Black Duck's plugin for Visual Studio Team Services (VSTS) and Team Foundation Server (TFS) allows you to automatically find and fix open source security vulnerabilities so you can proactively manage risk. This extension shows your project's NuGet dependencies. You can sort your NuGet dependencies by package, license, or security risk without ever leaving Visual Studio. Optionally, you can navigate to your Black Duck instance and view the report for the selected component.
Organizations Trust Black Duck to Secure and Manage Open Source
Black Duck helps organizations identify and mitigate open source security, license compliance and code-quality risks across application and container portfolios. Black Duck is powered by the world’s largest open source KnowledgeBase™, with information from over 13,000 unique sources, including 100s of security vulnerability sources. The KnowledgeBase™, combined with the broadest support for platforms, languages and integrations, is why 2,000 organizations worldwide rely on Black Duck to secure and manage open source.
Black Duck is architected to address the challenges facing developers by integrating seamlessly with your continuous integration and development servers, build tools, containers and repositories. With easy to use plugins for the most popular development tools, and REST APIs that allow you to build your own integrations for virtually any commercial or custom development environment, you can be agile, secure, and compliant.
• Rapid Discovery of Open Source: Rapid scanning and identification of open source libraries, versions, license, and community activity using the Black Duck® KnowledgeBase™ – the industry’s most complete with detailed data from over 13,000 unique sources, including 100s of security vulnerability sources.
• Identify Open Source Risks: Create an inventory of all open source in use and map to known security vulnerabilities, identifying and prioritizing the severity of the vulnerability and explore remediation steps.
• Remediation and Policy Enforcement: Open source vulnerability remediation prioritization, mitigation guidance, and automated policy management allowing organizations to gain visibility to their remediation efforts and manage their external and internal compliance mandates.
• Continuous Monitoring for New Security Vulnerabilities: Ongoing monitoring and alerting on newly reported open source security vulnerabilities.
Using the Black Duck Visual Studio (IDE) plugin
You can use the Black Duck Visual Studio plugin as follows.