Short Bytes: SourceClear’s Open is a new tool to find potential threats in the open source code. This tool works for different platforms and frameworks like Django, Git, Bundler etc. Scanning report comes in the form of an analytics, using which a developer can also troubleshoot the buggy problems in the code.
If we take a look at the public data which tells about the potential threats in the open source code, it is just like the tip of the iceberg. Not enough available information about the threats has given birth to hidden vulnerabilities. And that’s what the SourceClear is trying to address using this new tool.
Before building this security tool, they had to build a list of vulnerability data possible. In building so, they used public databases and also, data from the millions of libraries.
Besides being compatible with these languages and frameworks, they are also compatible with many development tools such as Git, Jira, Bitbucket, Jenkins, Maven, Bower, Gradle, NPM, RubyGems, Bundler, CLI, Github, GitLab etc.
It also offers CLI (Command Line Interface) to scan quickly or automating the scans using plugins for Maven, Gradle, Jenkins etc.
Once the potential threats scan has been done, you can also analyze the result. The analysis report can also be seen against repos, branches, tags or any combination. Besides, it also takes care of the libraries in use, their dependencies, their sources, authors, licenses etc.
Using the analytical report, a developer can fix those issues as the analytical report also shows concise actionable guidelines regarding the integration, technical faults, and wrong methods etc.