Black Duck, the global leader in automated solutions for securing and managing open source software, today released the latest version of Black Duck Hub, its flagship security solution, highlighting increases in code-scanning speed and new functionality that complements agile development processes.
Hub 3.0 streamlines Continuous Integration and DevOps processes through policy management and rapid-scanning capabilities that provide complete visibility into the open source code in both applications and containers. This accelerates development through early and continuous detection of known open source vulnerabilities and out-of-policy code.
“Agile development addresses customers’ constant demand for faster delivery of new functionality and features. Agility increases when dev teams can flag vulnerabilities and offending code early on. If vulnerabilities don’t surface until later in the dev cycle, time is lost and cost of remediation increases significantly. Agility takes a big hit,” said Black Duck CEO N. Louis Shipley.
“Open source is how today’s applications are built. With open source often comprising the majority of an application’s code, policy management along with fast, comprehensive identification of all open source code, and mapping of all known vulnerabilities are crucial,” said Shipley.
Hub’s automatic scanning and identification are up to 100 times faster than prior versions. Additionally, Hub does full signature scans, finding all open source and known vulnerabilities, even if they aren’t declared in package manifests.
New Hub policy management capabilities allow creation of exception-based polices to identify open source components that do not meet defined security, license or operational risk. Policy conditions include: license type, component name or usage, number of newer versions available and project characteristics (tier, phase, distribution model). Policies can be overridden by occurrence.
Hub supports open source component and source identification down to the Linux distribution level. Current distributions supported include: Red Hat Enterprise Linux (RHEL), Fedora, Alpine and Debian.