What is our primary use case?
We use this solution for scanning NodeJS and Maven projects during the CI/CD processes. We have hundreds of scans per day for any project that runs on our CI and passes the release build.
This means that any release build runs the WhiteSource scan before deployment to production clusters, which ensures that we are pretty covered in terms of licenses for open source dependencies.
We are running on top of hundreds of microservices and thousands of daily builds, of which part of them are moving to production deployment eventually.
How has it helped my organization?
In general, we are covered for open source licensing issues and CVE errors on particular versions for open source dependencies. Moreover, we have covered ourselves for security auditing by stating that we are users of WhiteSource.
What is most valuable?
The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar). It helps us to scan easily and is agnostic to the technology.
What needs improvement?
The dashboard UI and UX are problematic. This solution looks like a 1995 web site and it's very hard to understand what the issue is and why it failed.
For how long have I used the solution?
I have been using WhiteSource for almost five years.
What do I think about the stability of the solution?
How are customer service and technical support?
Our account manager is the best!
Which solution did I use previously and why did I switch?
This is my first open-source scanning solution.
What about the implementation team?
The setup was performed independently.
Which other solutions did I evaluate?
I didn't choose it but I saw a demo of Synk.
What other advice do I have?
Improve the UI please... developers cannot find themselves in this dashboard.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?