WhiteSource Archived Reviews (More than two years old)

Filter by:
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Real User
Head of Department for Software Engineering and Integration
Mar 07 2018

What is most valuable?

Several dashboards. The licenses dashboard, which gives me an overview of all the licenses used in our software. For example, right at the moment, there are several… more »

How has it helped my organization?

We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality… more »

What needs improvement?

Every product has room for improvement, including WhiteSource. The stability of the product is web-based. We are obliged to use the Internet Explorer, and from… more »

What's my experience with pricing, setup cost, and licensing?

We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.

Which solution did I use previously and why did I switch?

We did not use anything before WhiteSource.

What other advice do I have?

I recommend using WhiteSource to other companies if they are in a similar situation that we are. If they are having real problems in dealing with all these open source… more »

Which other solutions did I evaluate?

We did evaluate another tool along with WhiteSource, but we decided to take WhiteSource. There was this other tool, Black Duck, but we decided to work with WhiteSource… more »
Vendor
Director at a media company with 1,001-5,000 employees
Dec 21 2017

What is most valuable?

Scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed and that we’re not using… more »

How has it helped my organization?

To prevent shipping commercial or GPL libraries, we scan our repositories.

What needs improvement?

Better ACL and more role definitions. This product could be used by large organisations but it definitely needs a better role/action model. Right now (in my understanding)… more »

What's my experience with pricing, setup cost, and licensing?

Pricing / licensing model changed during last year so I don’t have an opinion here yet.

Which solution did I use previously and why did I switch?

We were using editors or Wiki to keep that information, but obviously it was not updated.

What other advice do I have?

It’s important to define guidelines and best practices regarding how to use the product internally; who defines what? Who accesses what? Best way to integrate my GitHub… more »

Which other solutions did I evaluate?

I evaluated Black Duck.
Learn what your peers think about WhiteSource. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
437,557 professionals have used our research since 2012.
Real User
Release Engineer at a tech vendor with 201-500 employees
Oct 30 2017

What is most valuable?

* Open Source dependencies scan * Common Vulnerabilities and Exposures (CVE) detection * Useful license and copyright reports. * Dashboards to manage the risk by product… more »

How has it helped my organization?

With WhiteSource, we have been able to automate the scan of our Open Source dependencies. Before, it was a 50% automated in-house solution.

What needs improvement?

Notifications could be improved. Everything else is OK. If one of our products is using a dependency with a black-listed license (LGPL, for example) we like to notify the… more »

What's my experience with pricing, setup cost, and licensing?

The setup cost is cheap. For our company, we received a good price to manage unlimited products and versions.

Which solution did I use previously and why did I switch?

We were using an in-house solution based on some Maven plugins. The process was not fully-automated. We were looking for a fully-automated solution.

What other advice do I have?

We are a happy customer.

Which other solutions did I evaluate?

We did a comparison with Black Duck, but WhiteSource was better at managing the Open Source stuff.

What is WhiteSource?

The leading solution for agile open source security and license compliance management, WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time.

It provides remediation paths and policy automation to speed up time-to-fix. It also prioritizes vulnerability alerts based on usage analysis.

We support over 200 programming languages and offer the widest vulnerability database aggregating information from dozens of peer-reviewed, respected sources.

WhiteSource customers

Microsoft, Autodesk, NCR, Comcast, Nokia, Forgerock, indeed.com, GE digital, KPMG, LivePerson, Jack Henry and Associates

BUYER'S GUIDE
Download our free WhiteSource Report and get advice and tips from experienced pros sharing their opinions.