WhiteSource’s On-Premises Solution Helps DATEV Automate and Manage Their Open Source

Founded in 1966 in Nuremberg, Germany, the cooperative DATEV eG is a software company and IT service provider that offers accounting, personnel management, business consulting, and tax computation solutions. With 350,000 customers, DATEV has an annual revenue of €1.1B and serves companies of all sizes, including large enterprises such as KPMG and PwC. DATEV currently has 8,000 employees, of which 1,800 are developers.

Products Used:

On-premises

Prioritize

GitLab Integration

Security is of paramount concern for DATEV, and the company cites the highest level of IT and data security as a cornerstone of its corporate culture. Over the past 10 years, DATEV has been using more and more open source code in their software solutions and needed to understand what open source components it was using both to ensure license compliance and to remediate any potential security vulnerabilities.

“We needed a solution to approve licenses and identify vulnerabilities in the open source components within our software,” says Wolfgang Wagner, DATEV’s Open Source Expert. “Our previous form-based approval process took up to three months and required approval from multiple teams including IT security and legal.”

We needed a solution to approve licenses and identify vulnerabilities in the open source components within our software

The long approval cycle required developers to identify not only the open source library itself, but all of the library’s dependencies, a manual and time-consuming endeavor. DATEV wanted to streamline the approval of its open source components and gain greater visibility into its open source usage. “We knew we needed help to automate all the approval steps,” says Wagner.

DATEV wanted to be proactive in its approach to its open source usage and governance policies, so it compared several leading software composition analysis vendors. WhiteSource was chosen in a head-to-head POC that included 70 developers testing the software. When DATEV selected WhiteSource, some of the main reasons their developers chose WhiteSource over the competition were ease of use, rich reporting with highly accurate results, and the ability to prioritize vulnerabilities.

An on-premises solution was another key requirement for DATEV. The company needed an on-premises solution for internal security compliance to maintain the integrity of its data center. “We are a financial services company. Data is our main asset, and our customers trust us to keep their data safe. An on-premises solution was a must,” says Wagner.

WhiteSource has given DATEV a better insight into its open source usage. “Without WhiteSource, we could not tell our management which open source software was used in certain projects,” says Wagner. “Also, the OSS components were not always up to date.” 

Without WhiteSource, we would not be able to automatically monitor the vulnerabilities in the open source components used with regard to status ‘outdated’ and ‘update available,’ which is essential for compliance.

With WhiteSource, it is now possible to create a detailed report of all open source libraries used and their potential weaknesses. “Without WhiteSource, we would not be able to automatically monitor the vulnerabilities in the OSS components used with regard to status ‘outdated’ and ‘update available,’ which is essential for compliance.”

Fast Approval Procedure

With the simple and effective handling of open source software vulnerabilities and compliance using WhiteSource, DATEV has drastically reduced the time required for developers to release open source components. “WhiteSource is hundreds of times faster than our previous form-based release process for OSS, which sometimes took several weeks. Now this can be done automatically in seconds during the development process,” says Wagner.

Using Whitesource enables DATEV to develop modern software efficiently and be highly compliant regarding security and licensing. “WhiteSource’s policy management, automated monitoring, and reporting are the best reasons to use their software,” says Wagner.

Ease of Installation and Use

WhiteSource has been easy to install and use. The installation, which was handled remotely, integrated WhiteSource into DATEV’s Jenkins CI/CD pipeline and Kubernetes, among others. DATEV uses WhiteSource’s APIs for automation tasks, to rollout permissions, clean up projects, and generate reports. “The deployment was fast with no problems, and the dashboard gives us everything we need to roll out permissions and generate reports. Scans are simple to execute – just one string to call the function within the Jenkins. Very easy.”

WhiteSource is hundreds of times faster than our previous form-based release process for open source components, which sometimes took several weeks. Now this can be done automatically in seconds during the development process.

“WhiteSource has been very responsive to our needs and answers any questions immediately,” says Wagner. “We have been extremely happy with the level of support WhiteSource has given us.”

Prioritized Vulnerabilities to Fix What Matters Most

“One of our favorite features,” says Wagner, “is WhiteSource Prioritize – their so-called effective usage analysis tool.” WhiteSource Prioritize scans open source components with known vulnerabilities to assess whether DATEV’s proprietary code is making calls to the vulnerable method. It helps DATEV assess the risk involved in using an open source library as well as remediate those vulnerabilities that pose the greatest risk.

