Forrester Research 'The State of Appliction Security: 2018 and Beyond' Annual Report

The Weakest Link
in Your Application Security

Application security was the leading cause of breaches in 2017, and open source vulnerabilities have become the main target for hackers as they have quickly gotten wise about the exponential potential of targeting open source components with known vulnerabilities.

Organizations tend to overlook open source security, due to the misconception that proprietary vulnerabilities and open source security vulnerabilities are detected and remediated in the same way. The truth is – open source security and proprietary code security are two very different animals – and need to be treated as such throughout the software development lifecycle.

SAST, DAST, and other application security testing tools aren’t able to detect vulnerabilities in open source components. Tracking vulnerabilities manually through the different open source databases is impossible as the databases are not indexed by component names and due to the overwhelming number of open source components and dependences in software products these days.

WhiteSource is recognized by Microsoft, IBM Security, Forrester Research and more as the best and most comprehensive open source security and license compliance solution. Want to learn more how we can help you secure and manage the open source components in your products? Schedule a demo.

WhiteSource Benefits

Comprehensive Coverage

Comprehensive Coverage

Supports over 200 different languages, including containers

Comprehensive Coverage

Pinpoint Accuracy

Proprietary algorithms match security and quality issues to impacted libraries to guarantee no false positives

Comprehensive Coverage

Easy Remediation

Provides validated crowdsourcing fixes to enable quick resolution

Comprehensive Coverage

Largest Vulnerabilities Database

Continuously aggregates information from the NVD, security advisories, and open source projects issue trackers

Comprehensive Coverage

Effortless Workflow

Enforce policies automatically at all stages of the SDLC to automate approval and tracking processes

Forrester Research 'The State of Appliction Security: 2018 and Beyond' Annual Report

How Does WhiteSource Work?

WhiteSource automatically identifies all open source components, including dependencies, in your repositories and build to alert you on issues in real time

Join the shift left revolution by using detecting open source components as early as possible:

  • Our plugins calculate digital signatures for all your components in your repositories and build without ever scanning your code
  • WhiteSource then cross references the digital signatures with its databases to identify all your open source components, including all dependencies
  • It pulls all relevant information like licenses, security vulnerabilities, newer versions, quality issues and more
  • The retrieved data is matched with your company’s pre-defined open source policies for automated enforcement
  • Data is uploaded to your account within minutes after running the build and committing  a new component to your repository so you can generate up-to-date reports

Check out the integrations we offer:


Find & Fix Open Source Security Vulnerabilities in Your Software

Detect open source components with known vulnerabilities at every stage of your development:

  • Vulnerabilities are sourced from the NVD and multiple other sources like security advisories and open source projects issue trackers
  • Detect vulnerable components in real time in your build, repositories and even historic versions
  • Get actionable fixes for vulnerable components
  • Guaranteeing no false positives that waste your developers’ time

Generate Up-to-Date Reports
for Full Visibility

  • Always up-to-date: WhiteSource reports get updated every time you run your build.
  • Comprehensive: each report contains complete information about all your open source components, including dependencies.
  • All teams: Generate a wide range of reports from risk to alerts, vulnerabilities, outdated components and even due diligence.
  • One stop shop: WhiteSource supports all programming languages and development environments, so you can view all your products in one dashboard.

Enforce Open Source Policies Automatically Throughout the SDLC

Set up security, legal and quality policies based on your company preferences:

  • Policies can automatically approve, rejects, request approval, open tickets in issue trackers or even fail the build
  • Blacklist or whitelist specific license types
  • Define security sensitivity based on CVSS scores
  • Add additional conditions based on libraries age, new versions, known bugs, names etc.


What to expect from your free demo:

We also offer free demos, so you can experience first-hand how easy it is to install and run our plugins, identify problematic components, as well as get actionable recommendations.

What to expect:

  • No installation required.
  • Full access to all features, including all reports.
  • Free technical support during your trial.
  • To start, we’ll contact you for a quick set up call to create your account. You’ll be able to start running immediately after.