Be Agile & Decrease Costs with Black Duck’s Visual Studio IDE Plugin

Be Agile & Decrease Costs with Black Duck’s Visual Studio IDE Plugin

In today’s application development world, developers rely heavily on open source to build applications smarter and bring them to market faster. The benefits of open source are clear, but dependence on open source also exposes applications to open source vulnerabilities and license compliance risks.

When Do You Address Risks?

Too many organizations become aware of these risks only after their applications are already built or shipped. Remediating those issues so late in the game is time consuming and expensive, four to five times more expensive than remediating during development according to the Systems Sciences Institute at IBM. If you change just one component, how many dependencies have you broken? At Black Duck we believe it’s never too early to address risks, and we help teams do so with integrations throughout the SDLC, including the IDE.

Microsoft’s Visual Studio is one of the most comprehensive and popular IDE platforms for development in the market. And with over 35% of developers using Visual Studio (according to Stack Overflow), it definitely sees a lot of open source code. Black Duck and Microsoft are working together to help these developers fix open source risks before they become a problem.

Shifting Left in Your SDLC

Black Duck’s new Hub plugin to Visual Studio IDE can scan your code as your team is developing it, immediately alerting you to any components with potential security risks. Think of it as a spell checker for open source components. Black Duck will tell you if a component is vulnerable or violates any open source use policies that you’ve set. More detailed information is only a click away in Black Duck Hub, where you can quickly find safer versions and select the one that works best for your needs. The plugin is a simple and unobtrusive tool, giving you the ability to make corrections as you develop without creating a new process that disrupts your work.

Earlier this year we released integrations into Visual Studio’s Team Services and Team Foundation Server, which allow automatic code scans as you build. Now, with the Hub plugin for Visual Studio IDE, Black Duck and Microsoft are helping teams be agile and secure by introducing open source management early in the SDLC, where it is easier and less costly to remediate vulnerabilities or license compliance risks found in open source components.

Black Duck Integrations for Microsoft Visual Studio

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Secure Cloud Deployments with Black Duck and Pivotal Cloud Foundry

| Jul 18, 2017

In the world of software, containers are changing everything. We can build and deploy applications rapidly and flexibly. We can deploy in the cloud; we can scale with incredible reliability. Entire industries are evolving to empower organizations to move from traditional application development to

| MORE >

Black Duck and Google Help Teams Build Cloud Apps with Confidence

| Jul 13, 2017

The way development teams build and deploy software is always changing. Recently, though, that trend has been more drastic. Today, the most productive development teams are using containers to build, deploy, and manage applications. Containers, in turn, have given those teams the flexibility and

| MORE >