We set the solution up and enabled it. We had everything running pretty quickly. This is not a difficult product to implement. Some of the competing products are harder to implement.

I was involved in the selection of the solution and I supervised the people who installed it. I didn't personally sit down at the keyboard and do it myself.

That said, it was simple to set up. A single person set it up. The contractor who did it worked for me and I was in very close contact with him the entire time, both through the POC effort and the actual turning it on after we had a license. At no time did we struggle enough that we needed to delay the project. It went very well.

There are more people than that involved in using the solution. I have a security hardening program and this is one of their core tools. The technical program manager who runs that for me uses the dashboards out of Mend (formerly WhiteSource) and a few other tools as his core information collection system. We have all the technical team leads and each is responsible for their own code. We don't go in there independently and update their code. We hold them to account for the metrics that come out of their code. That's what my team does.

We've actually brought it in to support mobile development. Open-source is fundamental in mobile and we had a lot of it. That was where we were initially trying to get everything going as well as they needed to. We also have a bunch of web application development here. Our ecosystem is both web and mobile. We also have backend web services that are written in. I have teams running in .NET. Most of our teams are .NET, however, we also have code in Java and we're scanning all of that with Mend (formerly WhiteSource) to find OSS components and evaluate security.

The solution recently required maintenance. They did an upgrade which changed our numbers a little bit as they changed the way they do evaluations. With that one exception, which was more or less transparent, they got most of the projects the first time through. The assisted migration they did on the back end didn't work correctly and we had to go back to them and have them do some additional work. With that one exception, we haven't had to do any serious maintenance on it in quite a long time. The maintenance we did was related to an internal change they made inside the product and we had to upgrade some items.

I am the product owner of Mend at this company, so I was responsible for setting it up and the GitHub integration process. The initial setup was straightforward, but we had to do a few steps to meet the company requirements. For example, we need to enable it through the proxy and allow it to reach external registries.

We needed to configure it to go through that path and then enable and deploy the necessary package managers. That took a little work in the beginning, but everything was good once that was all figured out.

We have a team of three engineers supporting it, but they're working on this solution full-time. We get releases every other week, so we need to ensure the enrollment is up to date. That deployment doesn't take much time because we build our dock images, and we need to enable multiple package managers. They give us the docker file that we build based on our needs. 

It takes a day to deploy all these components. We mainly need additional engineers to support our user community, providing answers or clarifications. Otherwise, it's just one person maybe supporting the platform. 

Mend ensured the correct data version is deployed. Other than that, it's the normal maintenance of supporting our end users. They may have questions about some fixes or suspected false positives, but we have very few false positives. 

The initial setup was pretty easy.

The deployment didn’t take long. Within a day or two, it was done.

There's no maintenance and deployment of Mend as such.

The setup was very straightforward. It took only a few minutes to be able to scan the first project. Because we had 40 or 50 projects to scan, it took about a week to set up everything.

The deployment was done by me with some help from IT.

Because we are using the SaaS solution, we don't have to upgrade the main tools. Regarding the Unified Agent, we try to upgrade a few times a year so that we are using the latest version. Overall, the maintenance is very low. We don't spend much time on it.

WhiteSource's initial setup is very straightforward. In all three use cases, it was very straightforward. With Sonatype, we used the on-premise version, but with Snyk and WhiteSource, we used their cloud version. It did take a little time to set up Sonatype, but it was straightforward. We had people helping and guiding us on a Zoom call in all three use cases. It did not take long or was it complicated in either of the use cases. Overall all it took was under an hour.

I was involved in the initial setup of the solution. I worked with the customer success manager and we got it set up pretty quickly. Then, we had a number of follow-up calls where we asked "Is this set up right?" That was six months down the line. The customer success manager had a few points that he pointed out to us and they were useful.

The SSO integration is normally something that can be tricky, however, it was okay. It worked pretty quickly. Everything went okay.

Once we got the administration set up, we introduced it to the various engineering leads in the company, and then they introduced it to their team. That was a fairly painless process. Everyone was on board with wanting to introduce this product and wanted to reap the benefits.

It is quite simple. Its implementation takes days, and its implementation strategy is a part of our management plan.

It is a SaaS solution. I was not involved in its deployment. It was already in the company for six months when I got my hands on it.

In terms of maintenance, we just need to check which users have left the organization so that we can maintain the number of users under the license that we have purchased. That is a small thing required on our side even though we have SSO integrated.

The deployment was mixed; there's always a window in which we are required to adapt to a tool. This solution isn't an out-of-the-box kind of model. There was some fine-tuning involved in the deployment according to our needs and specific projects, which is expected but somewhat challenging nonetheless. 

The key staff involved in the deployment included me as the deployment manager, a customer success manager from Mend, a leading member of our IP Council, and the security advisers for each product. Once the deployment strategy is decided, the IP Council and security team take a back seat, and I work closely with the product architects moving forward. Deployment, fine-tuning, and getting the scans up and running takes two to two and a half days maximum per product. Ultimately, five or six key staff are involved in the solution's deployment, configuration, and maintenance. 

The initial setup of WhiteSource is straightforward.

Setting up the tool for automated usage is very straightforward. Follow the documentation carefully and you will likely be fully up and running in between 15 and 60 mins.

Given that it is a cloud-based solution, it is really easy. The deployment takes a couple of minutes.

The initial setup was of an intermediate complexity. It was neither complex, nor straightforward. It could have been easier. Understandably, it involved a certain amount of configuration. 

It wasn’t too complex because you have different options for integrating your repositories, from a simple directory scan to a complex plug-in. We decided to begin with the simplest one and adopt new integrations step by step.

It was not that easy, but easy enough to go ahead. 

From time-to-time, we get some hints from the support on how to work with it. The dashboard is pretty good, so one can easily find things that they are looking for. However, the topic search, it is very complex and complicated to get a qualified picture of all these licenses. I know that there are online resources for us which we can take into account, but taking everything together, it still remains quite complicated for us to work with it.

The initial setup was straightforward.

Installation took no more than five minutes. 

It was quite straightforward. It was intended to be done on the DevOps side. It was nothing special. It didn't work after the setup. It caused build failures.

The initial setup was quick and easy. The CS team and the documentation were very helpful. We kicked off in a few days and the integration went smoothly.

Really straightforward. The first scan was ready in 30 minutes.

The initial setup was pretty straightforward. The deployment took about three weeks.

The initial setup of this solution was straightforward and easy.