Security for open-source code

Add to GitHub

Authorize SRC:CLR to access your GitHub account.

At no cost, SourceClear installs quickly and discovers which open source libraries you use, all their dependencies, where they came from, how they are licensed and most importantly, if they have any vulnerabilities. We then equip you with detailed fix information for the vulnerabilities that need immediate attention.

Security connected to your code or builds

Automated scanning via integrations with GitHub or your build tools

Connect to github

Automate security scanning by connecting SourceClear to your repos (such as GitHub) or to your build tools such as Maven, Gradle, Jenkins or Travis CI. Scans can also be run on-demand via CLI. Your source code never leaves your network, and results are always encrypted.

Completing your first scan is a two step process:

  1. Install via CLI

    curl -sSL | bash

  2. Scan your repo

    srcclr scan --url

Analyze your libraries

Discover everything possible about the libraries in your code

Open source library analysis

Run automated or on-demand analysis against repos, branches, tags or any combination to discover:

  • which libraries are in use
  • all dependencies
  • where libraries came from
  • if there are newer versions
  • how they are licensed
  • any vulnerabilities

Eliminate vulnerabilities

Spend your time fixing the issues that matter using method level analysis

Eliminate security vulnerabilities

A library might be vulnerable, but you may not be exposed. Our method-level analysis helps you focus on issues that actually matter.

Get concise, actionable guidance including technical tear-downs, validation code and test scripts. And finally you can make the fixes part of your workflow through our issue tracker integration.

Far more than public vulnerability databases

We track millions of libraries to find all digital traces of vulnerabilities

Public vulnerability databases contain a small fraction of the vulnerabilities that exist in world's open-source libraries. Relying solely on public databases exposes you to real risks.

To build the most comprehensive vulnerability data possible, we supplement public databases with data we extract from the millions of projects that we sync, track and analyze. Using some nifty data science on code analysis, code commits, issues, logs and more we compile the world's most comprehensive database of open source vulnerabilities.


GitHub Enterprise Dependency management Security

More info

SRC:CLR is provided by a third-party and is governed by separate terms, privacy, and support documentation.

The GitHub logo, Invertocat logo, the images and other content are trademarks or copyrights of GitHub, Inc. All other trademarks are the property of their respective owners.