WhiteSource Documentation

Welcome to WhiteSource

Here at WhiteSource - the Software Composition Analysis (SCA) market leader - we work hard to provide you with the best open source security and license compliance management platform there is, so you can easily and efficiently manage and trust your open source assets.

Everybody Wins

WhiteSource's comprehensive offering has your entire personnel covered, by tailoring our solution to addressing the different needs of open source software development.

Key Values 

Inventory Management

Our variety of reports and dashboards will help you assess your open source usage, such as maintaining a repository of open source libraries,  or including details about license approval processes.

Security Management

Accuracy - and a deep, thorough security approach - is critical. WhiteSource provides the following:

  • Over 200 languages and 30 package managers

  • Support both binaries and source files scanning

  • Comprehensive source files analysis, mapping also non-declared dependencies, and scanning those components as well

  • Richest database in the industry. WhiteSource collects security vulnerabilities from vulnerabilities databases, security advisories (over 20), security issues, and popular open-source issue tracker.

Compliance Management 

WhiteSource provides your organization with full visibility and control over the risk associated with open source compliance.
Governance visibility and methodologies enforcements include:

  • A wide range of reports and dashboards designed for different audiences

  • Extensive support in various languages and data sources for compliance scans

  • Automation to ensure policies and workflows take place

  • Thorough support in copyrights, notices and cross-SDLC license checks

Audit Reports

Audit reports can be generated promptly with a list of your organization’s OSS libraries, the history, risks, and relevant business processes. Whenever a customer, investor or partner demands information about your OSS policies, you’re ready.

Privacy

We take your privacy very seriously. Our secure, multi-domain architecture keeps your information safe and encrypted separately from other users. We do not store any passwords on our site.

Key Products and Features 

The Unified Agent

The Unified Agent is a simple Java command-line tool that extracts descriptive information from your open source libraries located on your file system and integrates them with WhiteSource.

The Web-based GUI

The Web-based GUI provides you with numerous options and panels to view and analyze the scans of your open-source software in the organization's products and projects. Administrators can customize the system settings, manage the additional users' permissions, and configure the integration with third-party components.      

WhiteSource Prioritize 

WhiteSource Prioritize represents a revolutionary approach to the assessment of the effective security vulnerability impact associated with open source components. It scans customer code, analyzes how the code interacts with open source components, indicates if reported vulnerabilities are effectively referenced by such code – and if so – identifies where that happens. Through a combination of advanced algorithms, a comprehensive knowledge base and a fresh new UI, WhiteSource Prioritize enables customers to establish whether reported vulnerabilities constitute a real risk, allowing for a significant potential reduction in development efforts and higher development process efficiency.

WhiteSource Developer Integrations

WhiteSource Developer Integrations is a paid bundle that augments the WhiteSource Core offering and includes these products:

  • WhiteSource Remediate - Continuously track repositories to identify vulnerable open source components and generate fix pull requests (PR) automatically, thus automating the remediation process

  • IDE Integration - Alerts developers on vulnerable open source components while coding within the IDE UI so developers don’t have to switch between applications or wait until they’ve committed the code

  • Repo Integration - A native integration detecting all open source components in the repos, providing alerts, enforcing compliance, failing builds and pull requests and automating remediation guidance.

  • Browser Integration (previously named Web Advisor or Selection Tool) - A Chrome extension that allows developers to view a snapshot of a component’s details while browsing on web pages such as StackOverflow, Maven Central, GitHub and many more before they download it and incorporate it into the product.

IMPORTANT

The documentation in this repository reflects the ongoing changes in WhiteSource application, and as such, is "dynamic". Please note that topics, content, features, descriptions, and entire pages can change at any time with little or no notice.

Getting Started

This section gives you information about the features of WhiteSource that you will need to set up your account.

Search this documentation: