WhiteSource identifies open source components and licenses in your software (including all dependencies), points out potential risks, and shows you how to comply
Open source components are free to use, but they come with a license which you have to comply with to avoid legal and business risks.
Most developers can document the open source components they chose to use, but few can identify and document all dependencies of these components. In most cases the number of dependencies is very large, and unfortunately, they often come with a different license*.
* In our recent study we discovered that in 64% of the cases, dependencies had a license different from the open source component that uses them
Here’s how WhiteSource helps you manage open source components:
Complete open source inventory for each of your projects
WhiteSource instantaneously constructs the full inventory list of open source components for each of your products, down to the last dependency, and will automatically identify new open source components as they are added to your software.
Identify all licenses, point our risks and facilitate compliance
WhiteSource’s knowledgebase includes all license information for the open source components in your inventory. In addition, WhiteSource provides an analysis of the various risks and limitations imposed by those licenses, as well as a list of actions that you need to take to comply with the requirements of the licenses.
Ensure your developers only use open source with licenses that you approve
With WhiteSource you can define a compliance policy and enforce it. Compliance is checked during the build process, so no time is wasted on developing around components that should not be used. When necessary, management and legal can weigh-in using a simple business workflow.
Produce management and legal reports in seconds
When reports are required for a due diligence process, or by customers, business partners or company executives, they can be produced instantly and without any expenditure of R&D time and resources.