Microsoft Visual Studio Extension Helps Developers Stay Agile & Secure

Black Duck Visual Studio Plugin Helps Developers Be Agile and Secure

There’s no question that Microsoft believes in the power of Open Source to help developers create better applications. Last year, GitHub reported that Microsoft had more contributors to open source projects than Facebook, Docker, or Google. Clearly, the wall between Microsoft development and open source development has fallen. In response to increasing demand, we at Black Duck are excited to introduce our latest integration, which gives developers the ability to scan and identify open source security and license risks as part of their build, test, and release pipelines within the Microsoft Visual Studio Team Services and Team Foundation Server (TFS) environments.

Why Open Source Vulnerability Management is Critical

More and more, developers are using open source to get the job done. Forrester Research recently reported that 80-90% of new application code is open source. Today, the use of open source in building applications provides a competitive advantage allowing organizations to bring better applications to market faster and more efficiently than ever.

But use of open source is not without risks. Many open source components have security vulnerabilities and license risks that can compromise your entire application. Even some of the most commonly used components, such as Apache Commons Collections and Spring Framework, have seen vulnerabilities that may leave your application open to exploit.

 For most organizations, manual tracking of the nearly 4000 new open source security vulnerabilities that are reported each year, not to mention the often-complex license obligations, is a nearly impossible task. Let’s face it, no sane developer wants to take the time to manually identify and review all the potential vulnerabilities in the components they use. 

Automated Vulnerability Management with Hub and TFS

The good news is that Black Duck will help. Last month Black Duck rolled out its integration into Microsoft’s Visual Studio Team Services and TFS to automate open source vulnerability management within the Microsoft continuous build and integration (CI) environment. The Black Duck Hub Microsoft Visual Studio extension can be triggered to automatically scan your project and quickly identify open source components throughout your code base, mapping them to known open source security vulnerabilities and license compliance risks. It can flag policy violations, track remediation progress, and continuously monitor your software projects for newly identified vulnerabilities, even after they’re released.

Visual Studio Team Foundation Server Extensions

This allows you to set lightweight open source use and security policies up front, automatically check for compliance against those policies as part of the build process, and configure specific actions such as team notifications or even build failures within TFS. Teams can maintain their agile development practices while ensuring that open source vulnerabilities are addressed prior to ship. 

Open source is the foundation of modern applications, and the importance of open source security has never been clearer. Black Duck’s partnership with Microsoft is bringing open source security automation into the SDLC, and we’re excited to be working with Microsoft on new solutions to help developers be both agile and secure. Stay tuned for more updates in the coming weeks.

Black Duck Integrations for Microsoft Visual Studio

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Atlassian Bamboo & JIRA Plugins Help Teams Build Fast and Secure

| May 10, 2017

Building Tools to Enable Software Development Teams Atlassian is one of the most impressive success stories in the DevOps landscape today. With tools such as Bamboo CI to help developers manage continuous delivery pipelines and JIRA to automate developer workflow processes, Atlassian plays an

| MORE >

New Audit Report Shows Open Source Management Gaps Remain a Problem

| Apr 19, 2017

Taking a look at the findings in the 2017 Open Source Security and Risk Analysis Report  Black Duck is a company that thrives off data. In fact, it's essential to our business. I'm constantly impressed by the amount of data that we collect and the level to which our employees embrace the

| MORE >