Overview

The WhiteSource application uses the alerts concept to notify users of licensing and vulnerability open-source issues. Alerts work the following way: Upon scan completion, a customer’s inventory is synchronized to WhiteSource, and the application analyzes the customer’s open-source libraries and source files and compares them to the WhiteSource knowledge base and policy definitions. If security vulnerabilities, licensing and compatibility issues, or policy violations, etc. exist, alerts are triggered for the organization. 

In order to manage alerts, a dedicated Alerts menu is provided. The Alerts menu comprises the following (click the links below to access the documentation).

The following types of alerts are generated by WhiteSource:

Alerts Category

Description

Security Alerts

Review alerts for vulnerabilities. This category comprises two views (each with its own screen):

  • View By Vulnerability - Enables you to view and manage the alerts per vulnerability according to the selected products/projects.  For example, use this screen to ignore alerts of a specific vulnerability across all libraries in the selected scope.

  • View By Library - Enables you to view and manage the alerts per library according to the selected products/projects.  For example, use this screen to ignore all security alerts of a specific library in the selected scope. 

Other Alerts - Licensing and Compliance

Review alert details for licensing and quality issues reported for a given product or project.

  • High Severity Bug Alerts - Triggered for old Java libraries that include a severity rating and a bug rating. NOTE: Currently being deprecated and might contain outdated information.

  • Multiple Library Versions Alerts - Triggered for any library that appears twice or more in different versions within a certain product

  • Multiple Licenses Alerts - Triggered for any library that has more than one license

  • New Versions Alerts - Triggered for any library found to be out-of-date (i.e., not updated to the latest version)

  • Policy Violation -  Triggered for any violation your policies

  • Rejected Library In Use Alerts - Triggered for any library that created a request which was later rejected

Alerts Actions

Once you have all alerts of the scope you selected, you can choose to ignore those that are not relevant to your environment. Ignored Alerts won't appear in the dashboards and reports. 

For further analysis,  do the following: