WhiteSource Review

Helpful for compiling a list of our third-party libraries, but it needs a quality gate function

What is our primary use case?

Our primary use for WhiteSource Bolt is to gain visibility over third-party libraries in order to perform vulnerability assessments and take care of licensing issues.

We are using this solution within our Microsoft Azure tenants. Essentially, we are using it in a private cloud.

What is most valuable?

The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate. This helps us quite a bit.

What needs improvement?

We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running. This would give us some sort of automated assurance. This is probably the feature that we'd most like to see.

For how long have I used the solution?

We have been using this solution for about eight months.

What do I think about the stability of the solution?

Generally, the stability is pretty good. The only thing we have noticed in the past couple of weeks is that it's been quite slow at times. We are reaching out to them over the issue.

What do I think about the scalability of the solution?

We haven't deployed it on a massive scale so we may not be able to judge the scalability. We run through perhaps ten deployments in a day, and we have not seen any issues.

We use this for anything that gets deployed, which is every pipeline that we run through our CICD.

How are customer service and technical support?

I haven't needed to engage with technical support for this solution.

Which solution did I use previously and why did I switch?

For this use case, we did not use another solution prior to this one.

How was the initial setup?

Given that it is a cloud-based solution, it is really easy. The deployment takes a couple of minutes.

What's my experience with pricing, setup cost, and licensing?

The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.

Which other solutions did I evaluate?

We are still evaluating at the moment, and have not officially adopted WhiteSource as of yet.

What other advice do I have?

For anybody who is researching this type of solution, my suggestion is to try them first. We tried quite a few of the various toolings available, and some of them are just not workable. They're very different on paper, so you have to use them to really compare them.

I would rate this solution a seven out of ten.

Which version of this solution are you currently using?

Bolt (cloud version)
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More WhiteSource reviews from users
...who work at a Computer Software Company
...who compared it with Black Duck
Learn what your peers think about WhiteSource. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
521,189 professionals have used our research since 2012.
Add a Comment
ITCS user