Black Duck CoPilot is Now General Availability!

CoPilot GA

With the GA release of CoPilot, the genesis of the an idea developed by a couple of Black Duck developers who are open source contributors comes to fruition. Read how their idea developed. The Black Duck CoPilot GA version 1.0 is available after months of feedback in Beta. We also recently completed the product workflow by adding pull request capability. CoPilot is Black Duck’s quick, light-weight publicly-facing free application that allows owners of open source projects on GitHub to monitor security risk for their open source components.

CoPilot uses Black Duck Hub Detect behind the scenes to integrate with a user’s build system to surface the dependencies of a project. It displays the generated component bill of materials in its user interface, along with security risk information.

It also provides a badge with embed code to link back to the full results for users to post on their GitHub project. The Black Duck badge shows consumers of the open source projects that the producer is a responsible producer of open source by completing regular scans and remediating security vulnerabilities.

New Features in CoPilot

The new features added with this general availability release complete the solution by providing insight into the security vulnerabilities before merging them back into the main branch. CoPilot builds can now analyze pull requests from GitHub! Before you approve a pull request, CoPilot informs you which components will be added or removed, and how that affects your security risk level.   Here is an example of what the pull request information looks like:

CoPilot Black Duck Security Report

CoPilot Pending Checks and Merge

CoPilot Successful Checks

Beta Builds Better

Based on beta user feedback we made the security scoring more granular and improved branch tracking. CoPilot now provides a detailed score to describe the risk of the OSS project, using a scale of 1 to 10, where 10 is the most secure. Your results include an explanation of how you lost points and how to improve your score.

CoPilot Security Vulnerability Report Information

This is the new badge format that links to the report:

CoPilot Badge Format LInking to the Report

It also provides a badge with embed code to link back to the full results for users to post on their GitHub project. The Black Duck badge below shows consumers of the open source projects that the producer is a responsible producer of open source by completing regular scans and remediating security vulnerabilities.

CoPilot Badge

Demonstrationg CoPilot at GitHub Universe

CoPilot also now automatically deletes results for branches and pull requests that are deleted or closed on GitHub, providing a consistent view between CoPilot and GitHub repositories.

The Black Duck engineering team demonstrated CoPilot version 1.0 at GitHub Universe in October to positive reviews. Give it a try and let us know what you think! https://copilot.blackducksoftware.com/

 

 

 

  

 

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Manage Security Risk in GitHub Open Source Projects with CoPilot

| Jan 11, 2018

  CoPilot is a publicly-facing free application that allows owners of open source projects on GitHub to monitor security risk associated with used components as part of their Git Flow development process. CoPilot supports a variety of CI/CD tools such as Travis and a variety of languages including

| MORE >