WhiteSource for GitLab

Supported GitLab Offerings

This integration only supports Self-Managed instances. It does not currently support GitLab.com instances.

WhiteSource for GitLab integrates into your native GitLab environment, scanning your repositories, as part of your WhiteSource account. It is an integrated product within GitLab that detects all of your open-source components and displays all vulnerabilities for these components.

WhiteSource for GitLab provides you with information on vulnerable and outdated open-source components and generates comprehensive up-to-date reports in the Issues tab and the security dashboard of the scanned project. In addition, you will be able to view the scanned projects in the WhiteSource portal.

WhiteSource for GitLab is part of WhiteSource for Developers and includes automated fix Merge Requests as well as Automated Dependency Updates (as part of WhiteSource Renovate) with WhiteSource Remediate.

WhiteSource for GitLab is a Docker-based integration, deployed on your local environment.

All open-source components are communicated using their sha1 hash value between your local environment and WhiteSource.

Refer to the following sections: