Black Duck's Vulnerability Plugin for Jenkins Mitigates Risks Early in Software Development Cycle
FREMONT, CA: Black Duck, OSS logistics solution provider, announces the release of the free Black Duck Vulnerability Plugin for Jenkins. The new plugin extracts dependency data from the Jenkins build, identifies open source components used within projects, and highlights known vulnerabilities.
Black Duck’s Vulnerability Plugin automates discovery and catalogues specific versions of open source software (OSS) in use. Listing vulnerabilities in the early stages of software development saves developer time and resources which in turn helps to deliver better quality code and more secured applications. The plugin then identifies open source software containing known vulnerabilities and views the risk profile of the used OSS. With the data provided by the plugin developer gets visibility into the vulnerabilities in the software, focusing on which they can take immediate measure before finalizing it for production.
According to the National Vulnerability Database, more than 4,000 new vulnerabilities are reported in OSS each year, and thousands of these known vulnerabilities go unnoticed within a typical enterprise. By leveraging Black Duck’s KnowledgeBase and dependency data from Jenkins, the new free plugin streamlines the usually-tedious process of identifying open source components to instantly provide vulnerability and license data for open source projects.
“Continuous delivery increases the frequency of everything in the software development workflow and vulnerability detection is no exception. The Black Duck Vulnerability Plugin for Jenkins finds vulnerabilities early in the software development lifecycle, thereby accelerating the delivery of better quality code,” said Kohsuke Kawaguchi, Founder and CloudBees CTO, Jenkins.
Black Duck’s Vulnerability Plugin also generates an easy-to-share PDF report enabling development teams to work together with security teams. The plugin is free and runs for an unlimited amount of time.