Collaborate Disseminate
WhiteSource announced the change of its name to Mend. The company is also launching an automated remediation for custom code security issues as well as integration of Mend Supply Chain Defender (formerly WhiteSource Diffend) in its JFrog Artifactory pl… Continue reading WhiteSource rebrands as Mend to focus on the prevention of application security issues
WhiteSource launched WhiteSource Spring4Shell Detect, a free command-line interface (CLI) tool that quickly scans projects to find vulnerable open source libraries for CVE-2022-22965, also known as Spring4Shell. Spring4Shell is a remote code execution … Continue reading WhiteSource releases free tool to detect and remediate Spring4Shell vulnerability
WhiteSource announced the company’s expansion into custom code security following two recent acquisitions and the availability of its static application security testing (SAST) solution. To accelerate the company’s SAST vision, WhiteSource completed tw… Continue reading WhiteSource acquires DefenseCode and Xanitizer to enter into the SAST market
WhiteSource released a threat report based on malicious activity found in npm, the most popular JavaScript package manager used by developers worldwide. The report is based on findings from more than 1,300 malicious npm packages identified in 2021. Jav… Continue reading How threat actors are using npm to launch attacks
WhiteSource released an Azure DevOps repository integration, allowing Azure DevOps users to detect all open source components and automatically enforce security policies directly from their repository. Users can now receive alerts on vulnerabilities al… Continue reading WhiteSource for Azure Repos scans open source code for security vulnerabilities
WhiteSource launched WhiteSource Log4j Detect, a free command-line interface (CLI) tool to help organizations quickly detect and remediate the Log4j vulnerabilities CVE-2021-44228 and CVE-2021-445046. This free developer tool, which is hosted on GitHub… Continue reading WhiteSource Log4j Detect scans projects to find vulnerable Log4j versions
In an effort to help developers meet new governmental regulations for protecting the software supply chain, WhiteSource released WhiteSource SBOM, a new tool that creates a software bill of materials (SBOM) and provides a path to remediation when vulne… Continue reading WhiteSource SBOM helps developers to protect the software supply chain
Recent high-profile supply chain attacks have heightened the need for increased regulation of the open-source community. In the U.S., for example, President Biden’s recent executive order asks government vendors to attest “to the extent practicab… Continue reading Regulation fatigue: A challenge to shift processes left
WhiteSource released WhiteSource Cure, an auto-remediation application designed for custom code. This pioneering release enables organizations to accelerate the delivery of secure software at scale. Software developers and security professionals today … Continue reading WhiteSource Cure accelerates the delivery of secure software at scale
20% of security professionals described their organizations’ DevSecOps practices as “mature”, while 62% said they are improving practices and 18% as “immature”, a WhiteSource report finds. The survey gathered responses from over 560 developers and appl… Continue reading Few security pros believe their organizations have reached full DevSecOps maturity