WhiteSource, Codota Join Forces to Address Open Source Security Vulnerabilities


Integrated Development Environment (IDE) plugin alerts developers to open source vulnerabilities in their code in real time and provides suggested fixes.

Software development and debugging concept. Bug found in binary code with magnifying glass.

Software developers will now be able to easily manage open source security within their coding environment, all thanks to WhiteSource and Codota.

WhiteSource, the leader in open source security and license compliance management, and Codota, developer of the leading code AI platform, have joined hands to address open source security vulnerabilities.

They are jointly offering an Integrated Development Environment (IDE) plugin that alerts developers to open source vulnerabilities in their code in real time and provides suggested fixes within their IDE.

IDEs are the primary applications that developers use to author, modify and debug software. As the industry shifts security and compliance responsibilities to developers, it has become more important than ever for developers to be able to quickly address open source issues in their code. This integration will allow them to do so without disrupting their workflow.

For example, now WhiteSource customers can easily install a plugin for IntelliJ, a popular IDE, and receive alerts on security issues when they reference a component with a known vulnerability.

Notifications with all of the relevant details, including remediation recommendations for a quick and efficient fix, will appear in exactly the right context. Codota’s function of sending developers specific, relevant code suggestions within the IDE will also be provided, to substantially improve accuracy and speed.

Securing open source components in software

Founded in 2011, WhiteSource has been empowering businesses to develop better software faster by harnessing the power of open source. Its customers include industry leaders like Microsoft and IBM.

“The partnership with Codota allows us to take shift left one step further by alerting developers when they are using open source components with known vulnerabilities in real-time within their IDE UI before even committing the code,” said Rami Sass, Co-Founder and CEO of WhiteSource.

This will enable them to manage open source security easily within their coding environment without sacrificing time or quality, Sass added.

Dror Weiss, Co-Founder and CEO of Codota, reiterated that the company’s fundamental mission is “utilizing AI to boost developer productivity.”

“We’re excited to partner with WhiteSource to allow users to safely leverage open source resources and receive vulnerability alerts as the code is being written, well before any potential damage is done,” said Weiss.

The company currently offers Codota for Java, an IDE code assistant providing real-time code completion suggestions, as well as Codota Web, a technical reference site.


Please enter your comment!
Please enter your name here