The SourceClear Blog

Easier Configuration for Continuous Integration

Posted By: Sean Kinzer
September 14, 2016

We’ve made some improvements to how the SourceClear agent can be configured that make it easier for running inside continuous integration environments.


Introducing Branch & Tag Specific Scanning

Posted By: Sean Kinzer
September 12, 2016

Scanning a specific branch or tag in your projects just got a whole lot easier. If you use feature branches, development branches, release tags, or even use branches to separate different projects in the same repository, you can now specify any existing branch or tag for your SourceClear scans.


Create GitHub issues directly from SourceClear

Posted By: Brian Doll
August 10, 2016

Integrating SourceClear with your issue tracker makes fixing and updating things a breeze. In addition to our JIRA integration, you can now create GitHub Issues directly from your vulnerability reports.

These new issues will automatically include:

  • Which library is vulnerable
  • The nature of the dependency (direct or transitive)
  • The recommended safe version to upgrade to
  • A code block that includes the suggested fix


Vulnerable Method detection now available for Python projects

Posted By: Darius Foo & Paul Ambrosini
August 2, 2016

SourceClear now supports Vulnerable Method detection for both Java and Python projects. In addition to notifying you of the vulnerable libraries you’re using, we will now let you know exactly where you are using the vulnerable code. Of course, if it turns out you’re not actually vulnerable, we’ll let you know that too. More signal, less noise.


Fix vulnerabilities fast - create JIRA issues directly from SourceClear

Posted By: Brian Doll
July 28, 2016

Maintaining software is hard. Modern software applications use dozens of open-source libraries, ultimately relying on 100+ libraries to work their magic. Thankfully, keeping your dependencies up to date and clear of security vulnerabilities is made easy with SourceClear. Today we have made it even easier to fix issues you find with SourceClear through our JIRA integration.

For every vulnerability we find in your projects you’re a click away from opening a JIRA ticket - complete with information on how to fix it. Keeping those dependencies up to date with the latest security fixes has never been easier.


JSON output, Registry CLI, proxy support, and more

Posted By: Brian Doll
July 19, 2016

Since our launch in May, we’ve made a ton of enhancements to SourceClear to make open-source software safer every day. Thanks to everyone who shared feedback and ideas, keep it coming!

In addition to adding hundreds of security vulnerabilities to the SourceClear Registry, here are some key improvements we’ve made recently: