Security for open-source code
Authorize SRC:CLR to access your GitHub account.
At no cost, SourceClear installs quickly and discovers which open source libraries you use, all their dependencies, where they came from, how they are licensed and most importantly, if they have any vulnerabilities. We then equip you with detailed fix information for the vulnerabilities that need immediate attention.
Security connected to your code or builds
Automated scanning via integrations with GitHub or your build tools
Automate security scanning by connecting SourceClear to your repos (such as GitHub) or to your build tools such as Maven, Gradle, Jenkins or Travis CI. Scans can also be run on-demand via CLI. Your source code never leaves your network, and results are always encrypted.
Completing your first scan is a two step process:
Install via CLI
curl -sSL https://srcclr.com/install | bash
Scan your repo
srcclr scan --url https://github.com/githubname/repo
Analyze your libraries
Discover everything possible about the libraries in your code
Run automated or on-demand analysis against repos, branches, tags or any combination to discover:
- which libraries are in use
- all dependencies
- where libraries came from
- if there are newer versions
- how they are licensed
- any vulnerabilities
Spend your time fixing the issues that matter using method level analysis
A library might be vulnerable, but you may not be exposed. Our method-level analysis helps you focus on issues that actually matter.
Get concise, actionable guidance including technical tear-downs, validation code and test scripts. And finally you can make the fixes part of your workflow through our issue tracker integration.
Far more than public vulnerability databases
We track millions of libraries to find all digital traces of vulnerabilities
Public vulnerability databases contain a small fraction of the vulnerabilities that exist in world's open-source libraries. Relying solely on public databases exposes you to real risks.
To build the most comprehensive vulnerability data possible, we supplement public databases with data we extract from the millions of projects that we sync, track and analyze. Using some nifty data science on code analysis, code commits, issues, logs and more we compile the world's most comprehensive database of open source vulnerabilities.