Product, Project, and Organization names are case-sensitive.
CVSS score version 3.1 is currently only partially supported in WhiteSource, and is planned to be fully supported in the near future.
Quality Metrics related to bugs on open source libraries: Due to the information being partially available, some libraries may contain broken links, or may not display accurate information regarding their known bugs. Therefore, WhiteSource may occasionally display information on bugs that were previously closed. This known issue is currently being handled, and may require a number of future releases before it is fully resolved.
Libraries with multiple versions: In the event that multiple versions of the same library are in use, and the latest library version is used in multiple projects, the alert created by WhiteSource displays only one project name in the description. This known issue is currently being handled and should be resolved with a new alerts model we're currently developing.
In the Scala dependencies detection, when using SBT version less than 1.3 and the sbt-coursier plugin is installed, only dependencies included in the compile scope can be resolved. We recommend adding the sbt-dependency-graph plugin to overcome this limitation.
The fields Uploaded by and Request Token in the Project Vitals panel disappear after removing a library.