Supports all languages
Supporting over 200* programming languages, covering all common package managers
Creating an issue for each vulnerability in newly added components, in existing ones and providing fixes.
Providing clear, actionable, and verified suggested fixes for a quick remediation
A GitHub issue will be created for every new vulnerable library added or for newly released vulnerabilities in existing libraries. A scan is activated with every pull request and issues are opened automatically.
Understand the criticality and remediation course for every vulnerability with detailed dependency trees for see the path to vulnerable transitive dependencies, severity score, reference links and more.
Get links to patches, specific source files and newer versions that fix the issue, for quick and effortless remediation.
When a pull request is created, your repository is scanned as part of a WhiteSource Security Check which presents a summary of new vulnerabilities you have to deal with if you merge the request. You can fail pull requests automatically if the WhiteSource Security Check results in a failure.
It’s actually very easy – follow these 5 quick steps and you are there!
Click INSTALL button on WhiteSource Bolt fo GitHub app page on the GitHub marketplace
Enable the issues tab in your repositories
Choose which of your repositories you would like to scan
You will be redirected to a WhiteSource registration page. If you are an existing WhiteSource user, your repos will be uploaded to your existing account.
Click the verification link in the email you receive to get a WhiteSource confirmation message. After that, you are good to go!
How it works
The moment you sync your repository with WhiteSource Bolt for GitHub, it identifies all open source components in your repository.
Then, Bolt matches their digital signature with libraries in WhiteSource’s database, checking if any of your open source libraries or their direct or transitive dependencies is vulnerable.
When does a scan occur
How you manage it
*We have more information about how GitHub can help you secure your GitHub repositories .