Israel-based open source security and license compliance management company, WhiteSource, today announced its acquisition of Renovate, an open-source project for dependency updates. Renovate’s offerings will now be available for free under its new name, WhiteSource Renovate.
WhiteSource Renovate will be integrated into the WhiteSource product portfolio, which includes WhiteSource Core and WhiteSource for Developers. More importantly, WhiteSource will now offer the existing paid offerings of Renovate for free: a GitHub app, a GitLab app, and a self-hosted solution, all under the WhiteSource Renovate umbrella.
Why WhiteSource collaborated with Renovate?
Renovate basically provides automatic dependency updates. Many third-party modules can introduce bugs and vulnerabilities in a product. The only reliable risk mitigation strategy is to keep dependencies continuously patched. In such scenarios, Renovate runs continuously to detect the latest available versions. You receive automated Pull Requests whenever dependencies need updating. It can also define schedules to avoid unnecessary noise in projects (e.g. for weekends or outside of working hours, or weekly updates, etc). Multiple languages and file types are supported in order to detect dependencies wherever you use them.
Acquiring a company like Renovate makes sense as it resonates with what WhiteSource already does. WhiteSource basically tracks vulnerabilities in open source packages. With Whitesource, organizations can track open source components in their code, identifying when there are vulnerabilities, and provide routes to fix them.
Last month, WhiteSource announced that it has raised $35 million to expand the scope of its work.
“We’re excited to add Renovate’s technology to the WhiteSource product line, and we’re looking forward to getting it into the hands of as many developers as possible,” said Rami Sass, CEO of WhiteSource. “ We’re proud that a tool for updating dependencies is itself open source and will ensure the project continues to extend its leadership in multi-platform and language support. Developers can now hopefully spend more time innovating and less time manually resolving security vulnerabilities or dependency updates.”