What is our primary use case?
Our primary use is to find all the third-party libraries and open source libraries which are hidden in the software, such that no third-party libraries are forgotten.
- To get an overview of all these third-party components.
- To get some information from WhiteSource about which licenses are behind the third-party tool, and what implications these might have for us.
How has it helped my organization?
We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds. Then, we can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs, etc.
What is most valuable?
Several dashboards. The licenses dashboard, which gives me an overview of all the licenses used in our software. For example, right at the moment, there are several hundreds of licenses used. The licenses dashboard and release management dashboard along with reports (like risk, vulnerabilities, high severity, bug alerts, etc.).
What needs improvement?
Every product has room for improvement, including WhiteSource. The stability of the product is web-based. We are obliged to use the Internet Explorer, and from time-to-time I get messages which tells me that I do not have the rights to use WhiteSource, which is obviously wrong. I also suggested it to WhiteSource, and they told me that WhiteSource only works reliably for Firefox and Chrome. This has some room for improvement for me. Make the product available in a very stable way for other web browsers.
From time to time, the dashboards don't display the full content that I expect. It seems that licenses are not shown nor are products are shown in full detail. I am just missing things at times. This might be due to the Internet Explorer issue, and if I am not using the right web browser, then maybe it does not work correctly.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
From time-to-time, it seems in Internet Explorer, which we use here in our company, the product is not stable in all cases. I get wrong error messages, and it seems that WhiteSource does not display all the contents that should be there.
It is good enough. We can live with it in this situation. Though maybe it would be much better if we used Chrome or Firefox.
The picture that I have of it is that it is not yet a fully 100% stable software. This is the impression that I have. It is not 100% stable and reliable, but it is good enough that we can work with it.
What do I think about the scalability of the solution?
We have only six software projects included right now. Altogether, we have several hundred third-party open source components. With this amount of objects displayed in the dashboards, it is working pretty well. I cannot say anything which goes beyond that amount.
From time-to-time, I have the impression that if it is a long list (e.g., if I have several hundreds of entries in a list), that this list might somehow get a little bit difficult to handle with the scroll bar in finding things. This could be improved, in regards to handling a lot of data. It seems a little bit limited.
How is customer service and technical support?
We have tech calls with WhiteSource on a regular basis, about every four weeks.
The customer success manager, who is responsible for us, works with us pretty well. Every several weeks, we have a phone call, then we try to move one step forward to improve things, and so on.
The overall support that we receive is pretty good.
Which solutions did we use previously?
We did not use anything before WhiteSource.
How was the initial setup?
It was not that easy, but easy enough to go ahead.
From time-to-time, we get some hints from the support on how to work with it. The dashboard is pretty good, so one can easily find things that they are looking for. However, the topic search, it is very complex and complicated to get a qualified picture of all these licenses. I know that there are online resources for us which we can take into account, but taking everything together, it still remains quite complicated for us to work with it.
What was our ROI?
Up until now, we were convinced that the return of investment was not really the case. However, we will see if maybe we get enough benefit out of the tool that we can argue internally that it is really worth using it.
When using WhiteSource, you cannot really be sure what the ROI is. It is an indication, a hint, that maybe you should look at these licenses or those licenses. However, maybe it has not found everything. Nobody can guarantee that we now have the complete picture. It is maybe an improved picture on all this third-party open-source stuff, but maybe it is also not the complete picture.
What's my experience with pricing, setup cost, and licensing?
We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.
Which other solutions did I evaluate?
We did evaluate another tool along with WhiteSource, but we decided to take WhiteSource. There was this other tool, Black Duck, but we decided to work with WhiteSource.
However, we have not fully evaluated this tool. It seemed too complicated for us, so at a certain point, we just decided to work with WhiteSource further on.
What other advice do I have?
I recommend using WhiteSource to other companies if they are in a similar situation that we are. If they are having real problems in dealing with all these open source licenses, then it is a good approach to use WhiteSource and get a handle of the whole topic.
I do recommend it.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Mar 07 2018