How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
To my knowledge, we are using the latest, SaaS, version.
I use the solution for free and open source scanning.
We use this solution for scanning NodeJS and Maven projects during the CI/CD processes. We have hundreds of scans per day for any project that runs on our CI and passes the release build. This means that any release build runs the WhiteSource scan before deployment to production clusters, which ensures that we are pretty covered in terms of licenses for open source dependencies. We are running on top of hundreds of microservices and thousands of daily builds, of which part of them are moving to production deployment eventually.
We use WhiteSource mainly to automate open source vulnerability detection and remediation, as well as for license compliance. I’m less on the side of the license but mainly use the service to get control over vulnerabilities, detect the ones that affect us and remediate accordingly. We integrate WhiteSource to our pipeline via CI server integration and now started using the GitHub integration too. We also run an agent in specific use cases.
We started using WhiteSource mainly to scan dependencies and detect open-source licenses, copyright information, and vulnerabilities. We’ve managed to establish an integration with our CICD pipelines and use pretty much all of the automation that is offered, including automated policies.
We needed a tool to ensure that we are not using vulnerable libraries or open-source libraries with a copyleft license. We integrated WhiteSource with our repositories and CI server and set up automated policies to reject copyleft licensed libraries because our legal department doesn't allow them. We also have it open Jira issues automatically when a vulnerable library is detected and assign it to an engineer so we can shorten our response time to vulnerabilities detected in our applications. It integrates nicely with our existing workflow.
We use WhiteSource mainly to: * Detect and automate vulnerability remediation. We started to research solutions since our dev teams are unable to meet sprint deadlines and keep track of product security. Most of our code scans are automated and integrated within our pipeline, which integrates with our CI server. With some, we run them manually using an agent. We recently started using the repository integration with Github, too, pre-build. * License reporting and attribution reports. We use attribution reports and due diligence reports to asses risks associated with open-source licenses.
We use WhiteSource to monitor our open-source usage. Specifically to avoid legal issues with open-source licensing, which may deter potential buyers or investors. Additionally, we analysed the code for security vulnerabilities. We found the effective vulnerabilities report very useful since it lowered the number of actual defects found in the product and saved us a lot of work. Our environment is made of micro-services running in Kubernetes using NodeJS and Typescript for the backend, and AngularJS for the frontend. We use MongoDB, Redis, RabbitMQ, and ELK.
Our primary use for WhiteSource is security and license risk detection in open-source, third-party libraries and components. We run scans from multiple source control and build systems (TFS, ADO, Jenkins, ...). Some of our scans are automated, while others are done manually with the unified file agent in offline mode scan, and then the resulting "wsjson" file is uploaded to the WS SaaS portal.
I use this solution for product inventory trace and 3PPs handling in aspect of License Compliance & Security. I've been using both the UI & API.
Our primary use for WhiteSource Bolt is to gain visibility over third-party libraries in order to perform vulnerability assessments and take care of licensing issues. We are using this solution within our Microsoft Azure tenants. Essentially, we are using it in a private cloud.
What do you like most about WhiteSource?
Thanks for sharing your thoughts with the community!
Let the community know what you think. Share your opinions now!