Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

SourceClear provides software for spotting potential vulnerabilities that might be lying dormant in open-source code and could pose security issues for applications that rely on the code. The startup is announcing today the launch of a free tier called Open.

The idea here is to “work with the community [to] make it the best security tool possible for developers,” SourceClear founder and CEO Mark Curphey wrote in a blog post.

This new tier could expose many more developers to the tool by virtue of its being free, in contrast to competing tools Coverity and HP’s Fortify.

Code in Java, Node.js, Python, and Ruby can be checked in SourceClear — with support for client-side JavaScript, C, C++, and Go on the way. Developers can install the technology on their local computers with the command line, or they can hook it up to GitHub, GitHub Enterprise, Git, Bitbucket, Jenkins, Gradle, Maven, and Npm, Curphey wrote.

Premium tiers of service offer better support and “advanced vulnerability analysis,” among other things, according to the startup’s pricing page.

San Francisco-based SourceClear announced a $10 million funding round in October.


VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member