Open source and DevOps have been a boon to software development. Nevertheless, sneaky hackers understand—and exploit—the fact that reusable code also means reusable vulnerabilities to distribute throughout the global software supply chain. To aid developers in navigating this new threat landscape, SourceClear announced a new product, SourceClear Open, a cloud service that tracks thousands of threat sources and analyzes millions of open-source library releases.

In explaining the need for SourceClear Open, the company notes that developers are held increasingly accountable for security, which creates demand for tools that help them with this responsibility. Unfortunately, traditional security products are insufficient, and public and government-backed software vulnerability databases have limitations. The SourceClear Open tool vaults beyond these databases, enabling developers to identify what open-source libraries they are using, what vulnerabilities exist, which vulnerabilities actually matter, and what needs to be done to fix them. And, perhaps most important, SourceClear Open integrates with the tools (GitHub and Jenkins) and supports the languages (Java, Ruby, Python and JavaScript) upon which development teams rely.