Black Duck Software, the leading OSS Logistics solutions provider enabling the secure management of open source code, today announced the release of the free Black Duck Vulnerability Plugin for Jenkins. The new plugin extracts dependency data from the Jenkins build and automates the discovery of open source software used within projects while detecting known security vulnerabilities.
According to the National Vulnerability Database, more than 4,000 new vulnerabilities are reported in open source software each year, and thousands of these known vulnerabilities go unnoticed within a typical enterprise. By leveraging Black Duck’s KnowledgeBase, the new free plugin streamlines the usually-tedious process of identifying open source components to instantly provide vulnerability and license data on more than one million open source projects. Identifying the vulnerabilities within each build means mitigating risks early in the software development cycle.
“Continuous delivery increases the frequency of everything in the software development workflow and vulnerability detection is no exception,” said Jenkins Founder and CloudBees CTO Kohsuke Kawaguchi. “The Black Duck Vulnerability Plugin for Jenkins finds vulnerabilities early in the software development lifecycle, thereby accelerating the delivery of better quality code.”
“Black Duck offers developers and build engineers immediate visibility into vulnerabilities found in their open source software,” said Bill Ledingham, Chief Technology Officer and EVP of Engineering, Black Duck Software. “With this powerful data, teams can now focus on remediating their open source code before deploying to production.”
Black Duck’s Vulnerability Plugin also generates an easy-to-share .PDF report enabling development teams to work together with security teams. The plugin is free and runs for an unlimited amount of time.