Smart and Easy Lifecycle Management of Open Source Components

The Issue:

Smart developers use readily available open source components to substantially boost their productivity and increase the quality of the software they produce.

 

However, improperly managing open source components takes away much of the value they bring, and can even result in substantial legal, technical, and business damages. Specifically, there are three areas you want to be in control of in order to realize the full value of open source components:

 

      
  • Security and quality. Since open source components make a substantial part of your own product, you want to ensure they stand up to your own quality standards, and specifically, that all security vulnerabilities, performance issues, and other bugs are properly addressed.
  • License risks and compliance. Open source is free, but comes with a license. You want to make sure you know exactly what open source goes into your code base and under which license. You also want to ensure that the requirements of such licenses are properly met as part of your new version release process.
  • R&D productivity. In many companies, developers find themselves spending much time researching legal and technical information about open source components (and especially their dependencies). In bigger companies, there are often cumbersome processes that burden developers and take away from the anticipated gains.

    Read More 

 

The Solution:

WhiteSource helps you solve these issues and retain the maximum value from the use of open source components, while relieving your developers from any burden.

 

Automate the entire open source adoption process

  • With a simple to install plug-in to your favorite continuous integration or build tool, WhiteSource will quickly constructs the current true inventory of open source components for each of your products, and will thereafter automatically identify new open source components when they are first added.
  • WhiteSource will enforce your organizational policies with regard to acceptance/rejection of open source components based on their license, past reviews, etc. If necessary, WhiteSource will initiate a review and approval workflow.
  • Importantly, we tell developers immediately when a specific open source does not meet organizational criteria. That way, they don’t end up having to remove/replace a component later on, after having invested much time and effort in integrating it.
  • At any point in time with a click of a button, you would be able to get a current inventory report.

 

Developers are now spared one of the most time consuming non-development tasks, and you are sure that the reports are full and accurate.

 

 

Automate Compliance with Open Source Licenses

  • As soon as a new open source component enters your system, WhiteSource automatically identifies its license. Importantly, this is done not just for the root component, but also for all dependencies, which can sometimes be in the tens.
  • WhiteSource maintains a large database of open source components and their licenses. We have analyzed and categorized all major licenses for a number of risk factors and compliance requirements.
  • WhiteSource allows you to define organizational policies with regard to certain licenses, or even specific open source components. We advise that you consult with a specializing law expert to define a policy that best fits your needs.
  • Importantly, if a developer adds an open source component that does not meet company standards, they will know immediately, rather than having to later replace it after having invested much time and effort.
  • During the release process, WhiteSource automatically constructs for you some of the documentation and notices required by common licenses.
  • With WhiteSource, you can always provide a full license report to your auditor, investors, partners, or customers – in a click.

 

With WhiteSource, you always have a clear picture of all open source components and licenses. You are also sure that your license policy is met, and that the product you ship complies with the requirements of the respective open source licenses.

 

Ensure Quality and Security of Your Product
Open source components are part of your product, and will affect your product in the same way as your proprietary code

  • WhiteSource is connected to the National Vulnerability Database and will proactively alert you when security vulnerabilities are found in open source components you use. You can then decide how to best address this issue.
  • Open source communities are often quick to fix vulnerabilities and other bugs, and often release new versions that add substantial capabilities. WhiteSource will tell you when such new versions are available
     
With WhiteSource, you will know when a vulnerability is discovered in an open source you actually use, and will also know when it is fixed.

 

Easy to Deploy. Very Easy to Use.

  • WhiteSource is a SaaS solution, so there is nothing to deploy. There is also no need to update or upgrade an on-premise deployment since all the data is being updated by us in the cloud. There is also no work involved in customizing the solution.
  • The best way to connect to WhiteSource is through a plugin to your favorite continuous integration or build tool. We currently support Apache Maven and Ant, Cloudbees, Jenkins, JetBrains TeamCity, Red Hat OpenShift, JFrog Artifactory, Atlassian Bamboo, and Microsoft TFS. If you cannot use a plugin, you can use a simple drag-and-drop mechanism.
  • WhiteSource is a modern solution, using an intuitive UI, and does not require any training.
  • You need not be concerned about the security of your proprietary code, since it never makes its way to our servers. We are only looking at your open source. Needless to say our own servers are secured and SAS-70 compliant.
     
With WhiteSource, you can have your project fully analyzed and managed within minutes. You can try for yourself.

 

Extremely Affordable
WhiteSource was designed to be affordable to both small startups and very large software development organizations. We charge a low yearly subscription fee, based on the number of products you manage. To learn more go here 
 

     Linked-in twitter facebook  

© 2011, 2012, 2013 White Source Software 

All rights reserved.

White Source is a trademark of the company.