Software development is moving faster than ever before, with new versions barreling through the pipeline out to customers at increasingly higher speed. Supporting this wave of coding innovation is the agile CI/CD workflow that allows for better collaboration between teams, embracing the potential for speed and efficiency that was promised by the DevOps movement.
As one of the major players in the CI/CD space, Atlassian’s Bitbucket Pipelines gives developers an easier way to automate their processes to speed up their pace.
Bitbucket announced today the launch of Pipes, a new way for developers to simplify the configuration of valuable third-party tools into their CI/CD pipeline.
The Evolution to Pipes
Pipes offers Bitbucket users the opportunity to add a wide variety of leading industry tools into their CI/CD workflow without the hassle of going through a long and complicated integration process.
Bitbucket users can easily integrate powerful tools like AWS S3, Azure Web Apps, NPM Publish, and many more from other providers. Pipes brings the services that they depend on into a single workflow with prepackaged .yaml formatted scripts to automate important tasks throughout the CI/CD workflow.
Today we are happy to announce that WhiteSource is joining the Pipes revolution, bringing our solution to securing and managing open source usage to Bitbucket users with a pipe integration of our own.
Available at no extra charge, WhiteSource customers can take advantage of this new opportunity to automate scans of their products with just a few clicks.
Getting Started With Pipes
Integrating WhiteSource into your Pipeline is just a matter of copying and pasting the WhiteSource Pipe into your Bitbucket Pipelines .yaml file. After adding your WhiteSource organization’s parameters such as URL, API key and the working directory, you are all set.
All information pertaining to open source security and licenses will be available on the WhiteSource dashboard.
How Software Composition Analysis Can Speed Up Development
Security was once viewed as a hindrance to software development, but today security solutions are starting to be adopted as a tool that enables developers as more organizations make the move to DevSecOps.
While solutions such as static analysis are growing in popularity for uncovering proprietary vulnerabilities, open source security is an increasing concern for organizations that are developing applications. Comprising between 60-80% of the code base in modern applications, open source components are quickly becoming a higher priority for security teams to tackle as developers depend on it more heavily for producing quality products on shorter timelines.
As software is being pushed through the CI/CD workflow, we want to test our code early and often in order to catch the vulnerabilities in our code before they pass the build stage. When we move our testing to the earlier stages, it prevents us from building our code on top of vulnerable components. Remediating vulnerabilities late in the game before a scheduled deployment can be far more expensive and frustrating, so earlier detection is definitely desired.
WhiteSource helps organizations shift left security testing for their open source component usage, quickly identifying all open source components in a product and notifying developers if there are any components with known vulnerabilities associated with them. These automated checks help developers by keeping vulnerable open source components from ever entering their products, enforcing policies according to an organization’s governance needs. Through continuous tracking of the open source components in your products, WhiteSource can alert on newly discovered vulnerabilities, pinpointing their location within the products to make for faster and more efficient remediations when necessary.
Open Source Management at Scale
In order to keep up with today’s development pace, developers must heavily rely on open source components. However, the increased usage of open source requires an automated solution the ensure software development teams will be able to manage inventory, ensure compliance of open source licenses and, most importantly, be able to detect open source components with known vulnerabilities.
Now with Pipes for Bitbucket, you can easily integrate WhiteSource into developers’ workflow, so that they can continue to work their magic while ensuring compliance and security at the speed of DevOps.