WhiteSource Advise (formerly Web Advisor)

General Information

WhiteSource Advise allows your developers to view a snapshot of a component’s details before they download it to their repository, and incorporate it in the codebase. It is delivered as a Chrome or Microsoft Edge (from version 83) extension.

WhiteSource Advise quickly identifies open source component installation references on Web pages such as StackOverflow, Maven Central, and RubyGems. See also Supported Repositories.

When in the page, a simple click on the icon enables developers to view important details to help them decide whether or not to add a new component. Details include known vulnerabilities, quality scores, and whether the component is currently in use within your organization.

Installing WhiteSource Advise as an External User

Inviting an External User (for WhiteSource Administrators Only)

The WhiteSource account administrator has the option to invite users to download and use WhiteSource Advise by doing the following:

  1. From the WhiteSource application, click Admin > Advise for Chrome Management. The Advise for Chrome Management screen is displayed.
  2. In Add Users by Email pane, in Emails, add the email addresses of all the users for whom you want to receive an invitation via email.
    Note: Ensure each email address is entered on a separate line.

Installing WhiteSource Advise (for Invited Users)

Invited (external) users will receive a link via an email invitation in order to complete the installation.

Activating WhiteSource Advise via the Profile Page (WhiteSource Users Only)

Existing WhiteSource users can activate the WhiteSource Advise from their 'Profile' page without having an administrator send an invitation. This option is done via the following steps:

  1. Go to your Profile Page.
  2. Navigate to the 'Advise for Chrome' panel on this page.
  3. Click Advise for Chrome to generate an activation link. An activation link is be generated. If you are a member of multiple organizations, click the link for the relevant organization.
  4. Add the WhiteSource Advise extension to your browser.  
  5. Click Activation Link in order to complete the activation process. 

NOTE: You have the option to deactivate WhiteSource Advise on your organization by clicking Deactivate. 


Using WhiteSource Advise

The following are the methods used for maximizing the WhiteSource Advise functionality. For a list of repositories and platforms supported by each of these methods, refer to the table in Supported Repositories and Platforms.

1. Browse for a specific library version page by URL

For example, go here for a MVN repository library.

You can view the WhiteSource selection plugin red mark when a library is identified.

Sample specific library page

2. Browse any Web page via a text pattern search

You can scan any Web page for open source component installation references, by clicking on the WhiteSource Advise extension icon.

It will scan the page and detect all package references where/when available.

Any open source component installation reference (such as "pypi install", "gem install", etc.) will be highlighted.

WhiteSource Advise searches for the following text patterns in these languages:

Python (pip)

Ruby (bundler)

One of the following


JavaScript (NPM)

.NET (NuGet)

One of the following:


Java (Maven)

One of the following:


Go

PHP (Composer)

One of the following:


Scala (SBT)

One of the following:

Rust (Cargo)

One of the following:

Haskell (Cabal)

One of the following:

Legacy:


Version 2:

OCaml (Opam)

One of the following:


3. Code snippet highlighting on any Web page

Scan any of the supported code references from the previous section by highlighting it, right-clicking, and then selecting Scan with WhiteSource Advise option. 

The WhiteSource Advise searches for the same patterns that were displayed in the previous section and provides a single result:

Displayed Information after the Scan

WhiteSource Advise displays the following information:

  • License: identifies the component's license.
  • Outdated: informs you if there's a newer version of the library. Note: WhiteSource ignores non-stable versions of a library (such as an alpha version).
  • Policies: shows you whether the component meets your company's policy as configured in your WhiteSource account.
  • Projects: shows you if your organization is already using this library and number of occurrences.
  • Security vulnerabilities: each shield accounts for a different vulnerability and severity is demonstrated by color.
  • Quality: provides an overall score based on the number of commits, version releases, etc. 


In the following sample screenshot, WhiteSource Advise found two vulnerabilities with a high score. Clicking on the 'Take me to the first component' link forwards you to the first icon of the vulnerability.

Selecting the Interface Language 

WhiteSource Advise provides you with the option to select a language:

  1. Click on the 'About' icon .



  2. The 'About' panel is displayed. Click on 'Language' and select the language for the interface:

Supported Repositories and Platforms

WhiteSource Advise currently supports the following repositories:


URL Scanning Text Pattern SearchCode Snippet Highlighting
opam(tick)(tick)
Rust Package Registry(tick)(tick)

GitHub


(tick)(tick)

Stack Overflow


(tick)(tick)

Maven Central Repository

(tick)
(tick)

Mvn Repository

(tick)
(tick)

Ruby Gems

(tick)
(tick)

GoDoc

(tick)
(tick)
Go Search(tick)
(tick)

PyPi

(tick)
(tick)

NuGet

(tick)
(tick)

Packagist 

(tick)

CDNJS (on library URLs with and without a specific version)(tick)

NpmJs(tick)

Supported Languages

WhiteSource Advise supports the detection of open source components installation references in the following programming languages:

Java, Scala (SBT), .NET, JavaScript, Ruby, Python, Go, PHP, Rust, Haskell, OCaml