The WhiteSource Home page provides immediate visibility of your organization’s open source inventory (open source files), together with potential security vulnerabilities, license compliance, and easy to understand dashboards.
The following type of information is displayed on the WhiteSource Home page:
A dedicated summary count of system category alerts reported for a given Organization, Product or Project, including the total count of policy violations, versions, licenses, quality and security alerts.
An up-to-date overview of security risks and their severity for your components across all products (applications).
A list of the products and the number of projects and libraries per product. By default, the top 10 products with the most projects are displayed.
Detailed information about the product libraries (components).
License distribution data in which you can see the licenses resolution in your organization and check for licenses that might not comply with your company’s policy.
A list of unanswered update requests sent from the plugins regarding new libraries.
A list of update requests sent by the user from the plugins regarding new libraries.
NOTE: By default, all products are visible on the dashboard. If you want to prevent specific products from being seen by specific users or groups, you must update the product page.
Accessing the Home Page
The WhiteSource Home page opens immediately after logging in to WhiteSource. If required, you can change the default Home page that will be displayed when you log in.
For example, to change the Home Page to the All Products page, do the following:
From the menu bar, select Products > View All. The All Products page is displayed.
Select Set as Home Page. The All Products page will be your homepage beginning at your next login.
To reset the initial home page, clear the Set as Home Page checkbox at the top right of the page.
The Organizational Alerts pane enables you to view a dedicated summary count of system category alerts reported for a given Organization, Product or Project, including the total count of policy violations, versions, licenses, quality and security alerts. Additionally, you can click each alert type to display an Alert View corresponding to its category, enabling you to perform selected actions on the listed alerts (e.g., ignore alerts).
By clicking the iconor summary number in a category, an Alert View will be displayed listing alerts filtered to the relevant category:
For example, clicking Multiple Versionswilldisplay the Licensing and Compliance Alerts screen listing only alerts of multiple library versions.
The following table describes the alert type categories:
An alert is triggered upon meeting a condition inconsistent with defined policy.
An alert is triggered for any scanned library found to be out-of-date (i.e., not having the latest version).
An alert is triggered for any library that appears twice or more in different versions within a certain product.
An alert is triggered for any library that has more than one license.
Rejected in Use
An alert is triggered for any library that created a request which was later rejected.
The total number of libraries with alerts (regardless of project occurrences).
For example, the alert count for a Product with two Projects where each features an alert for the same library will be "one" and will be displayed in one row noting two project occurrences.
The color scheme is as follows:
Red: The number of libraries with High maximum alert severity
Orange: The number of libraries with Medium maximum alert severity
Yellow: The number of libraries with Low maximum alert severity
The total number of vulnerability alerts (e.g., a CVE alert).
For example, the alert count for the same CVE recorded in three separate occurrences will be "one", and will be displayed in one row noting three occurrences.
The color scheme is as follows:
Red: The number of vulnerability alerts with High severity
Orange: The number of vulnerability alerts with Medium severity
Yellow: The number of vulnerability alerts with Low severity
The Vulnerability Analysis pane provides an analysis of your organization’s vulnerabilities.
The Vulnerability Analysis pane comprises the following sections:
Reported Vulnerability: Shows the library distribution based on the highest vulnerability severity – High, Medium, or Low. Clicking on the pie chart launches the Security Alerts: View by Library screen, where you can review vulnerability statistics, such as the number of reported vulnerabilities and ignored alerts for a selected library, and ignore and activate (restore) a selection of vulnerability alerts associated with a library.
Effective Vulnerability: Shows the vulnerability severity distribution based on an effectiveness indicator (i.e., shield). You can select to view the effective vulnerability in two modes: Severity-based view (includes severity) or Effectiveness-based view
Clicking on the Effective Vulnerability graph launches the Security Alerts: View by Vulnerability screen, where you can manage the alerts per vulnerability according to specific products/projects. For example, use this screen to ignore alerts of a specific vulnerability across all libraries in the selected scope.
o Vulnerable: The total count of vulnerable libraries.
o Vulnerable & Outdated: The total count of outdated and vulnerable libraries (counts the libraries that have newer versions and include vulnerabilities).
o Outdated: The total count of outdated libraries (counts the libraries that have newer versions).
o Analysis Coverage: The percentage of analyzed libraries (excluding libraries marked with a grey shield) from the total count of libraries that can be analyzed.
o Effective or Non-Analyzed: Overall Effective Vulnerability Index which reflects the relative portion of security alerts that are not marked with a green shield.
o Non-Effective: Non-Effective Vulnerability Index which reflects the relative portion of security alerts that are marked with a green shield.
Product Summary (Top 10)
The Top 10 Products section lists the products and the number of projects, number of libraries, number and severity of vulnerable libraries, and number of licenses per product. By default, the top 10 products with the most projects are displayed.
Clicking a library changes the License Distribution to reflect the selection, as displayed in the License Distribution pane.
This pane provides license distribution data in which you can see the licenses resolution for products in your organization, and enabling you to check for licenses that might not comply with your company’s policy.
For a selected product, the License Distribution chart displays:
Total number of license types for the product.
A pie chart showing the distribution of licenses. Hovering on a section in the chart shows the number of licenses of that type and its percentage out of all the licenses.
Pending Tasks display the unanswered update requests sent from the plugins for new libraries that are added to your inventory.
Clicking More.. directs you to the Organizational Pending Tasks page, where you can select one or multiple pending tasks, and then click More Information (relevant only in Vulnerability-based Alerts organizations). The Library Vulnerabilities and Licenses pop-up screen is displayed, enabling you to view the number of vulnerable libraries plus license information for the selected components.
User Requests (Requested by Me)
The Requested By Me table displays the update requests sent by the user from the plugins regarding new libraries.
Clicking More… directs you to the Requests History Reportwhichprovides details about all requests in an organization for all statuses.