WhiteSource Review

Helpful for compiling a list of our third-party libraries, but it needs a quality gate function


What is our primary use case?

Our primary use for WhiteSource Bolt is to gain visibility over third-party libraries in order to perform vulnerability assessments and take care of licensing issues.

We are using this solution within our Microsoft Azure tenants. Essentially, we are using it in a private cloud.

What is most valuable?

The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate. This helps us quite a bit.

What needs improvement?

We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running. This would give us some sort of automated assurance. This is probably the feature that we'd most like to see.

For how long have I used the solution?

We have been using this solution for about eight months.

What do I think about the stability of the solution?

Generally, the stability is pretty good. The only thing we have noticed in the past couple of weeks is that it's been quite slow at times. We are reaching out to them over the issue.

What do I think about the scalability of the solution?

We haven't deployed it on a massive scale so we may not be able to judge the scalability. We run through perhaps ten deployments in a day, and we have not seen any issues.

We use this for anything that gets deployed, which is every pipeline that we run through our CICD.

How are customer service and technical support?

I haven't needed to engage with technical support for this solution.

If you previously used a different solution, which one did you use and why did you switch?

For this use case, we did not use another solution prior to this one.

How was the initial setup?

Given that it is a cloud-based solution, it is really easy. The deployment takes a couple of minutes.

What's my experience with pricing, setup cost, and licensing?

The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.

Which other solutions did I evaluate?

We are still evaluating at the moment, and have not officially adopted WhiteSource as of yet.

What other advice do I have?

For anybody who is researching this type of solution, my suggestion is to try them first. We tried quite a few of the various toolings available, and some of them are just not workable. They're very different on paper, so you have to use them to really compare them.

I would rate this solution a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email