WhiteSource Review

Deployment is easy: In 30 minutes, your product is analysed and the results are available.

How has it helped my organization?

With WhiteSource, we have been able to automate the scan of our Open Source dependencies. Before, it was a 50% automated in-house solution.

What is most valuable?

  • Open Source dependencies scan
  • Common Vulnerabilities and Exposures (CVE) detection
  • Useful license and copyright reports.
  • Dashboards to manage the risk by product or by organisation.

We are using a lot of Open Source components to develop our products. WhiteSource is the perfect tool to manage the Open Source governance. All our continuous integration stack is using WhiteSource to scan our dependencies (Maven, NPM, Docker).

Next, we are integrating the WhiteSource reports in our products (in a legal-notices folder) to store all the copyright and licensing information. WhiteSource replaced a painful and complex in-house solution, now it's fully automated.

What needs improvement?

Notifications could be improved. Everything else is OK.

If one of our products is using a dependency with a black-listed license (LGPL, for example) we like to notify the developer who added this dependency. And we use the same notification if you try to use a component with no license or no copyright information.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

No issues.

How are customer service and technical support?

Customer Service:

A nine out of 10. They are really reactive when we have a question.

Technical Support:

A nine out of 10. They are really reactive when we have a question.

Which solution did I use previously and why did I switch?

We were using an in-house solution based on some Maven plugins. The process was not fully-automated. We were looking for a fully-automated solution.

How was the initial setup?

Really straightforward. The first scan was ready in 30 minutes.

What about the implementation team?

My team (release engineering) implemented WhiteSource for our company.

What was our ROI?

We are really happy to use WhiteSource. A lot of time has been saved and the results are more accurate.

What's my experience with pricing, setup cost, and licensing?

The setup cost is cheap. For our company, we received a good price to manage unlimited products and versions.

Which other solutions did I evaluate?

We did a comparison with Black Duck, but WhiteSource was better at managing the Open Source stuff.

What other advice do I have?

We are a happy customer.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More WhiteSource reviews from users
...who work at a Computer Software Company
...who compared it with Black Duck
Learn what your peers think about WhiteSource. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,372 professionals have used our research since 2012.
Add a Comment
ITCS user