WhiteSource Primary Use Case

VP R&D at a computer software company with 51-200 employees
We use WhiteSource mainly to automate open source vulnerability detection and remediation, as well as for license compliance. I’m less on the side of the license but mainly use the service to get control over vulnerabilities, detect the ones that affect us and remediate accordingly. We integrate WhiteSource to our pipeline via CI server integration and now started using the GitHub integration too. We also run an agent in specific use cases. View full review »
User at a tech vendor with 1,001-5,000 employees
Our primary use for WhiteSource is security and license risk detection in open-source, third-party libraries and components. We run scans from multiple source control and build systems (TFS, ADO, Jenkins, ...). Some of our scans are automated, while others are done manually with the unified file agent in offline mode scan, and then the resulting "wsjson" file is uploaded to the WS SaaS portal. View full review »
Co Founder at a consumer goods company with 11-50 employees
We needed a tool to ensure that we are not using vulnerable libraries or open-source libraries with a copyleft license. We integrated WhiteSource with our repositories and CI server and set up automated policies to reject copyleft licensed libraries because our legal department doesn't allow them. We also have it open Jira issues automatically when a vulnerable library is detected and assign it to an engineer so we can shorten our response time to vulnerabilities detected in our applications. It integrates nicely with our existing workflow. View full review »
Learn what your peers think about WhiteSource. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,850 professionals have used our research since 2012.
Alon Michaeli
Founder & CEO at Data+
We use WhiteSource mainly to: * Detect and automate vulnerability remediation. We started to research solutions since our dev teams are unable to meet sprint deadlines and keep track of product security. Most of our code scans are automated and integrated within our pipeline, which integrates with our CI server. With some, we run them manually using an agent. We recently started using the repository integration with Github, too, pre-build. * License reporting and attribution reports. We use attribution reports and due diligence reports to asses risks associated with open-source licenses. View full review »
VP R&D at a tech services company with 11-50 employees
We use WhiteSource to monitor our open-source usage. Specifically to avoid legal issues with open-source licensing, which may deter potential buyers or investors. Additionally, we analysed the code for security vulnerabilities. We found the effective vulnerabilities report very useful since it lowered the number of actual defects found in the product and saved us a lot of work. Our environment is made of micro-services running in Kubernetes using NodeJS and Typescript for the backend, and AngularJS for the frontend. We use MongoDB, Redis, RabbitMQ, and ELK. View full review »
Project Manager at a health, wellness and fitness company with 11-50 employees
We started using WhiteSource mainly to scan dependencies and detect open-source licenses, copyright information, and vulnerabilities. We’ve managed to establish an integration with our CICD pipelines and use pretty much all of the automation that is offered, including automated policies. View full review »
Daniel Hall
Technical Architect at Dwr Cymru Welsh Water
Our primary use for WhiteSource Bolt is to gain visibility over third-party libraries in order to perform vulnerability assessments and take care of licensing issues. We are using this solution within our Microsoft Azure tenants. Essentially, we are using it in a private cloud. View full review »
DevOps CI/CD Team Lead at a computer software company with 10,001+ employees
We use this solution for scanning NodeJS and Maven projects during the CI/CD processes. We have hundreds of scans per day for any project that runs on our CI and passes the release build. This means that any release build runs the WhiteSource scan before deployment to production clusters, which ensures that we are pretty covered in terms of licenses for open source dependencies. We are running on top of hundreds of microservices and thousands of daily builds, of which part of them are moving to production deployment eventually. View full review »
Senior Productization Specialist at a tech services company with 51-200 employees
I use this solution for product inventory trace and 3PPs handling in aspect of License Compliance & Security. I've been using both the UI & API. View full review »
Learn what your peers think about WhiteSource. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,850 professionals have used our research since 2012.