DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Where Does Observability Stand Today, and Where is it Going Next?
  • Five Great DevOps Job Opportunities
  • 5 Technologies Powering Cloud Optimization
  • Azure Migration Strategy: Tools, Costs and Best Practices
  • Blameless Integrates Incident Management Platform With Opsgenie

Home » News » SourceClear Launches Free Security Product for Development Teams Building with Open-Source Libraries and Frameworks

SourceClear Launches Free Security Product for Development Teams Building with Open-Source Libraries and Frameworks

Avatar photoBy: Miles Blatstein on May 9, 2016 1 Comment

 Offering Supports Popular Languages and Connects to Leading Development Tools; Identifies and Prioritizes Vulnerabilities and Licensing Issues; Gives Detailed Fixes

Recent Posts By Miles Blatstein
  • New Alluxio Release Accelerates Cloud Deployments for Analytics and Machine Learning
  • New Survey Identifies Major Gaps in Fast Data Use Despite Large Corporate Investments
  • Quali CloudShell 7.0 Helps Businesses Deliver Applications Faster with Public, Private, and Hybrid Cloud Support and Powerful Sandboxing Features
Avatar photo More from Miles Blatstein
Related Posts
  • SourceClear Launches Free Security Product for Development Teams Building with Open-Source Libraries and Frameworks
  • Black Duck, HPE Partner to Protect Open Source
  • Open Source software license and security management with WhiteSource
    Related Categories
  • Latest News Releases
    Related Topics
  • devops
  • security
  • sourceclear
Show more
Show less

SAN FRANCISCO, May 9, 2016 – SourceClear, the security company for software developers, today announced a free security tool, SourceClear Open, for teams building with open source. Available immediately at no cost and delivered as a cloud service, the new tool enables developers to identify what open-source libraries they are using, what vulnerabilities exist, which vulnerabilities actually matter, and what needs to be done to fix them. SourceClear Open complements SourceClear’s products that are currently deployed by some of the world’s largest companies, including BAE Systems, The Gap, DataStax and Zendesk.

TechStrong Con 2023Sponsorships Available

“I have spent 15 years watching talented, hardworking developers reinvent the world and then roll their eyes when asked to use traditional security tools. Developers always want to do the right thing, but have been faced with tools that generate more noise than signal. It became increasingly hard not to be frustrated by the status quo, so I decided to do something about it,” said Mark Curphey, CEO of SourceClear. “We’ve designed the SourceClear products specifically for teams of developers. With this release, we are ‘giving back’ to the community that helps us all build amazing software.”

SourceClear connects easily with existing tool chains (languages, frameworks and build tools), and is a critical component of modern development processes. Powered by data science, a dedicated research team and a community research program, SourceClear identifies vulnerabilities well beyond those found in public and government databases. Tracking thousands of threat sources and analyzing millions of open-source library releases, SourceClear detects disclosed and emerging security threats.

“Open source and DevOps have transformed the way we build software, and developers are being held even more accountable for security. With that responsibility, developers want tools that bring immediate value and don’t slow them down,” said John Viega, author of many security books, including the first book for developers on how to write secure software. “SourceClear delivers the information that developers need to view, understand, prioritize, and fix vulnerabilities that matter. That’s a powerful value proposition.”

Integrated with developer tools like GitHub and Jenkins and supporting popular languages such as Java, Ruby, Python and JavaScript, SourceClear can be connected to repos, build systems or a developer’s desktop in minutes. SourceClear offers teams the flexibility to look at their code base or drill into specific repos, builds, branches or tags. Teams can share data and send results to issue tracking systems like JIRA. Developers and their security teams always have complete control as source code never leaves their networks, and analysis and results are always encrypted when being transmitted and stored.

In addition to GitHub and Jenkins, SourceClear integrates with other leading source control management systems, including Bitbucket Server, GitHub Enterprise and OSS Git. SourceClear’s native build plugins for Gradle, Jenkins and Maven, as well as package managers like Bower, Bundler, NPM and PIP, ensure complete coverage every time a build is run.

In addition to Open, SourceClear includes:

  • Registry: A free database of security knowledge in the world’s open-source libraries and frameworks, including a complete list of all publicly disclosed vulnerabilities.
  • Pro: Combines all of the functionality in Open with additional premium features and support to help both developers and security teams prioritize, manage and fix real security issues – drastically reducing false positives.
  • Enterprise: Extends the features found in Pro for large enterprise implementations with complex requirements.

About SourceClear

SourceClear is the security company for software developers. We are a team of software and security engineers helping software engineering teams build software, safely. We take care of security for open-source and third-party code so our customers can focus on their business: shipping features and delighting users. Headquartered in San Francisco, California, and with an office in Singapore, SourceClear is backed by Index Ventures and Storm Ventures. For more information, visit us at: https://srcclr.com.

Filed Under: Latest News Releases Tagged With: devops, security, sourceclear

« Hello, Security. Meet Agile
London Calling: DevOps Enterprise Summit and DevOps Connect: CD Connect/Jenkins Days, 2 for 1 »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Automating Day 2 Operations: Best Practices and Outcomes
Tuesday, February 7, 2023 - 3:00 pm EST
Shipping Applications Faster With Kubernetes: Myth or Reality?
Wednesday, February 8, 2023 - 1:00 pm EST
Why Current Approaches To "Shift-Left" Are A DevOps Antipattern
Thursday, February 9, 2023 - 1:00 pm EST

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

Latest from DevOps.com

Azure Migration Strategy: Tools, Costs and Best Practices
February 3, 2023 | Gilad David Maayan
Blameless Integrates Incident Management Platform With Opsgenie
February 3, 2023 | Mike Vizard
OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing
February 2, 2023 | Richi Jennings
Red Hat Brings Ansible Automation to Google Cloud
February 2, 2023 | Mike Vizard
Three Trends That Will Transform DevOps in 2023
February 2, 2023 | Dan Belcher

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

Most Read on DevOps.com

OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing
February 2, 2023 | Richi Jennings
New Relic Bolsters Observability Platform
January 30, 2023 | Mike Vizard
Jellyfish Adds Tool to Visualize Software Development Workflows
January 31, 2023 | Mike Vizard
Cisco AppDynamics Survey Surfaces DevSecOps Challenges
January 31, 2023 | Mike Vizard
Automation Challenges Holding DevOps Back
February 1, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.