What is WhiteSource Solution for Remediating Vulnerabilities?

One of the most reliable risk mitigation strategies is to keep your open source components continuously patched to avoid being exposed to known vulnerabilities.

WhiteSource Remediate, which supports GitHub (server and cloud), GitLab and Bitbucket (server) repositories, automates the entire process for detecting vulnerable or outdated components, identifies the latest available version and generates a pull request that can be applied with one click.

Automated remediation workflows can be initiated based on security vulnerability policies triggered by a vulnerability detection, vulnerability severity, CVSS score or when a new version is released.

By automating this process, WhiteSource helps companies remediate vulnerable libraries faster, reduces security and quality risks, and saves your developers precious time.

Integrate Your Repository

Integrating security tools into the software development lifecycle (SDLC) can assist teams in detecting vulnerabilities earlier in the development process when it is easier to address them.

WhiteSource’s Repository Integration, including support for GitHub, GitHub Packages, JFrog, BitBucket, and GitLab, provide developer-focused security tools that operate within the native development environment, without compromising agility.

How Does it Work?

On every push to your repository, WhiteSource will also automatically detect newly published vulnerabilities affecting any of your existing dependencies, ensuring full coverage for all of your dependencies, both new and existing.

When the scan concludes, WhiteSource will create an Issue pertaining to each new security vulnerability introduced into your repository, with details regarding the library, the vulnerability, and possible fixes.

Integrate Your IDE

Addressing security requirements or best practices during development can often slow down developers.

WhiteSource’s Integrated Development Environment (IDE) Integrations, including support for Visual Studio, IntelliJ, WebStorm, PyCharm and Eclipse IDEs, and Visual Studio Code (Editor), are designed to work seamlessly within the development process, enabling developers to code more productively and securely.

How Does it Work?

When an open-source component is added to a dependency file, it is examined by the WhiteSource plugin or extension.

If vulnerabilities, associated with the open source component, are detected, including transitive dependencies, WhiteSource will highlight these and offer suggested fixes.

What’s It All About?

WhiteSource’s Browser Integration allows your developers to see a snapshot of the component’s open source security details before downloading it to their repository. The Chrome extension quickly identifies open source component package references on web pages such as Stack Overflow, Maven Central, and more.

With a simple click of the icon on the page, developers can view important details to help them decide whether or not to add a new component. Details include known vulnerabilities, quality scores, whether the component is currently in use within your organization.

Selecting the right component the first time can make your team’s development process more effective, saving you valuable time and money by preventing costly tear and replace ops later down the line when nearing release deadlines.

Make Your Development More Agile with WhiteSource Browser Integration

The WhiteSource Browser Integration is now being offered as part of the WhiteSource For Developers bundle that empower your development to choose better components the first time. If you aren’t already a WhiteSource customer, this is your opportunity to take advantage of our wide range of benefits.

Reach out and ask to connect it to your account

WhiteSource empowers businesses to develop better software by harnessing the power of open source. Your developers depend on open source components to work faster and focus on developing strong and innovative products. Sign up now for a FREE TRIAL with WhiteSource and start developing with confidence.