2019-09-19T08:39:00Z

What needs improvement with WhiteSource?


Please share with the community what you think needs improvement with WhiteSource.

What are its weaknesses? What would you like to see changed in a future version?

Guest
99 Answers

author avatar
Real User

The dashboard UI and UX are problematic. This solution looks like a 1995 web site and it's very hard to understand what the issue is and why it failed.

2020-01-16T08:31:00Z
author avatar
Top 20Real User

The UI is not that friendly and you need to learn how to navigate easily. It also doesn’t run as smoothly as I would want or expect, and I believe it requires some improvements. That said, the Success team is very attentive and does reply and answer related matters quite fast. Currently, effective vulnerabilities are only available in two languages, which is great, but I would be very happy to see more languages. It does cover most of our libraries, but we do have other languages in use. More coverage on that aspect would be helpful.

2020-01-07T12:57:00Z
author avatar
Top 10Real User

It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding.

2020-01-06T10:07:00Z
author avatar
Top 5Real User

WhiteSource Prioritize should be expanded to cover more than Java and JavaScript. We are currently using WhiteSource Prioritize for Java and it cuts our vulnerability alerts by almost 90%. However, Prioritize doesn't cover python or other languages at this point and our developers are required to deal with many open source security alerts. The problem is that now our developers are aware that most open source security alerts are not impacting the security of their applications and it's harder to get their cooperation. We are waiting for WhiteSource to announce support ifor Python and other languages.

2019-12-31T07:22:00Z
author avatar
Top 5Real User

The changes that we would like to see are mostly usability issues. The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved. The UI is also too crowded. I believe that less information, or a different data summary, can be more readable. I know this is something they’re currently working on, but not sure where it stands. Reporting could be easier, as it does not export filtered-down lists. It would be really valuable to add the ability to customize options in the reports.

2019-12-26T12:47:00Z
author avatar
Top 10Real User

The agent usage was not as smooth as the online experience. It lacks in terms of documentation and the errors and warnings it produces are not always very clear. We were able to get it up and running in a short while by getting help from support, which was very approachable and reliable. If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation. I would also like to get better integration with Google Docs.

2019-12-23T12:59:00Z
author avatar
Vendor

Places in need of improvement are: * Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting. * Manual uploads of "wsjson" files can only be done by a global admin. Product administrators should be given this right for uploading files to their products/projects. * Better support for proxies is needed when running the unified file agent behind a proxy. It can be made to work, but the Java proxy config and cert trust for MitM traffic inspection are very painful to set up.

2019-12-12T22:32:00Z
author avatar
Top 20Real User

WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers. This solution needs better support and customer service.

2019-12-12T14:38:00Z
author avatar
Top 5LeaderboardReal User

We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running. This would give us some sort of automated assurance. This is probably the feature that we'd most like to see.

2019-09-19T08:39:00Z
Learn what your peers think about WhiteSource. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,517 professionals have used our research since 2012.