Tech News

Black Duck’s Free Tool Digs Out Open Source Bugs

this week launched Safety Checker, a free device based mostly on the corporate’s Hub open supply safety answer.

Black Duck's Free Tool Digs Out Open Source Bugs

Safety Checker is a drag-and-drop, Net-based device that enables customers to find out if identified open supply vulnerabilities exist within the parts used to construct purposes. It scans the code in an uploaded archive file or Docker picture and offers a report displaying the recognized open supply code and identified bugs.

The utmost file measurement for a Safety Checker scan is 100 MB, and it takes about quarter-hour from begin to end, in keeping with Black Duck.

“Customers choose and scan an archive or picture of their alternative and inside minutes obtain an in depth report offering them with a full itemizing of open supply parts and vulnerabilities, together with severities, descriptions, CVE numbers and hyperlinks to extra info within the Nationwide Vulnerability Database,” mentioned Patrick Carey, director of product administration for Black Duck.

Ubiquitous Open Source

The discharge of the device comes on the heels of a

Black Duck issued earlier this month based mostly on information from open supply safety audits of 200 industrial purposes its On-Demand enterprise unit performed.

Use of open supply in software growth is widespread, in keeping with the report, which highlighted the challenges of securing and managing the open supply in use.

Sixty-seven p.c of audited purposes contained identified open supply safety vulnerabilities, greater than a 3rd of the bugs recognized have been extreme, and 10 p.c of the purposes contained the Heartbleed vulnerability, the report discovered.

Checker’s Capabilities

Safety Checker lets builders rapidly and simply test their very own code bases. They will see the place they stand and take step one towards managing and securing open supply of their environments.

Safety Checker makes use of Black Duck Hub’s clever scanning and data base of greater than 1.5 million initiatives to search out open supply parts and vulnerabilities that go undetected by instruments that merely report open supply as declared, Carey informed LinuxInsider. Safety Checker lets builders know what is definitely of their code.

It permits customers to scan as much as three archives which are 100 MB or much less in measurement.

Groups that need an open supply administration answer with extra capabilities can attempt Black Duck Hub free for 14 days.

Utility builders typically use code from different sources to simplify repetitive duties and velocity the general course of, however it’s tough to maintain up with the rising tide of associated safety alerts, in keeping with Charles King, principal analyst at .

“That’s the place code-analysis instruments like Black Duck’s new providing come in useful. By offering a device that leverages a regularly up to date record of safety flaws, the corporate goals to alleviate builders from drudge work and in addition make their code safer. Each of these are admirable objectives,” he informed LinuxInsider.

Good and Unhealthy

The principle benefit of such instruments is ease of use. The principle limitation is {that a} device is barely as efficient as its creators’ record of vulnerabilities. Utilizing a given device implies that you just belief the seller to remain alert and on the job, famous King.

Builders have “a ton of different related choices on the market,” he mentioned. By providing a free scanner, Black Duck can draw consideration to its different merchandise.

“If the brand new device delivers what the corporate guarantees, it’s going to assist put the corporate in good stead with buyer builders. Glad clients are typically repeat clients,” King mentioned.

Endgame Issues

Black Duck’s aim is to assist the trade clear up the issues revealed by the open supply safety audits. It’s clear that almost all purposes rely closely on open supply. Nevertheless, many include untracked open supply, leading to undetected vulnerabilities, mentioned Black Duck’s Carey.

“That is dangerous for groups constructing purposes in addition to customers who depend on these purposes. Consciousness is a vital first step,” he mentioned.

Safety Checker will present eye-opening outcomes for a lot of groups and hopefully encourage them to take steps to raised monitor and handle open supply vulnerabilities of their code, Carey mentioned. That may result in safer purposes.
Black Duck's Free Tool Digs Out Open Source Bugs


Back to top button