We just raised a $30M Series A: Read our story
2019-09-19T08:39:00Z

What needs improvement with WhiteSource?

26

Please share with the community what you think needs improvement with WhiteSource.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
1111 Answers

author avatar
Top 10Real User

We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail.

2021-02-22T14:10:50Z
author avatar
Top 10Real User

It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process.

2021-01-15T20:36:24Z
author avatar
Top 10Real User

The dashboard UI and UX are problematic. This solution looks like a 1995 web site and it's very hard to understand what the issue is and why it failed.

2020-01-16T08:31:00Z
author avatar
Top 10Real User

The UI is not that friendly and you need to learn how to navigate easily. It also doesn’t run as smoothly as I would want or expect, and I believe it requires some improvements. That said, the Success team is very attentive and does reply and answer related matters quite fast. Currently, effective vulnerabilities are only available in two languages, which is great, but I would be very happy to see more languages. It does cover most of our libraries, but we do have other languages in use. More coverage on that aspect would be helpful.

2020-01-07T12:57:00Z
author avatar
Top 10Real User

It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding.

2020-01-06T10:07:00Z
author avatar
Top 10Real User

WhiteSource Prioritize should be expanded to cover more than Java and JavaScript. We are currently using WhiteSource Prioritize for Java and it cuts our vulnerability alerts by almost 90%. However, Prioritize doesn't cover python or other languages at this point and our developers are required to deal with many open source security alerts. The problem is that now our developers are aware that most open source security alerts are not impacting the security of their applications and it's harder to get their cooperation. We are waiting for WhiteSource to announce support ifor Python and other languages.

2019-12-31T07:22:00Z
author avatar
Top 10Real User

The changes that we would like to see are mostly usability issues. The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved. The UI is also too crowded. I believe that less information, or a different data summary, can be more readable. I know this is something they’re currently working on, but not sure where it stands. Reporting could be easier, as it does not export filtered-down lists. It would be really valuable to add the ability to customize options in the reports.

2019-12-26T12:47:00Z
author avatar
Top 10Real User

The agent usage was not as smooth as the online experience. It lacks in terms of documentation and the errors and warnings it produces are not always very clear. We were able to get it up and running in a short while by getting help from support, which was very approachable and reliable. If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation. I would also like to get better integration with Google Docs.

2019-12-23T12:59:00Z
author avatar
Top 10Vendor

Places in need of improvement are: * Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting. * Manual uploads of "wsjson" files can only be done by a global admin. Product administrators should be given this right for uploading files to their products/projects. * Better support for proxies is needed when running the unified file agent behind a proxy. It can be made to work, but the Java proxy config and cert trust for MitM traffic inspection are very painful to set up.

2019-12-12T22:32:00Z
author avatar
Top 10Real User

WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers. This solution needs better support and customer service.

2019-12-12T14:38:00Z
author avatar
Real User

We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running. This would give us some sort of automated assurance. This is probably the feature that we'd most like to see.

2019-09-19T08:39:00Z
Learn what your peers think about WhiteSource. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
542,608 professionals have used our research since 2012.