Getting Started with WhiteSource

This Getting Started guide is designed to help you navigate the main WhiteSource GUI dashboard and menu options, in order to get up and running quickly with WhiteSource.

The Web-based GUI provides you with numerous menu options and panels to view and analyze the scans of your open-source software in the organization's products and projects. Administrators can customize the system settings, manage the additional users' permissions, and configure the integration with third-party components.      

The following table provides an overview of the options that you can access from the menu bar at the top of the WhiteSource Home page.

Main Menu Item

Sub Menu Item

Description

For details, see ……

See also…..

Main Menu Item

Sub Menu Item

Description

For details, see ……

See also…..

Home

Main page that opens after you log in. Provides immediate visibility of your organization’s open source inventory (open source files), together with potential security vulnerabilities, license compliance, and easy to understand dashboards. 

Understanding the WhiteSource Home Page

Understanding Projects, Products, and Organizations

Understanding and Managing Vulnerabilities

The Vulnerabilities Report

Dashboards

 

 

 

Library Search

Search for libraries in an organization in order to view their details.

Searching for Libraries

 

 

Requests

The Requests Dashboard features a variety of options that provide a complete view of the status of requests in your organization.

Requests Dashboard

Understanding Update Requests

 

 

Licenses

The Licenses Dashboard provides a complete view of the status of licenses in your organization.

Licenses Dashboard

License Resolution Research Definitions

Understanding Risk Score Attribution and License Analysis

 

Security Trends

The Security Trends Dashboard provides a view of the organizational security posture over time, based on:

  • Number of open security vulnerabilities

  • Average remediation and handling time of security vulnerabilities

  • Effect of newly published vulnerabilities

NOTE: This dashboard is intended mainly for the organization's administrators, security officers, and application R&D managers. 

Security Trends Dashboard

 

 

Containers

The Containers dashboard provides a clear view of the Kubernetes resources along with the ability to filter, sort, and view the vulnerabilities per pod in a cluster.

Containers Dashboard

WhiteSource for Containers

 

Set Organizational Attribute Values

Apply attribute values to libraries in an organization.

https://whitesource.atlassian.net/wiki/spaces/WD/pages/542605412/Managing+Custom+Attributes#Setting-the-Organizational-Attribute-Values

 

Products

From the Products dropdown menu, you can view a dashboard detailing a product’s open-source status (alerts, vulnerability & license analysis, associated libraries, pending tasks, and so on).

Working with Products

Understanding Projects, Products, and Organizations

Understanding the Library Details Page

 

View All

View all the products in an organization and when they were created. You can select a product to view a dashboard showing its open-source status.

 

Admin Products

View a list of projects associated with the products in the organization. You can select a product to view a dashboard showing its open-source status.

 

+ New Product

Create a new product.  

 

Search Product

Search for a specific product.

 

Last Used Products

View the last-used products for quick access to view a dashboard detailing the product’s open source status

Projects

From the Projects dropdown menu, you can view a dashboard detailing a project’s open-source status (alerts, vulnerability & license analysis, associated libraries, pending tasks, and so on).

Working with Projects

Understanding Projects, Products, and Organizations

Understanding the Library Details Page

 

View All

View all the projects in an organization and when they were created. You can select a project to view its open source status.

 

Search Project

Search for a specific project.

 

Last Used Projects

View the last-used projects for quick access to view a dashboard detailing the project’s open source status.

Policies

From the Policies menu, you can manage and enforce policy rules in an organization. You can create workflows to enforce your company rules for security and compliance.

Managing Automated Policies

 

Alerts

From the Alerts menu, you can manage alerts which notify users about licensing and vulnerability open-source issues.

Managing Alerts

Licensing and Compliance Alerts

Security Alerts: View by Vulnerability

Security Alerts: View by Library

Reports

From the Reports menu, you can generate reports that provide information on security vulnerabilities and alerts, detailed compliance information, library licenses information and implications, various risk factors, and more.

Working with WhiteSource Reports

Working with Administrator Reports

 

Integrate

 

From the Integrate menu, you can do the following:

  • View important information about your organization & its environment, including the organization’s unique API key.

  • Find the product token for each product in the organization which uniquely identifies it.

  • Find the project token for each project in the organization which uniquely identifies it.

  • Configure Advanced Settings for your organization, such as, configuring user level access control, how to store and manage unmatched source files in WhiteSource, and more.

  • View and configure all the integrations that are supported by the Unified Agent.

  • Generate an activation key for an Azure DevOps Server (TFS) Integration.

  • View and configure WhiteSource developer integrations.

Unified Agent Integrations

Azure DevOps Server (TFS) Integration

Developer Integrations

Matching Libraries by Filename

Managing Unmatched Source Files

User Level Access Control in Integrations and APIs

 

Admin

 

From the Admin menu, you can configure:

  • Settings for Alerts, In-House Libraries, Library Whitelists, Custom Attributes, Notifications, Security, Maven Dependency Resolutions

  • General system settings for Users, Groups, Role Assignments, view a history of User Logins, and more.

  • Settings for WhiteSource integrations:

    • Advise for Chrome Management

    • Upload Update Request

    • SAML Integration

    • Issue Tracker Settings

    • GitHub WebHooks integration

    • Integration Workflow Rules

Managing Custom Attributes

Managing In-House Rules

Managing Library WhiteList Rules

Configuring Notifications Settings

Using Version in Product or Project Names

Issue Tracker Integration (Legacy)

WhiteSource SAML 2.0 Integration

Issue Tracker Integration Generic Platform and Plugins