Smart and Easy Lifecycle Management of Open Source Components
Smart developers use readily available open source components to substantially boost their productivity and increase the quality of the software they produce.
However, improperly managing open source components takes away much of the value they bring, and can even result in substantial legal, technical, and business damages. Specifically, there are three areas you want to be in control of in order to realize the full value of open source components:
WhiteSource helps you solve these issues and retain the maximum value from the use of open source components, while relieving your developers from any burden.
Automate the entire open source adoption process
- With a simple to install plug-in to your favorite continuous integration or build tool, WhiteSource will quickly constructs the current true inventory of open source components for each of your products, and will thereafter automatically identify new open source components when they are first added.
- WhiteSource will enforce your organizational policies with regard to acceptance/rejection of open source components based on their license, past reviews, etc. If necessary, WhiteSource will initiate a review and approval workflow.
- Importantly, we tell developers immediately when a specific open source does not meet organizational criteria. That way, they don’t end up having to remove/replace a component later on, after having invested much time and effort in integrating it.
- At any point in time with a click of a button, you would be able to get a current inventory report.
Automate Compliance with Open Source Licenses
- As soon as a new open source component enters your system, WhiteSource automatically identifies its license. Importantly, this is done not just for the root component, but also for all dependencies, which can sometimes be in the tens.
- WhiteSource maintains a large database of open source components and their licenses. We have analyzed and categorized all major licenses for a number of risk factors and compliance requirements.
- WhiteSource allows you to define organizational policies with regard to certain licenses, or even specific open source components. We advise that you consult with a specializing law expert to define a policy that best fits your needs.
- Importantly, if a developer adds an open source component that does not meet company standards, they will know immediately, rather than having to later replace it after having invested much time and effort.
- During the release process, WhiteSource automatically constructs for you some of the documentation and notices required by common licenses.
- With WhiteSource, you can always provide a full license report to your auditor, investors, partners, or customers – in a click.
Ensure Quality and Security of Your Product
Open source components are part of your product, and will affect your product in the same way as your proprietary code
- WhiteSource is connected to the National Vulnerability Database and will proactively alert you when security vulnerabilities are found in open source components you use. You can then decide how to best address this issue.
Open source communities are often quick to fix vulnerabilities and other bugs, and often release new versions that add substantial capabilities. WhiteSource will tell you when such new versions are available
Easy to Deploy. Very Easy to Use.
- WhiteSource is a SaaS solution, so there is nothing to deploy. There is also no need to update or upgrade an on-premise deployment since all the data is being updated by us in the cloud. There is also no work involved in customizing the solution.
- The best way to connect to WhiteSource is through a plugin to your favorite continuous integration or build tool. We currently support Apache Maven and Ant, Cloudbees, Jenkins, JetBrains TeamCity, Red Hat OpenShift, JFrog Artifactory, Atlassian Bamboo, and Microsoft TFS. If you cannot use a plugin, you can use a simple drag-and-drop mechanism.
- WhiteSource is a modern solution, using an intuitive UI, and does not require any training.
You need not be concerned about the security of your proprietary code, since it never makes its way to our servers. We are only looking at your open source. Needless to say our own servers are secured and SAS-70 compliant.
WhiteSource was designed to be affordable to both small startups and very large software development organizations. We charge a low yearly subscription fee, based on the number of products you manage. To learn more go here
White Source Automates
- Discovery of actual open source usage
- Enforcement of license policies
- Proactive alerts on security vulnerabilities
- Proactive alerts on fixes and new versions
- Management dashboards and reports
- Easy to use SaaS
- Affordable subscription model
Open Source Licenses