Automatically Detects Vulnerable Open Source Components in Your Software

WhiteSource, the leader in continuous open source security and compliance management, today announced a partnership with Microsoft. 

The partnership led to an integration with Visual Studio’s Team Services and Team Foundation Server (TFS). WhiteSource TFS extension automatically detects all open source components in the TFS build, identifying components with security vulnerabilities, severe software bugs and license compliance issues early on in the software development lifecycle (SDLC).

As open source adoption rises, software development teams are in need of automated tools that can track, alert and help remediate security, quality and compliance issues in open source components. WhiteSource’s comprehensive security vulnerabilities database is the largest of its kind, supporting 20 programming languages and multiple source. This complete open source management scope along with its unique shift left capabilities led Microsoft to choose WhiteSource as a partner to offer its users a comprehensive solution for open source security and license management.

WhiteSource integrates with your repositories, build tools and CI servers to become part of your SDLC and alert regarding security, quality and license compliance issues the minute a component is added to the software, thus reducing the cost and time to fix. WhiteSource also offers innovative shift left capabilities like a browser plug-in to help developers make better choices to begin with by showing vital information on each component while they are searching online repositories and integration to repositories like GitHub and JFrog Artifactory and JFrog Xray.

“WhiteSource’s integration means that Microsoft TFS customers will have greater control and visibility over their open source usage as our real-time security vulnerability alerts allows them to preemptively ensure open source components are secure and compliant with license requirements and company policy” said WhiteSource’s CEO and co-Founder, Rami Sass. “Microsoft’s continuous integration server is a major global platform and we’re proud to partner with Microsoft to offer native TFS integration.”

Microsoft’s Team Foundation Server, an enterprise-grade server for teams to share code, track work, and ship software — for any language, is one of the foremost platforms of its kind. It’s collaborative nature as a platform for shared projects makes it an ideal place for WhiteSource’s open source component management, allowing teams to save time and produce better code.

“We want users of Microsoft’s Visual Studio Team Services and Team Foundation Server to have access to the best industry solutions for open source management.” said Joe Bourne, Microsoft Visual Studio Team Services Program Manager. “We reached out to partner with WhiteSource because they are delivering the type of high quality OSS management experience our customers would expect. WhiteSource is a thought leader in the Rugged DevOps space and we are happy that this partnership will bring the confidence, time and money savings they deliver to their customers to Team Services customers as well.”

The WhiteSource extension for Microsoft’s Visual Studio Team Services and Team Foundation Server can be downloaded via the Visual Studio Marketplace.