WhiteSource can now automatically detect and fix security vulnerability in Docker images and binary packages published to GitHub Packages
TEL AVIV, Israel, Nov. 13, 2019 /PRNewswire/ — WhiteSource, the leader in open source security and license compliance management, announced today support for GitHub Packages and with it the ability to automate container security.
GitHub customers who publish Docker images and packages to GitHub Packages can now automatically detect open source components with known vulnerabilities with WhiteSource’s new GitHub Security Action.
The new workflow enables GitHub customers to get security alerts on Docker images and packages within their GitHub UI, so developers can be notified on vulnerabilities in their applications earlier in the process when it is easier and quicker to fix.
“Automating Docker image and package vulnerability identification and remediation through GitHub Action and Packages will help developers and enterprises reduce time and resources spent securing their code” said Jeremy Epling, Senior Director of Product Management at GitHub. “We are happy to see WhiteSource deliver this solution through the GitHub Marketplace.”
“GitHub customers can now integrate the scanning of Docker images into their CI/CD pipeline, automating the security of these images and their associated deployed containers,” said David Habusha, VP Product of WhiteSource, “once scanned, the results of the scan can then be managed with WhiteSource’s various industry-leading reporting, policy, and notification options.”
WhiteSource is the pioneer of open source security and license compliance management. Founded in 2011, its vision is to empower businesses to develop better software by harnessing the power of open source. WhiteSource is used by more than 800 customers worldwide, from all verticals, and sizes, including 23% of Fortune 100 companies, as well as industry leaders such as Microsoft, IBM, Comcast and many more. For more information, please visit WhiteSourceSoftware.com