WhiteSource Review

Deployment is easy: In 30 minutes, your product is analysed and the results are available.

How has it helped my organization?

With WhiteSource, we have been able to automate the scan of our Open Source dependencies. Before, it was a 50% automated in-house solution.

What is most valuable?

  • Open Source dependencies scan
  • Common Vulnerabilities and Exposures (CVE) detection
  • Useful license and copyright reports.
  • Dashboards to manage the risk by product or by organisation.

We are using a lot of Open Source components to develop our products. WhiteSource is the perfect tool to manage the Open Source governance. All our continuous integration stack is using WhiteSource to scan our dependencies (Maven, NPM, Docker).

Next, we are integrating the WhiteSource reports in our products (in a legal-notices folder) to store all the copyright and licensing information. WhiteSource replaced a painful and complex in-house solution, now it's fully automated.

What needs improvement?

Notifications could be improved. Everything else is OK.

If one of our products is using a dependency with a black-listed license (LGPL, for example) we like to notify the developer who added this dependency. And we use the same notification if you try to use a component with no license or no copyright information.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

No issues.

How is customer service and technical support?

Customer Service:

A nine out of 10. They are really reactive when we have a question.

Technical Support:

A nine out of 10. They are really reactive when we have a question.

Which solutions did we use previously?

We were using an in-house solution based on some Maven plugins. The process was not fully-automated. We were looking for a fully-automated solution.

How was the initial setup?

Really straightforward. The first scan was ready in 30 minutes.

What about the implementation team?

My team (release engineering) implemented WhiteSource for our company.

What was our ROI?

We are really happy to use WhiteSource. A lot of time has been saved and the results are more accurate.

What's my experience with pricing, setup cost, and licensing?

The setup cost is cheap. For our company, we received a good price to manage unlimited products and versions.

Which other solutions did I evaluate?

We did a comparison with Black Duck, but WhiteSource was better at managing the Open Source stuff.

What other advice do I have?

We are a happy customer.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email