What is our primary use case?
We started using WhiteSource mainly to scan dependencies and detect open-source licenses, copyright information, and vulnerabilities.
We’ve managed to establish an integration with our CICD pipelines and use pretty much all of the automation that is offered, including automated policies.
How has it helped my organization?
We were able to integrate the product naturally into our development process and it provided results really fast. You can easily use the unified agent and connect your CICD tools. It scans all of your source code quickly and it took us just a few minutes to run. The REST API is really good as well.
In the past, running similar tools or trying to get feedback on our open-source state was almost impossible.
Our primary goal was to get the license reports, but now we have a full end-to-end process that automates all license management, open-source license approval, rejection, ticket assignment, and more.
What is most valuable?
Our use case focuses on licenses, so the most valuable feature would probably be the license reports and policies, which is why we reached out in the first place.
The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies.
We use the Policies feature to approve or reject automatically open-source licenses, according to preset company policy.
With respect to ticketing, we use the JIRA integration to assign a problematic open-source library. It opens a ticket on our end and it is assigned automatically to the right owner. It saves a lot of hassle and simplifies the process internally.
What needs improvement?
It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding.
For how long have I used the solution?
We have been using WhiteSource for six months.
Which other solutions did I evaluate?
Given the different solutions in that space, WhiteSource was the best solution for our needs. We’ve found it was able to manage all dependencies, automate alerts, and provide us with easy and quick license reports, attribution and copyright information.
What other advice do I have?
I believe we’re still in a stage where we’re trying to gain all the benefits of the solution and understand what features can be maximized.
The product is simple on one hand as it's so easy to use, run and get insights from, but on the other hand, it offers so much that it’s hard to fully grasp all its capabilities.
I’m not sure I have the best knowledge so far to recommend features and capabilities since this is very new to us. Currently, we’re happy to have something that addresses our needs.