WhiteSource Valuable Features
The policy automation on effective vulnerabilities feature had a major impact on how we address open source vulnerabilities since it focuses on effective vulnerabilities and directs you to the specific methods. Other services will give a much larger list to remediate. I believe it cuts around 80% of alerts.
With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions. It sounds simple but I haven’t seen this capability with any other solution. This saves quite some time.
There are more small things within the UI that focus on giving the quickest remediation path, and I believe this is the WhiteSource’s strongest area.View full review »
The most valuable features of this solution are:
- The vulnerability and license alerts are the main purposes of us utilizing this tool. We don't want to ship software and mistakenly include a GPL component. Similarly, we want to stay up to date on all vulnerabilities in third-party libraries so we can take action if our software solutions are impacted.
- Implementing policies is helpful because it's great when certain "no-nos" can be codified as policies and auto-rejected.
- Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software.
WhiteSource is very accurate and covers all of our languages (including C++).
WhiteSource Prioritize is amazing. If we are using a vulnerable library, it shows us if we are actually using the vulnerable method or not. This saves us a lot of time that we can instead invest in other projects.
It also does a great job of automating many activities we used to do manually. Now the system does it for us and it generates a great security dashboard that shows us whether our remediation velocity is improving or not.
The most valuable features for us are:
- Fix suggestions. Our dev team uses the fix suggestions feature to quickly find the best path for remediation. Before that you would have to research online for fixes, and most of the time it’s not that straightforward.
- Trace analysis. Trace analysis enables our team to get the fix, including a clear path to the vulnerable method. This saves quite some time.
- Open-source inventory reports. These reports are easy to manage and provide a clear view of our open-source assets. There’s also an option to create policies around that.
For us, the most valuable tool was open-source licensing analysis. Although we don't use it on a weekly basis, when we needed to produce a reliable analysis of our open-source licensing exposure, we found it very very effective. Considering the alternatives, which were to analyse manually, WhiteSource saved us a ton of work that we really needed to complete in a short time. It would have involved finding all the different packages, be them in package.json files or analyse the docker images, and then find their effective license, which in itself is not a simple task.View full review »
Our use case focuses on licenses, so the most valuable feature would probably be the license reports and policies, which is why we reached out in the first place.
The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies.
We use the Policies feature to approve or reject automatically open-source licenses, according to preset company policy.
With respect to ticketing, we use the JIRA integration to assign a problematic open-source library. It opens a ticket on our end and it is assigned automatically to the right owner. It saves a lot of hassle and simplifies the process internally.View full review »
The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate. This helps us quite a bit.View full review »
Business Process Analyst at a financial services firm with 1,001-5,000 employees
The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine.View full review »
DevOps CI/CD Team Lead at a computer software company with 10,001+ employees
The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar). It helps us to scan easily and is agnostic to the technology.View full review »
Sr. Director, Cloud Operations at a computer software company with 1,001-5,000 employees
Its ease of use and good results are the most valuable.View full review »
The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution.View full review »