- WhiteSource Renovate (AKA Renovatebot) is now part of Scorecards 3.0. The Google Open Source Security (GOSS) Team further announced plans to integrate WhiteSource proactive dependency maintenance tool into its OpenSSF Allstar GitHub application.
TEL AVIV, Israel and BOSTON, Nov. 8, 2021 /PRNewswire/ -- WhiteSource, the leader in open source security and management, today announced that use of WhiteSource Renovate, its free developer tool for proactive dependency maintenance, will be rewarded through the Secure Open Source (SOS) pilot rewards program. The program, run by the Linux Foundation, is sponsored by Google as part of the company's $10 billion pledge to cybersecurity defense in response to the recent Executive Order on Cybersecurity.
WhiteSource Renovate automates open source dependency updates, reducing risk by mitigating security vulnerabilities and saving developers' time. The Renovate App has enabled a diverse user base across github.com and gitlab.com to keep dependencies up-to-date since 2018, and has generated millions of pull requests in the process. The inclusion of WhiteSource Renovate as a positive indicator in the OpenSSF and Google Secure Open Source Rewards program further solidifies its position as the leading open source dependency management solution for developers.
"Open source components comprise between 60-80% of the codebase in modern applications," said Rami Sass, Co-Founder and CEO of WhiteSource."Unfortunately, open source projects are more attractive to hackers as their user base grows. Proactive dependency maintenance is the way forward for software organisations, because it helps prevent vulnerabilities, as well as minimizing the cost of remediating them once found. WhiteSource's proactive approach to application security is now endorsed as the industry standard through the Secure Open Source (SOS) rewards program."
"Automated dependency management, along with comprehensive test coverage, is critical for keeping your dependencies up-to-date and preventing exploitation via known security vulnerabilities. WhiteSource Renovate is one of the tools recommended by OpenSSF's Scorecard for proactive dependency management," said Abhishek Arya, Principal Engineer and Manager, Google Open Source Security Team.
WhiteSource helps organizations accelerate the development of secure software at scale. We provide automated tools that help bridge the security knowledge gap, integrating easily into the software development life cycle and going beyond detection with a remediation-first approach. WhiteSource is built on the most comprehensive vulnerability database in the industry, providing the widest coverage for threats and attack vectors. Our solution helps enterprises like Microsoft, IBM, Comcast, Philips, and many more reduce security risk and increase the productivity of their security and development teams. For more information, visit www.whitesourcesoftware.com.