Open source and DevOps have been a boon to software development. Nevertheless, sneaky hackers understand—and exploit—the fact that reusable code also means reusable vulnerabilities to distribute throughout the global software supply chain. To aid developers in navigating this new threat landscape, SourceClear announced a new product, SourceClear Open, a cloud service that tracks thousands of threat sources and analyzes millions of open-source library releases.

In explaining the need for SourceClear Open, the company notes that developers are held increasingly accountable for security, which creates demand for tools that help them with this responsibility. Unfortunately, traditional security products are insufficient, and public and government-backed software vulnerability databases have limitations. The SourceClear Open tool vaults beyond these databases, enabling developers to identify what open-source libraries they are using, what vulnerabilities exist, which vulnerabilities actually matter, and what needs to be done to fix them. And, perhaps most important, SourceClear Open integrates with the tools (GitHub and Jenkins) and supports the languages (Java, Ruby, Python and JavaScript) upon which development teams rely.

Load Disqus comments

Corporate Patron

Linode Logo


Pulseway Logo

Limited Time Offer

September Cover


Take Linux Journal for a test drive. Download our September issue for FREE.

Topic of the Week


The cloud has become synonymous with all things data storage. It additionally equates to the many web-centric services accessing that same back-end data storage, but the term also has evolved to mean so much more.