We'll help you harness the power of open source without compromising on security or agility!

Mend Bolt for GitHub is a FREE app, which continuously scans all your repos, detects vulnerabilities in open source components and provides fixes. It supports both private and public repositories.

We've got you covered with over 200 programming languages support and continuous tracking of multiple open source vulnerabilities databases like the NVD and additional security advisories.

Find & Fix Vulnerable Open Source Libraries

Mend Bolt for GitHub (formerly WhiteSource) scans your repos every time you apply a push (limited to 5 scans/day per repo) and opens an issue for every vulnerable open source library. The issue will include reference links, a dependency tree (if exists), vulnerability info, and suggested fixes. Using GitHub Checks, a report will be created with all new vulnerabilities, enabling you to prevent merging pull requests.

Your Language, Your Tools

We support over 200 programming languages, and we cover all common package managers – so we got you fully covered. Check out our language page for more details.

Most Comprehensive Vulnerability Coverage

Our database provides the largest coverage of vulnerabilities from multiple databases including the CVE/NVD, GitHub issue tracker, security advisories, and popular open source projects issue trackers.