Microsoft Visual Studio Extension Helps Developers Stay Agile & Secure

Black Duck Visual Studio Plugin Helps Developers Be Agile and Secure

There’s no question that Microsoft believes in the power of Open Source to help developers create better applications. Last year, GitHub reported that Microsoft had more contributors to open source projects than Facebook, Docker, or Google. Clearly, the wall between Microsoft development and open source development has fallen. In response to increasing demand, we at Black Duck are excited to introduce our latest integration, which gives developers the ability to scan and identify open source security and license risks as part of their build, test, and release pipelines within the Microsoft Visual Studio Team Services and Team Foundation Server (TFS) environments.

Why Open Source Vulnerability Management is Critical

More and more, developers are using open source to get the job done. Forrester Research recently reported that 80-90% of new application code is open source. Today, the use of open source in building applications provides a competitive advantage allowing organizations to bring better applications to market faster and more efficiently than ever.

But use of open source is not without risks. Many open source components have security vulnerabilities and license risks that can compromise your entire application. Even some of the most commonly used components, such as Apache Commons Collections and Spring Framework, have seen vulnerabilities that may leave your application open to exploit.

 For most organizations, manual tracking of the nearly 4000 new open source security vulnerabilities that are reported each year, not to mention the often-complex license obligations, is a nearly impossible task. Let’s face it, no sane developer wants to take the time to manually identify and review all the potential vulnerabilities in the components they use. 

Automated Vulnerability Management with Hub and TFS

The good news is that Black Duck will help. Last month Black Duck rolled out its integration into Microsoft’s Visual Studio Team Services and TFS to automate open source vulnerability management within the Microsoft continuous build and integration (CI) environment. The Black Duck Hub Microsoft Visual Studio extension can be triggered to automatically scan your project and quickly identify open source components throughout your code base, mapping them to known open source security vulnerabilities and license compliance risks. It can flag policy violations, track remediation progress, and continuously monitor your software projects for newly identified vulnerabilities, even after they’re released.

Visual Studio Team Foundation Server Extensions

This allows you to set lightweight open source use and security policies up front, automatically check for compliance against those policies as part of the build process, and configure specific actions such as team notifications or even build failures within TFS. Teams can maintain their agile development practices while ensuring that open source vulnerabilities are addressed prior to ship. 

Open source is the foundation of modern applications, and the importance of open source security has never been clearer. Black Duck’s partnership with Microsoft is bringing open source security automation into the SDLC, and we’re excited to be working with Microsoft on new solutions to help developers be both agile and secure. Stay tuned for more updates in the coming weeks.

Black Duck Integrations for Microsoft Visual Studio

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Secure Cloud Deployments with Black Duck and Pivotal Cloud Foundry

| Jul 18, 2017

In the world of software, containers are changing everything. We can build and deploy applications rapidly and flexibly. We can deploy in the cloud; we can scale with incredible reliability. Entire industries are evolving to empower organizations to move from traditional application development to

| MORE >

Black Duck and Google Help Teams Build Cloud Apps with Confidence

| Jul 13, 2017

The way development teams build and deploy software is always changing. Recently, though, that trend has been more drastic. Today, the most productive development teams are using containers to build, deploy, and manage applications. Containers, in turn, have given those teams the flexibility and

| MORE >

Manage Custom and Open Source with HPE Security Integrations

| Jun 13, 2017

Developers don’t limit themselves to one method when building applications. They pull from third party libraries, build custom code for themselves, and rely heavily on open source. As a proponent for open source, I think it's important to recognize its prevalence in software development today.

| MORE >