Here at WhiteSource - the Software Composition Analysis (SCA) market leader - we work hard to provide you with the best open source security and license compliance management platform there is, so you can easily and efficiently manage and trust your open source assets.
WhiteSource's comprehensive offering has your entire personnel covered, by tailoring our solution to addressing the different needs of open source software development.
Our variety of reports and dashboards will help you assess your open source usage, such as maintaining a repository of open source libraries, or including details about license approval processes.
Accuracy - and a deep, thorough security approach - is critical. WhiteSource provides the following:
Over 200 languages and 30 package managers
Support both binaries and source files scanning
Comprehensive source files analysis, mapping also non-declared dependencies, and scanning those components as well
Richest database in the industry. WhiteSource collects security vulnerabilities from vulnerabilities databases, security advisories (over 20), security issues, and popular open-source issue tracker.
WhiteSource provides your organization with full visibility and control over the risk associated with open source compliance. Governance visibility and methodologies enforcements include:
A wide range of reports and dashboards designed for different audiences
Extensive support in various languages and data sources for compliance scans
Automation to ensure policies and workflows take place
Thorough support in copyrights, notices and cross-SDLC license checks
Audit reports can be generated promptly with a list of your organization’s OSS libraries, the history, risks, and relevant business processes. Whenever a customer, investor or partner demands information about your OSS policies, you’re ready.
We take your privacy very seriously. Our secure, multi-domain architecture keeps your information safe and encrypted separately from other users. We do not store any passwords on our site.
Key Products and Features
The Unified Agent
The Unified Agent is a simple Java command-line tool that extracts descriptive information from your open source libraries located on your file system and integrates them with WhiteSource.
The Web-based GUI
The Web-based GUI provides you with numerous options and panels to view and analyze the scans of your open-source software in the organization's products and projects. Administrators can customize the system settings, manage the additional users' permissions, and configure the integration with third-party components.
WhiteSource Prioritize represents a revolutionary approach to the assessment of the effective security vulnerability impact associated with open source components. It scans customer code, analyzes how the code interacts with open source components, indicates if reported vulnerabilities are effectively referenced by such code – and if so – identifies where that happens. Through a combination of advanced algorithms, a comprehensive knowledge base and a fresh new UI, WhiteSource Prioritize enables customers to establish whether reported vulnerabilities constitute a real risk, allowing for a significant potential reduction in development efforts and higher development process efficiency.
WhiteSource Developer Integrations
WhiteSource Developer Integrations is a paid bundle that augments the WhiteSource Core offering and includes these products:
WhiteSource Remediate - Continuously track repositories to identify vulnerable open source components and generate fix pull requests (PR) automatically, thus automating the remediation process
IDE Integration - Alerts developers on vulnerable open source components while coding within the IDE UI so developers don’t have to switch between applications or wait until they’ve committed the code
Repo Integration - A native integration detecting all open source components in the repos, providing alerts, enforcing compliance, failing builds and pull requests and automating remediation guidance.
Browser Integration (previously named Web Advisor or Selection Tool) - A Chrome extension that allows developers to view a snapshot of a component’s details while browsing on web pages such as StackOverflow, Maven Central, GitHub and many more before they download it and incorporate it into the product.
The documentation in this repository reflects the ongoing changes in WhiteSource application, and as such, is "dynamic". Please note that topics, content, features, descriptions, and entire pages can change at any time with little or no notice.
This section gives you information about the features of WhiteSource that you will need to set up your account.