WhiteSource Announces Merge Confidence
TEL AVIV AND BOSTON , Nov. 16, 2020 – WhiteSource, the leader in open source security and license compliance management software, announced today the release of Merge Confidence, a new automated solution that helps developers safely update and remediate their open source dependencies with a high degree of confidence. Merge Confidence uses a badge to show how likely an open source component can be updated without breaking the build. It is the latest addition to WhiteSource’s industry-leading remediation offering that includes fix suggestions, automated pull requests, and integrated workflows.
WhiteSource Merge Confidence uses extensive open source dependency data to determine with a high degree of accuracy whether updates are safe to apply. By regularly updating open source components to their latest versions whenever it’s safe to do so, organizations are less exposed to open source bugs and are at a much lower risk from vulnerabilities.
“Open source components are updated at such a staggering rate, it is impossible to manage this process manually. With WhiteSource, dependencies are managed automatically, allowing developers to focus more of their time innovating your product,” said David Habusha, VP Product Management at WhiteSource. “Merge Confidence is designed to make developers’ lives easier when maintaining a secure code base by providing them with visibility into how safe it is to merge suggested release updates.”
WhiteSource Merge Confidence allows developers to make informed decisions based not only on their own search and tests but also with the aggregated results of thousands of other developers, which lowers the risk of merging updates. Merge Confidence employs aggregated usage and test data to automate updates so developers spend less time manually inspecting new features and fixes, significantly decreasing the time it takes to update open source dependencies. With more secure and up-to-date code, developers worry less about the security risks associated with outdated dependencies.
About Mend.io
Trusted by the world’s leading companies, including IBM, Google, and Comcast, Mend.io offers a full-spectrum application security platform designed to help leading organizations build and manage mature AppSec programs, enabling them to stop chasing vulnerabilities and start proactively managing application risk.