WhiteSource identifies open source components and licenses in your software, points out potential risks, and shows you how to comply. Open source license compliance made easy.


Open source components are free to use, but they come with a license which you have to comply with to avoid legal and business risks.

Most developers can document the open source components they chose to use, but few can identify and document all dependencies of these components. In most cases the number of dependencies is very large, and unfortunately, they often come with a different license*.


 A recent WhiteSource study, covering 3,000 commercial software projects, showed that in most cases there is a significant gap between what open-source developers think they used, and what was actually in their product.

* In our recent study we discovered that in 64% of the cases, dependencies had a license different from the open source component that uses them


Here’s how WhiteSource helps you manage open source components:

Complete open source inventory for each of your projects

WhiteSource instantaneously constructs the full inventory list of open source components for each of your products, down to the last dependency, and will automatically identify new components as they are added to your software.

open source license compliance display

Identify all licenses, point out risks and facilitate compliance

WhiteSource’s knowledgebase includes all license information for the open source components in your inventory. In addition, WhiteSource provides an analysis of the various risks and limitations imposed by those licenses, as well as a list of actions that you need to take to comply with the requirements of the licenses.

Ensure your developers only use open source with licenses that you approve

With WhiteSource you can define a compliance policy and enforce it. Compliance is checked during the build process, so no time is wasted on developing around components that should not be used. When necessary, management and legal can weigh-in using a simple business workflow.

Produce management and legal reports in seconds

When reports are required for a due diligence process, or by customers, business partners or company executives, they can be produced instantly and without any expenditure of R&D time and resources.