WhiteSource Review

Enables scanning of third-party libraries to ensure policy compliance but needs better role definition

How has it helped my organization?

To prevent shipping commercial or GPL libraries, we scan our repositories.

What is most valuable?

Scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed and that we’re not using “forbidden” libraries.

What needs improvement?

Better ACL and more role definitions. This product could be used by large organisations but it definitely needs a better role/action model.

Right now (in my understanding) there are roles for WhiteSource Admin and Members and Product Admins and Members.

Here are some suggestions:

  • When you create a new product “A” (for example)  then automatically create the user groups A-Admin, A-Members, A-Alerts and A-Approvers. In that way you just need to assign users.
  • Have a new role “Product Status Updates”,  because I don’t want all product admins to receive the status or to have all who get the status as product admins.
  • Have a new role “WhiteSource Status Updates” - I want to have different groups to be admins or to receive a status report.
  • Have a new role “Audit” to receive audits.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues, it's working really well.

What do I think about the scalability of the solution?

No issues so far.

How are customer service and technical support?

Eight out of 10. Always responsive.

Which solution did I use previously and why did I switch?

We were using editors or Wiki to keep that information, but obviously it was not updated.

How was the initial setup?

It wasn’t too complex because you have different options for integrating your repositories, from a simple directory scan to a complex plug-in. We decided to begin with the simplest one and adopt new integrations step by step.

What's my experience with pricing, setup cost, and licensing?

Pricing / licensing model changed during last year so I don’t have an opinion here yet.

Which other solutions did I evaluate?

I evaluated Black Duck.

What other advice do I have?

It’s important to define guidelines and best practices regarding how to use the product internally; who defines what? Who accesses what? 

Best way to integrate my GitHub repo, my Maven project, etc.

Which version of this solution are you currently using?

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More WhiteSource reviews from users
...who work at a Computer Software Company
...who compared it with Black Duck
Learn what your peers think about WhiteSource. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
521,189 professionals have used our research since 2012.
Add a Comment
ITCS user

author avatarfancyjerry (IBM)

Thanks for sharing. we are also considering whitesource solution and this Review helps.

author avatarPatricia A. Johnson (WhiteSource)
Real User

Thanks for your comment! If you have any questions during your review process of WhiteSource's solution I would be happy to assist you.