GitLabOpenSource

GitLab 및 WhiteSource: 쉬운 오픈소스 코드의 보안

Source: GitLab Blog | Author: Guy Bar-Gil, Product Manager at WhiteSource

GitLab의 보안 대시보드와 연동하여 개발 수명 주기 초기에 오픈소스 코드를 더 쉽게 보호할 수 있는 방법

Development teams have gotten used to relying on open source components to build powerful innovative software at a neck-breaking pace. The speed is certainly accelerating, but what about the security of our applications? Unfortunately, this is often treated as an afterthought, which is not surprising since security has traditionally been seen as a tiresome and time-consuming task that comes after the development stage and slows down production.

In an attempt to keep security up to speed with the pace of development, organizations are realizing that it can no longer be introduced in the later stages of the software development lifecycle (SDLC). Instead, fusing security into the earlier stages of the SDLC can enable development teams to detect and remediate vulnerabilities when they are significantly easier, quicker and cheaper to fix.

But how can we integrate security into our development process without adding more work and slowing down our pace?

Well that’s where GitLab and WhiteSource come in.

Secure open source code while in your GitLab UI

WhiteSource has leveraged GitLab’s Open Core to empower developers with the tools needed to find and fix open source vulnerabilities. The integration provides developer-focused security tools that operate within the native coding environment and within the GitLab CI/CD pipeline, allowing them to continuously address security without having to compromise on agility.

With the newest integration to GitLab Ultimate, developers gain richer insight into vulnerable open source components discovered by WhiteSource right in the merge request pipeline. At the same time security pros can see this in the GitLab Security Dashboard alongside scan results from SAST, DAST, containers, and license compliance. WhiteSource supports many more languages and provides richer dependency insight than GitLab alone. With GitLab, both security users and developers can see new, unresolved vulnerabilities for every code commit, with actionable insights on vulnerable open source libraries as well as all of their dependencies as soon as they are added to their projects.

Ensuring a secure future, together

With our partnership, we want to ensure that developers are able to harness the power of open source to create innovative products without having to compromise on security, speed, or agility.

댓글 남기기