Thousands of open source security vulnerabilities are discovered every year and from now on WhiteSource not only alerts you when known open source security vulnerabilities are discovered in your software, but it also provides actionable suggestions on how to fix them.
What remediation suggestions do we provide?
We provide links to patches, specific source files and newer versions that fix the issue, recommend code changes which block vulnerable methods and we even suggest changes to your system configuration that blocks exploitation.
So, how does it work?
Log into your WhiteSource account. Under the ‘reports’ tab select the ‘vulnerabilities’ report. You can see all discovered vulnerabilities, as well as our new ‘suggested fix’ column. Click on the CVE to see how you can remediate this vulnerability.
Before choosing your remediation path, you may want to click ‘show references’ button to see the CVE’s references to better understand the vulnerability.
The most effective fix will appear at the top of the ‘suggested fix’ list. However, other suggestions may be suitable depending on your system configuration or how you use the library. If that is the case, you can click on the star icon and mark it as a better option to help others.
If you want to export the vulnerabilities and its fixes, you can export it straight from the ‘vulnerabilities’ report using the ‘export’ button.
Check put our open source security page for more info about WhiteSource security solution.