• Home
  • Product Info
  • News
  • WhiteSource Renovate Users Now Rewarded Through Google-Sponsored OpenSSF Program

WhiteSource Renovate Users Now Rewarded Through Google-Sponsored OpenSSF Program

WhiteSource Renovate (AKA Renovatebot) is now part of Scorecards 3.0. The Google Open Source Security (GOSS) Team further announced plans to integrate WhiteSource proactive dependency maintenance tool into its OpenSSF Allstar GitHub application.

TEL AVIV AND BOSTON – November 08, 2021 –WhiteSource, the leader in open source security and management, today announced that use of WhiteSource Renovate, its free developer tool for proactive dependency maintenance, will be rewarded through the Secure Open Source (SOS) pilot rewards program. The program, run by the Linux Foundation, is sponsored by Google as part of the company’s $10 billion pledge to cybersecurity defense in response to the recent Executive Order on Cybersecurity.

WhiteSource Renovate automates open source dependency updates, reducing risk by mitigating security vulnerabilities and saving developers’ time. The Renovate App has enabled a diverse user base across github.com and gitlab.com to keep dependencies up-to-date since 2018, and has generated millions of pull requests in the process. The inclusion of WhiteSource Renovate as a positive indicator in the OpenSSF and Google Secure Open Source Rewards program further solidifies its position as the leading open source dependency management solution for developers. 

“Open source components comprise between 60-80% of the codebase in modern applications,” said Rami Sass, Co-Founder and CEO of WhiteSource.“Unfortunately, open source projects are more attractive to hackers as their user base grows. Proactive dependency maintenance is the way forward for software organisations, because it helps prevent  vulnerabilities, as well as minimizing the cost of remediating them once found. WhiteSource’s proactive approach to application security is now endorsed as the industry standard through the Secure Open Source (SOS) rewards program.”

“Automated dependency management, along with comprehensive test coverage, is critical for keeping your dependencies up-to-date and preventing exploitation via known security vulnerabilities. WhiteSource Renovate is one of the tools recommended by OpenSSF’s Scorecard for proactive dependency management,” said Abhishek Arya, Principal Engineer and Manager, Google Open Source Security Team.

Learn more about WhiteSource Renovate >>

About WhiteSource

WhiteSource helps organizations accelerate‌ the development of secure software ‌at‌ ‌scale‌. We provide automated tools that help bridge the security knowledge gap, integrating easily into the software development life cycle and going beyond detection with a remediation-first approach. WhiteSource is built on the most comprehensive vulnerability database in the industry, providing the widest coverage for threats and attack vectors. Our solution helps enterprises like Microsoft, IBM, Comcast, Philips, and many more reduce security risk and increase the productivity of their security and development teams. For more information, visit www.whitesourcesoftware.com.

Contact Details: 

Shanie Weissman

Global Communications & Product Marketing Manager, WhiteSource


Meet The Author

Patricia Johnson

A technology and business leader with an experience in application development, infrastructure and security and with a strong focus on open source software. Patricia help companies to better manage their open source usage, so they can focus on building great products and maximize the benefits of open source.

Subscribe to Our Blog