If DATEV had to describe WhiteSource in a word, it would be ‘simplicity.’ “WhiteSource is simple to integrate, to use. The dashboard and reporting are easy to understand for both administrators and developers,” says Wagner. “Do a proof of concept and you will see why WhiteSource is the future for DATEV.”

Security is of paramount concern for DATEV, and the company cites the highest level of IT and data security as a cornerstone of its corporate culture. Over the past 10 years, DATEV has been using more and more open source code in their software solutions and needed to understand what open source components it was using both to ensure license compliance and to remediate any potential security vulnerabilities.

“We needed a solution to approve licenses and identify vulnerabilities in the open source components within our software,” says Wolfgang Wagner, DATEV’s Open Source Expert. “Our previous form-based approval process took up to three months and required approval from multiple teams including IT security and legal.”

We needed a solution to approve licenses and identify vulnerabilities in the open source components within our software

The long approval cycle required developers to identify not only the open source library itself, but all of the library’s dependencies, a manual and time-consuming endeavor. DATEV wanted to streamline the approval of its open source components and gain greater visibility into its open source usage. “We knew we needed help to automate all the approval steps,” says Wagner.

DATEV wanted to be proactive in its approach to its open source usage and governance policies, so it compared several leading software composition analysis vendors. WhiteSource was chosen in a head-to-head POC that included 70 developers testing the software. When DATEV selected WhiteSource, some of the main reasons their developers chose WhiteSource over the competition were ease of use, rich reporting with highly accurate results, and the ability to prioritize vulnerabilities.

An on-premises solution was another key requirement for DATEV. The company needed an on-premises solution for internal security compliance to maintain the integrity of its data center. “We are a financial services company. Data is our main asset, and our customers trust us to keep their data safe. An on-premises solution was a must,” says Wagner.

WhiteSource has given DATEV a better insight into its open source usage. “Without WhiteSource, we could not tell our management which open source software was used in certain projects,” says Wagner. “Also, the OSS components were not always up to date.” 

Without WhiteSource, we would not be able to automatically monitor the vulnerabilities in the open source components used with regard to status ‘outdated’ and ‘update available,’ which is essential for compliance.

With WhiteSource, it is now possible to create a detailed report of all open source libraries used and their potential weaknesses. “Without WhiteSource, we would not be able to automatically monitor the vulnerabilities in the OSS components used with regard to status ‘outdated’ and ‘update available,’ which is essential for compliance.”

Fast Approval Procedure

With the simple and effective handling of open source software vulnerabilities and compliance using WhiteSource, DATEV has drastically reduced the time required for developers to release open source components. “WhiteSource is hundreds of times faster than our previous form-based release process for OSS, which sometimes took several weeks. Now this can be done automatically in seconds during the development process,” says Wagner.

Using Whitesource enables DATEV to develop modern software efficiently and be highly compliant regarding security and licensing. “WhiteSource’s policy management, automated monitoring, and reporting are the best reasons to use their software,” says Wagner.

Ease of Installation and Use

WhiteSource has been easy to install and use. The installation, which was handled remotely, integrated WhiteSource into DATEV’s Jenkins CI/CD pipeline and Kubernetes, among others. DATEV uses WhiteSource’s APIs for automation tasks, to rollout permissions, clean up projects, and generate reports. “The deployment was fast with no problems, and the dashboard gives us everything we need to roll out permissions and generate reports. Scans are simple to execute – just one string to call the function within the Jenkins. Very easy.”

WhiteSource is hundreds of times faster than our previous form-based release process for open source components, which sometimes took several weeks. Now this can be done automatically in seconds during the development process.

“WhiteSource has been very responsive to our needs and answers any questions immediately,” says Wagner. “We have been extremely happy with the level of support WhiteSource has given us.”

Prioritized Vulnerabilities to Fix What Matters Most

“One of our favorite features,” says Wagner, “is WhiteSource Prioritize – their so-called effective usage analysis tool.” WhiteSource Prioritize scans open source components with known vulnerabilities to assess whether DATEV’s proprietary code is making calls to the vulnerable method. It helps DATEV assess the risk involved in using an open source library as well as remediate those vulnerabilities that pose the greatest risk.

If DATEV had to describe WhiteSource in a word, it would be ‘simplicity.’ “WhiteSource is simple to integrate, to use. The dashboard and reporting are easy to understand for both administrators and developers,” says Wagner. “Do a proof of concept and you will see why WhiteSource is the future for DATEV.”