SourceClear provides software for spotting potential vulnerabilities that might be lying dormant in open-source code and could pose security issues for applications that rely on the code. The startup is announcing today the launch of a free tier called Open.
The idea here is to “work with the community [to] make it the best security tool possible for developers,” SourceClear founder and CEO Mark Curphey wrote in a blog post.
[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1946693,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,dev,security,","session":"C"}']This new tier could expose many more developers to the tool by virtue of its being free, in contrast to competing tools Coverity and HP’s Fortify.
Code in Java, Node.js, Python, and Ruby can be checked in SourceClear — with support for client-side JavaScript, C, C++, and Go on the way. Developers can install the technology on their local computers with the command line, or they can hook it up to GitHub, GitHub Enterprise, Git, Bitbucket, Jenkins, Gradle, Maven, and Npm, Curphey wrote.
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
Premium tiers of service offer better support and “advanced vulnerability analysis,” among other things, according to the startup’s pricing page.
San Francisco-based SourceClear announced a $10 million funding round in October.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More