WhiteSource Helps Open Raven Develop Secure Software

Open Raven Integrates WhiteSource into Their DevOps Pipeline to Build with Open Source Safely


Open Raven is a cloud native data security platform that prevents breaches driven by modern speed and sprawl. From shadow cloud accounts to dark data, Open Raven restores visibility and control while laying the foundation for compliance and privacy efforts. Backed by Kleiner Perkins and Upfront Ventures, Open Raven has raised $19.1M in capital as of June 2020.

As an early stage startup focused on identifying and protecting data to prevent security breaches, Open Raven needed to ensure it was shipping the most secure product possible. To achieve this, the company decided early on it needed a software composition analysis (SCA) tool that could handle both open source license compliance and security vulnerabilities. Open Raven also wanted the best-of-breed SCA tool to provide their customers with the right level of assurance.

Because Open Raven was building their development platform from the ground up, they demanded an SCA tool that would seamlessly integrate into their modern CI/CD pipeline, namely their GitLab repository. From the beginning, Open Raven was determined to adopt as few developer tools as possible so that developers could spend more time writing code and less time learning new AppSec tools. 

“At Open Raven, we need open source license compliance and we need security. We also wanted less tools, not more. We needed to find one tool that did both security and licence compliance — and did it well — and integrated into our DevOps pipeline. And I genuinely think that WhiteSource are the only people that do all this,” say Mark Curphey, Co-Founder and Chief Product Officer at Open Raven and Founder of OWASP

At Open Raven, we need open source license compliance and we need security. We also wanted less tools, not more. We needed to find one tool that did both security and licence compliance — and did it well — and integrated into our DevOps pipeline. And I genuinely think that WhiteSource are the only people that do all this.

To help achieve their mission of solving the data breach problem, Open Raven chose WhiteSource as their SCA tool. Open Raven is using WhiteSource integrated with GitLab. With WhiteSource’s GitLab repository integration, WhiteSource provides developer-focused security tools that operate within the native development environment. 

“WhiteSource helps you build with open source software safely,” says Curphey. “You build the functionality you want knowing that someone else has got your back around the open source code that you’re putting into your product.” WhiteSource gives Open Raven the ability to achieve license compliance by allowing developers to use only open source components with compatible, non-restrictive licenses. At the same time, developers are able to avoid using open source components that have known vulnerabilities or are outdated. 

By integrating these security tools into their DevOps pipeline, Open Raven developers can detect license and vulnerability issues earlier in the development life cycle when they are easier and less costly to remediate. 

WhiteSource helps you build with open source software safely. You build the functionality you want knowing that someone else has got your back around the open source code that you’re putting into your product.

Open Raven’s developers are now able to code more securely without compromising agility — and without leaving their development environment. “WhiteSource is incredibly easy to use. The developers don’t have to think about their open source components,” says Curphey. “As the developer commits the code, WhiteSource checks it, and we can decide whether it passes or fails. This means my developers get to spend their time writing features on our behalf and adding value to our company.”

WhiteSource helps Open Raven manage their open source usage. “WhiteSource now gives us full visibility into the open source code we use,” says Curphey. “We are able to tell exactly what all the components are, what all the versions are, and any security issues that exist in any of these things. We can make sure we’re not shipping software that is inherently insecure.”

“Trust is everything in the security industry,” says Curphey. “Our customers trust Open Raven because we help prevent data breaches, but they also have to trust that the software we build is secure. For us it’s about doing the right thing, and WhiteSource helps us achieve that.”

Trust is everything in the security industry. Our customers trust Open Raven because we help prevent data breaches, but they also have to trust that the software we build is secure. For us it’s about doing the right thing, and WhiteSource helps us achieve that.

As an early stage startup focused on identifying and protecting data to prevent security breaches, Open Raven needed to ensure it was shipping the most secure product possible. To achieve this, the company decided early on it needed a software composition analysis (SCA) tool that could handle both open source license compliance and security vulnerabilities. Open Raven also wanted the best-of-breed SCA tool to provide their customers with the right level of assurance.

Because Open Raven was building their development platform from the ground up, they demanded an SCA tool that would seamlessly integrate into their modern CI/CD pipeline, namely their GitLab repository. From the beginning, Open Raven was determined to adopt as few developer tools as possible so that developers could spend more time writing code and less time learning new AppSec tools. 

“At Open Raven, we need open source license compliance and we need security. We also wanted less tools, not more. We needed to find one tool that did both security and licence compliance — and did it well — and integrated into our DevOps pipeline. And I genuinely think that WhiteSource are the only people that do all this,” say Mark Curphey, Co-Founder and Chief Product Officer at Open Raven and Founder of OWASP

At Open Raven, we need open source license compliance and we need security. We also wanted less tools, not more. We needed to find one tool that did both security and licence compliance — and did it well — and integrated into our DevOps pipeline. And I genuinely think that WhiteSource are the only people that do all this.

To help achieve their mission of solving the data breach problem, Open Raven chose WhiteSource as their SCA tool. Open Raven is using WhiteSource integrated with GitLab. With WhiteSource’s GitLab repository integration, WhiteSource provides developer-focused security tools that operate within the native development environment. 

“WhiteSource helps you build with open source software safely,” says Curphey. “You build the functionality you want knowing that someone else has got your back around the open source code that you’re putting into your product.” WhiteSource gives Open Raven the ability to achieve license compliance by allowing developers to use only open source components with compatible, non-restrictive licenses. At the same time, developers are able to avoid using open source components that have known vulnerabilities or are outdated. 

By integrating these security tools into their DevOps pipeline, Open Raven developers can detect license and vulnerability issues earlier in the development life cycle when they are easier and less costly to remediate. 

WhiteSource helps you build with open source software safely. You build the functionality you want knowing that someone else has got your back around the open source code that you’re putting into your product.

Open Raven’s developers are now able to code more securely without compromising agility — and without leaving their development environment. “WhiteSource is incredibly easy to use. The developers don’t have to think about their open source components,” says Curphey. “As the developer commits the code, WhiteSource checks it, and we can decide whether it passes or fails. This means my developers get to spend their time writing features on our behalf and adding value to our company.”

WhiteSource helps Open Raven manage their open source usage. “WhiteSource now gives us full visibility into the open source code we use,” says Curphey. “We are able to tell exactly what all the components are, what all the versions are, and any security issues that exist in any of these things. We can make sure we’re not shipping software that is inherently insecure.”

“Trust is everything in the security industry,” says Curphey. “Our customers trust Open Raven because we help prevent data breaches, but they also have to trust that the software we build is secure. For us it’s about doing the right thing, and WhiteSource helps us achieve that.”

Trust is everything in the security industry. Our customers trust Open Raven because we help prevent data breaches, but they also have to trust that the software we build is secure. For us it’s about doing the right thing, and WhiteSource helps us achieve that.