Be Agile & Decrease Costs with Black Duck’s Visual Studio IDE Plugin

Be Agile & Decrease Costs with Black Duck’s Visual Studio IDE Plugin

In today’s application development world, developers rely heavily on open source to build applications smarter and bring them to market faster. The benefits of open source are clear, but dependence on open source also exposes applications to open source vulnerabilities and license compliance risks.

When Do You Address Risks?

Too many organizations become aware of these risks only after their applications are already built or shipped. Remediating those issues so late in the game is time consuming and expensive, four to five times more expensive than remediating during development according to the Systems Sciences Institute at IBM. If you change just one component, how many dependencies have you broken? At Black Duck we believe it’s never too early to address risks, and we help teams do so with integrations throughout the SDLC, including the IDE.

Microsoft’s Visual Studio is one of the most comprehensive and popular IDE platforms for development in the market. And with over 35% of developers using Visual Studio (according to Stack Overflow), it definitely sees a lot of open source code. Black Duck and Microsoft are working together to help these developers fix open source risks before they become a problem.

Shifting Left in Your SDLC

Black Duck’s new Hub plugin to Visual Studio IDE can scan your code as your team is developing it, immediately alerting you to any components with potential security risks. Think of it as a spell checker for open source components. Black Duck will tell you if a component is vulnerable or violates any open source use policies that you’ve set. More detailed information is only a click away in Black Duck Hub, where you can quickly find safer versions and select the one that works best for your needs. The plugin is a simple and unobtrusive tool, giving you the ability to make corrections as you develop without creating a new process that disrupts your work.

Earlier this year we released integrations into Visual Studio’s Team Services and Team Foundation Server, which allow automatic code scans as you build. Now, with the Hub plugin for Visual Studio IDE, Black Duck and Microsoft are helping teams be agile and secure by introducing open source management early in the SDLC, where it is easier and less costly to remediate vulnerabilities or license compliance risks found in open source components.

Black Duck Integrations for Microsoft Visual Studio

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Build Fast and Stay Secure from Dev to Ops with DevSecOps

| Nov 29, 2017

  DevOps has changed the way we think about software. As DevOps tools and techniques like continuous integration and continuous delivery continue to transform and speed the process of building and deploying applications, our security practices need to keep pace.   By building application

| MORE >

AWS + Black Duck Adds Security for Cloud-build Environments

| Nov 28, 2017

It would be crazy these days to deny the increasing importance of cloud infrastructure in software. Organizations and individuals alike are building and releasing software faster than ever before, containerizing applications and moving to cloud deployments in droves. Perhaps less apparent is the

| MORE >

Next Level Container Vulnerability Management with OpsSight

| Nov 8, 2017

With the rise of container orchestration platforms, we’ve seen IT operations teams deploying and running hundreds or even thousands of containers at any given time. This rapid deployment surfaces challenges in validating the contents and security of container images being deployed. Last year we

| MORE >