Microsoft integrates Black Duck open-source tools with Visual Studio
Is someone sneaking open-source code as their work into your Visual Studio project? Does some of the open-source code you're already using have known bugs in it? This new pairing of Microsoft and Black Duck technology can help with both problems.
Black Duck Hub is a database and code-checking service. Its database, Black Duck KnowledgeBase, contains data on over 2 million open-source projects and 79,000+ known open-source vulnerabilities. Armed with this data, Hub scans your project's code to identify its open-source components. It then checks the code for known vulnerabilities and for new vulnerabilities as they're reported. It also enables you to prioritize and track your remediation efforts.
This way you can be sure, for example, the old code in your project from three months ago will have any new problems cleaned up and fixed. It also enables you to spot open-source code when it shouldn't be in your project for licensing reasons.
The new Black Duck Visual Studio extensions will automatically detect any known open-source code used during your TFS and TS builds. It will identify security vulnerabilities, components with license compliance issues, and any security risks. It will also spot cases when your lazier programmers have "borrowed" open-source code without permission for your projects.
Black Duck CEO Lou Shipley continued on this theme in a statement. "With open source making up between 80 percent and 90 percent of the code in today's applications, effective security and management of open source is essential. Microsoft recognizes the importance of open source in application development and the many economic and productivity reasons for its rapidly expanding use. We're pleased that Microsoft also sees the value in bringing Black Duck's open-source license and security compliance capabilities to the Microsoft Visual Studio continuous integration platform."
Shawn Nandi, Microsoft's senior director, cloud app dev and data marketing, added: "We welcome Black Duck to the Visual Studio Partner Program and we are pleased that this integration with Visual Studio will bring our customers options to detect and manage potential security risks."
Microsoft isn't the first company to incorporate Black Duck Hub into their programming tools. IBM and HPE have already integrated Black Duck's Hub into their development platforms.