WhiteSource Bolt for GitHub

Find & fix open source vulnerabilities - for all languages

WhiteSource Bolt for GitHub is a FREE app, which continuously scans all your private and public repos, detects vulnerabilities in open source components and provides suggested fixes.

We've support over 200 programming languages & continuous tracking of open source vulnerabilities databases like the NVD and additional security advisories.

Discussion
Would you recommend this product?
13 Reviews5.0/5

Who knew there are so many open source vulnerabilities in my code?

Who thought that the Npm dependency tree can be so deep?

Tells you exactly where the vulnerability is and suggests a fix.

But the best part, it's free!!!

Pros:

Very simple to use with great value

Cons:

Need to enable the GitHub issue tab in order to see results.

We at WhiteSource are thrilled to launch of our new free WhiteSource Bolt for GitHub app! After months of beta testing, and talking with developers about the challenges of working securely with open source, the results are in and the people have spoken for a better way to manage the open source components in their repos. So this year our gift to the open source community is a shiny new developer tool that makes scanning for known vulnerabilities fast and simple. When it comes to the open source community, sharing is truly caring. Here is a quick rundown of the key features of the app: Find & Fix Vulnerable Open Source Libraries: At the core of WhiteSource Bolt is our goal of showing developers clear and concise information about the vulnerabilities impacting their software. Our no-nonsense approach shows you critical info such as information on the vulnerability including its CVSS score and an actionable suggested fix to make closing this issue a breeze. We Speak Your Language: With over 200 programming languages supported, we’ve got you covered. Never Gonna Let You Down With Comprehensive Vulnerability Coverage That Won’t Give Up: WhiteSource collects intelligence from the widest range of sources to make sure that users are always up to date on the latest vulnerabilities. We go beyond the NVD to issue trackers, security advisories, and more to keep your software secure. Getting Started The WhiteSource Bolt app is available for free download on GitHub. Have a question about how it works, how to get started, or who shot first? We’ve got answers so give it a try and let us know what you think.

free tool for developers to get security alerts early in the development life cycle

Pros:

very developer friendly , cover 200 languages

Cons:

missing functionality

great product

Pros:

know what vulnerabilities you have (and easily fix them)

Cons:

none

Helps with the security factor of my repos without leaving Github

Pros:

Easy to config and see the results of my repos with vulnerabilities quickly

Cons:

not much just have to enable the issues tab to see the results of repos