Mend Bolt (formerly WhiteSource)

We help you harness the power of open source without compromising on security or agility!

Mend Bolt is a FREE extension, which scans all your projects and detects open source components, their license and known vulnerabilities. Not to mention, we also provide fixes.

We've got you covered with support for most common programming languages and continuous tracking of multiple open source vulnerabilities databases like the NVD, security advisories, peer-reviewed vulnerability databases, and popular open source projects issue trackers.

Mend Secures & Manages Your Open Source Usage

Mend integrates with your Azure DevOps Services continuous integration servers and detects all open source components in your software, without ever scanning your code. It provides you with real-time alerts on vulnerable and outdated open source components and generates comprehensive up-to-date inventory, licenses and security reports with only one click.

Get Real-Time Alerts on Security Vulnerabilities

Mend provides real-time feedback whenever a vulnerable open source component is added to your build or when a vulnerability is discovered in a component already used in your software. You will also be alerted on copyleft open source licenses.

Ensure license compliance

Mend detects all licenses of your open source components and provides its license reference link as required in open source due diligence reports. In addition to comprehensive detailed reports, including all dependencies’ licenses, it also provides an overview of the open source licenses distribution per build.

Automated Up-to-Date Inventory Reports

Mend analyzes your open source usage every time you run your build. Therefore, you can download a full and accurate open source BoM report based on your last build at any given point. Each report will include the library with a download or library home page link and a license reference link.