WhiteSource Overview

WhiteSource is the #3 ranked solution in our list of top Software Composition Analysis (SCA) tools. It is most often compared to SonarQube: WhiteSource vs SonarQube

What is WhiteSource?

The leading solution for agile open source security and license compliance management, WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time.

It provides remediation paths and policy automation to speed up time-to-fix. It also prioritizes vulnerability alerts based on usage analysis.

We support over 200 programming languages and offer the widest vulnerability database aggregating information from dozens of peer-reviewed, respected sources.

WhiteSource Buyer's Guide

Download the WhiteSource Buyer's Guide including reviews and more. Updated: May 2021

WhiteSource Customers

Microsoft, Autodesk, NCR, Comcast, Nokia, Forgerock, indeed.com, GE digital, KPMG, LivePerson, Jack Henry and Associates

WhiteSource Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Head of Department for Software Engineering and Integration
Real User
Using it, we can take some measures to improve things, replace a library, or update a library which was too old

What is our primary use case?

Our primary use is to find all the third-party libraries and open source libraries which are hidden in the software, such that no third-party libraries are forgotten. * To get an overview of all these third-party components. * To get some information from WhiteSource about which licenses are behind the third-party tool, and what implications these might have for us.

Pros and Cons

  • "The overall support that we receive is pretty good. ​"
  • "We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
  • "We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs."
  • "Make the product available in a very stable way for other web browsers."

What other advice do I have?

I recommend using WhiteSource to other companies if they are in a similar situation that we are. If they are having real problems in dealing with all these open source licenses, then it is a good approach to use WhiteSource and get a handle of the whole topic. I do recommend it.
Director at a media company with 1,001-5,000 employees
Enables scanning of third-party libraries to ensure policy compliance but needs better role definition

Pros and Cons

  • "Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
  • "Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."

What other advice do I have?

It’s important to define guidelines and best practices regarding how to use the product internally; who defines what? Who accesses what? Best way to integrate my GitHub repo, my Maven project, etc.
Learn what your peers think about WhiteSource. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
510,882 professionals have used our research since 2012.
ITCS user
Release Engineer at a tech vendor with 201-500 employees
Real User
Deployment is easy: In 30 minutes, your product is analysed and the results are available.

What other advice do I have?

We are a happy customer.