Posted by: Sean Kinzer - product

Safe code with every build - Using SourceClear with Travis-CI

The best way to keep your projects clean of vulnerabilities is to scan them with every build. In this guide, I’ll show you how to use the SourceClear Jenkins plugin to scan your code automatically with every Travis-CI build.

In this guide I’ll be using the SourceClear CLI Agent, but you can also integrate SourceClear directly into your projects using the Maven and Gradle plugins. The CLI is highly scriptable and is capable of scanning any of our supported languages and frameworks (Java, Ruby, Python, Node.js).

Posted by: Brian Doll - product

Create GitHub issues directly from SourceClear

Integrating SourceClear with your issue tracker makes fixing and updating things a breeze. In addition to our JIRA integration, you can now create GitHub Issues directly from your vulnerability reports.

These new issues will automatically include:

  • Which library is vulnerable
  • The nature of the dependency (direct or transitive)
  • The recommended safe version to upgrade to
  • A code block that includes the suggested fix

Posted by: Brian Doll - product

Fix vulnerabilities fast - create JIRA issues directly from SourceClear

Maintaining software is hard. Modern software applications use dozens of open-source libraries, ultimately relying on 100+ libraries to work their magic. Thankfully, keeping your dependencies up to date and clear of security vulnerabilities is made easy with SourceClear. Today we have made it even easier to fix issues you find with SourceClear through our JIRA integration.

For every vulnerability we find in your projects you’re a click away from opening a JIRA ticket - complete with information on how to fix it. Keeping those dependencies up to date with the latest security fixes has never been easier.