WhiteSource product overview
WhiteSource tracks and manages open source usage by automatically identifying open-source components and generating immediate reports on open-source licenses, security vulnerabilities, and more.
WhiteSource integrates with your build process and identifies all open-source components every time you run your build. It then generates reports on licenses, security and more. It does this day-in and day-out, providing real-time alerts on problematic components to help you fix issues as early as possible.
Pros of WhiteSource
WhiteSource can reduce up to 85% of security alerts by prioritizing vulnerabilities based on whether your proprietary code is utilizing them, allowing you to address the most crucial issues first.
Cons of WhiteSource
While the automatic reporting cuts down on manual work for your team, the user interface isn’t as polished as it could be. Overall, it saves time, but the reports aren’t as easy to read as some users would like.
Breakdown of core features
Detection & Prioritization
WhiteSource identifies all open source components, including transitive dependencies, every time you run your build or do a commit. It then prioritizes vulnerabilities based on their impact with no false positives.
The software then speeds up remediation with automated fix pull requests, as well as suggested fixes and automated workflows including Jira and Work item integration.
WhiteSource also provides you with detailed reports with the most current data so that your information remains as accurate as possible.
(Last updated on 12/20/2019 by )