We’ve made some improvements to how the SourceClear agent can be configured that make it easier for running inside continuous integration environments.
Scanning a specific branch or tag in your projects just got a whole lot easier. If you use feature branches, development branches, release tags, or even use branches to separate different projects in the same repository, you can now specify any existing branch or tag for your SourceClear scans.
Integrating SourceClear with your issue tracker makes fixing and updating things a breeze. In addition to our JIRA integration, you can now create GitHub Issues directly from your vulnerability reports.
These new issues will automatically include:
SourceClear now supports Vulnerable Method detection for both Java and Python projects. In addition to notifying you of the vulnerable libraries you’re using, we will now let you know exactly where you are using the vulnerable code. Of course, if it turns out you’re not actually vulnerable, we’ll let you know that too. More signal, less noise.
Maintaining software is hard. Modern software applications use dozens of open-source libraries, ultimately relying on 100+ libraries to work their magic. Thankfully, keeping your dependencies up to date and clear of security vulnerabilities is made easy with SourceClear. Today we have made it even easier to fix issues you find with SourceClear through our JIRA integration.
For every vulnerability we find in your projects you’re a click away from opening a JIRA ticket - complete with information on how to fix it. Keeping those dependencies up to date with the latest security fixes has never been easier.
Since our launch in May, we’ve made a ton of enhancements to SourceClear to make open-source software safer every day. Thanks to everyone who shared feedback and ideas, keep it coming!
In addition to adding hundreds of security vulnerabilities to the SourceClear Registry, here are some key improvements we’ve made recently: