy to use, policies are automatically implemented at all stages of SDLC, and the approval and tracking process is automated
●Rich vulnerability database, continuously collecting information from NVD, security experts and open source project issue tracking

Scan the QR code to read on your phone

更多资讯

Won

Won the bid for the test tool procurement project of Nanjing NARI Group

NARI Group (State Grid Electric Power Research Institute) is a unit directly under the State Grid Corporation of China. It implements integrated operation management and is China's largest supplier of power system automation, water conservancy and hydropower automation, rail transit monitoring technology,
2020-09-16
China

China Petroleum Engineering Construction Company NNMI network operation and maintenance management system

China Petroleum Engineering and Construction Corporation (CPECC) is a subsidiary of China National Petroleum Corporation. It is a professional company specializing in petroleum engineering design, manufacturing, construction and general contracting of the group company. Now it has developed into the most representative company of the group company in the field of petroleum engineering construction at home and abroad.
2020-09-16
The

The mobile application test system of Anhui Quality and Standardization Research Institute was successfully accepted

Recently, the mobile application test system of the Anhui Provincial Institute of Quality and Standardization, which was constructed by Suzhou Wax Information Technology Co., Ltd., was successfully accepted. The mobile application test system is based on Micro Focus's software test tool products, mainly involving LaodRunner, UFT , Mobile Center, ALM.
2020-09-16
WhiteSource

WhiteSource open source code detection product introduction

Software teams often focus on detecting potential problems in their own code, but neglect to check for known vulnerabilities in open source components. The risk of open source vulnerabilities is often greater, because the vulnerability information and how to exploit the vulnerabilities are known to everyone. Fortunately, 87% of open source vulnerabilities have been patched, so they are relatively easy to correct. WhiteSource has the most extensive security vulnerability database, collecting vulnerabilities from multiple sources and providing detailed repair information. In the software development life cycle (SDLC), including after the software is released, WhiteSource reminds users in real time to proactively fix all problems in advance
2020-09-16

CONTACT US

联系我们

Time of issue:2020-09-16 13:55:16
Add: A1-205,No.388 Xinping Street, ,SIP,Suzhou,China
Tel:4000284008/0512-62382981

FOLLOW US

这是描述信息

Copyright -  Sinocax Information Technology Company  |  Copyright - 2020 All Rights Reserved.