In addition to our core application security products, MergeBase also publishes and maintains marketplace apps, plugins, and add-ons (referred to generally as “plugins” in this document). These plugins are available in several popular development and security marketplaces (e.g., Atlassian, Azure, Github).
MergeBase plugins have two modes of operation: basic, and enhanced. In the basic mode, the plugin is not permitted to invoke any network activity whereas in enhanced mode, when configured to do so by a plugin administrator, the plugin can be configured to download fresh global vulnerability data. It can also be configured to send vulnerability scans to a customer-controlled MergeBase cloud server running on MergeBase cloud infrastructure.
By default, MergeBase plugins are always initially installed in basic mode, and plugin administrators at the customer’s organization must consciously enable the enhanced mode.
Unless you have notified us otherwise (see condition #2, below), you consent to receive marketing emails from MergeBase Software Inc. Note: we will only use email addresses associated with the administrator accounts that installed the plugin.
You are free to withdraw your consent to receive marketing emails from us at any time. You can withdraw your consent by emailing us at firstname.lastname@example.org or clicking on the “unsubscribe” link at the bottom of any of our marketing emails.
Stay on top of the real risk of open source at any time.
Avoid false positives and get sophisticated upgrade guidance based on risk, compatibility and popularity.More on Continuous Protection
Detect and defend against known-vulnerabilities at runtime. The only SCA to do so.
The quickest way to respond to an imminent threat like log4j with CVE-2021-44228.More on Run-time Protection
CodeGreen is an early-warning defence for your in-house development and integrates directly into GitHub and BitBucketMore on BitBucket and Github apps