WhiteSource, the leader in open source security and license compliance management, announced today a partnership with GitHub, the leading software development platform, to help developers more easily detect open source vulnerabilities in their GitHub repositories.
GitHub launched security alerts in late 2017 to notify developers about vulnerable dependencies in their public and private repositories and identify relevant fixes for JavaScript, Ruby, Java, .NET, and Python.
GitHub is now expanding the offering by partnering with WhiteSource to help broaden the coverage of potential security vulnerabilities in open source projects. WhiteSource's vulnerability data aggregates information from the National Vulnerability Database (NVD), security advisories and open source projects' issue trackers.
"We are thrilled to announce this partnership with GitHub, making it easier than ever for developers to detect open source components with known vulnerabilities in their products," says WhiteSource's CEO Rami Sass. "Together we will continue to empower developers to harness the power of open source without compromising on security or agility by simplifying the process of finding and fixing open source vulnerabilities." 
"Over the past year alone, we've sent nearly 27 million security vulnerability alerts to our users," said Shanku Niyogi, GitHub's Senior Vice President of Product. "Through our data partnership with WhiteSource, we'll be able to further enhance our security vulnerability alerts, providing our customers with the continued security features they need to build secure software."