Offering Supports Popular Languages and Connects to Leading Development Tools; Identifies and Prioritizes Vulnerabilities and Licensing Issues; Gives Detailed Fixes
SAN FRANCISCO, May 9, 2016 – SourceClear, the security company for software developers, today announced a free security tool, SourceClear Open, for teams building with open source. Available immediately at no cost and delivered as a cloud service, the new tool enables developers to identify what open-source libraries they are using, what vulnerabilities exist, which vulnerabilities actually matter, and what needs to be done to fix them. SourceClear Open complements SourceClear’s products that are currently deployed by some of the world’s largest companies, including BAE Systems, The Gap, DataStax and Zendesk.
“I have spent 15 years watching talented, hardworking developers reinvent the world and then roll their eyes when asked to use traditional security tools. Developers always want to do the right thing, but have been faced with tools that generate more noise than signal. It became increasingly hard not to be frustrated by the status quo, so I decided to do something about it,” said Mark Curphey, CEO of SourceClear. “We’ve designed the SourceClear products specifically for teams of developers. With this release, we are ‘giving back’ to the community that helps us all build amazing software.”
SourceClear connects easily with existing tool chains (languages, frameworks and build tools), and is a critical component of modern development processes. Powered by data science, a dedicated research team and a community research program, SourceClear identifies vulnerabilities well beyond those found in public and government databases. Tracking thousands of threat sources and analyzing millions of open-source library releases, SourceClear detects disclosed and emerging security threats.
“Open source and DevOps have transformed the way we build software, and developers are being held even more accountable for security. With that responsibility, developers want tools that bring immediate value and don’t slow them down,” said John Viega, author of many security books, including the first book for developers on how to write secure software. “SourceClear delivers the information that developers need to view, understand, prioritize, and fix vulnerabilities that matter. That’s a powerful value proposition.”
Integrated with developer tools like GitHub and Jenkins and supporting popular languages such as Java, Ruby, Python and JavaScript, SourceClear can be connected to repos, build systems or a developer’s desktop in minutes. SourceClear offers teams the flexibility to look at their code base or drill into specific repos, builds, branches or tags. Teams can share data and send results to issue tracking systems like JIRA. Developers and their security teams always have complete control as source code never leaves their networks, and analysis and results are always encrypted when being transmitted and stored.
In addition to GitHub and Jenkins, SourceClear integrates with other leading source control management systems, including Bitbucket Server, GitHub Enterprise and OSS Git. SourceClear’s native build plugins for Gradle, Jenkins and Maven, as well as package managers like Bower, Bundler, NPM and PIP, ensure complete coverage every time a build is run.
In addition to Open, SourceClear includes:
- Registry: A free database of security knowledge in the world’s open-source libraries and frameworks, including a complete list of all publicly disclosed vulnerabilities.
- Pro: Combines all of the functionality in Open with additional premium features and support to help both developers and security teams prioritize, manage and fix real security issues – drastically reducing false positives.
- Enterprise: Extends the features found in Pro for large enterprise implementations with complex requirements.
About SourceClear
SourceClear is the security company for software developers. We are a team of software and security engineers helping software engineering teams build software, safely. We take care of security for open-source and third-party code so our customers can focus on their business: shipping features and delighting users. Headquartered in San Francisco, California, and with an office in Singapore, SourceClear is backed by Index Ventures and Storm Ventures. For more information, visit us at: https://srcclr.com.