Wednesday, December 05, 2018

WhiteSource Bolt for GitHub Will Keep Your Projects On Github, Open Source Or Otherwise, Trouble Free


More and more Open source projects are facing vulnerability issues. According to "The State of Open Source Vulnerability Management" white paper (Download link below) It is evident that most vulnerabilities are found in popular projects.
Data shows that 32% of the top 100 in part thanks to the community reporting, the number of reported vulnerabilities in open source projects is on the rise, rising to 51% in 2017 from the previous year. Most open source projects are vulnerable to at least one issue due to multi level component use, meaning that developers have their work cut out for them, as long as they are using these components in their products. 

WhiteSource Bolt for GitHub also support open source app with some restrictions. The WhiteSource will allow you to monitor one opensource project, provided you meet the following requirements. If you need to add more projects, it is possible with a paid account. They do have multi level systems to match your requirements.
Free Open Source Project Support:

1) The license is limited to analysis of one open source product developed and published by your organization.

2) You must put a link to WhiteSource on the project home page with credit to WhiteSource for analyzing your code along with the following statement:
"WhiteSource is providing free open source analysis solution to this project, as part of its on-going support to the open source community."

3) You agree that WhiteSource can publish your organization and/or oss project name and logo.

4) You agree that WhiteSource can use and publish your data at our discretion
Even if you think it is not for you, visit them, you might like the resources they provide. One good place to start would be "The State of Open Source Vulnerability Management" We will be requesting one of our Guardocs related opensource project to be monitored.

No comments: