What is WhiteSource Bolt?

WhiteSource Bolt is an open source security and management platform designed to help organizations control and secure the open source components in their software projects. It works by automatically detecting all open source dependencies in code repositories and build environments, identifying security vulnerabilities, outdated libraries, and license compliance issues.

Key features of WhiteSource Bolt include:

• Comprehensive open source inventory - Detects all open source components, including transitive dependencies, in languages like JavaScript, Python, Java, C#, C/C++, Ruby, and more.
• Automatic security vulnerability monitoring - Continuously cross-checks libraries against WhiteSource's comprehensive vulnerability database which aggregates multiple public databases like NVD and security researchers.
• Prioritized remediation guidelines - Provides actionable remediation guidance, risk levels, and additional context to help teams quickly fix vulnerabilities.
• License compliance - Checks dependencies against SPDX license policies to avoid compliance issues and legal risks.
• Dependency graph - Visualizes dependencies between open source libraries with an interactive graph to provide greater visibility into potential impact.
• Lightweight and fast - Installs in minutes via lightweight agents with minimal impact on the development process.
• IDE integrations - Supports integrations with IDEs like Visual Studio, Eclipse and IntelliJ to streamline workflow.
• Web UI dashboards and alerts - Enables tracking metrics and trends on open source usage and monitoring status through customizable dashboards, reports and alerts.

Overall, WhiteSource Bolt provides comprehensive visibility and control over open source usage, automated security monitoring, and guidance to help organizations control risk and optimize usage of open source components.

Official Links