WhiteSource for GitHub.com is a GitHub app which continuously scans all your repos, detects vulnerabilities in open source components and provides fixes. It supports both private and public repositories, to make sure nothing puts your product at risk.

We've got you covered with over 200 programming languages support and continuous tracking of multiple open source vulnerabilities databases like the NVD and additional security advisories.

Find & Fix Vulnerable Open Source Libraries

WhiteSource will scan your repos every time you apply a push and will open an issue for every vulnerable open source library dependency the minute it is added. The issue will provide you with reference links, a dependency tree (if it exists), vulnerability information, and suggested fixes.

Using GitHub Checks in WhiteSource for GitHub.com

WhiteSource will scan your repository as part of GitHub Checks whenever a commit is pushed to the repository. If one or more vulnerabilities were found, a report with all the new vulnerabilities will be presented. You can prevent merging pull requests in case vulnerabilities were found and the check resulted in a failure.

Getting Started

Read our documentation for guidance and how to use the app.