ico-settings-v15

Detection

Automatically identifies all the open source components and dependencies in your build by constant and automatic cross-referencing of your open source components against WhiteSource’s definitive database of open source repositories.

whitesource-GIF5

Selection

While you search for open source components, our browser plugin reveals any reported bugs, security risks, undesirable licenses (as defined by the company policy you set up) newer versions and more for each component, so you can make better decisions about which component to add to your build.

Alerting

The earlier you detect an issue the easier and less expensive it is to fix. Find out about potential pitfalls in your open source components and their dependencies before they turn into problems with optional security, policy, bug, and newer version email alerts. Each indicates level of severity, from high to low.

  • ico-exclamation-mark

    Security Alerts

    Get real-time alerts when a vulnerable component is added to your build, or when a new CVE is released and impacts your software. Get notifications when a new version or a patch that fixes one of your vulnerable components is released.

  • ico-badge

    Quality Alerts

    Get real-time alerts on severe software bugs discovered in your open source components. You'll be also notified if the bug was fixed in a later version, so you can decide whether you should upgrade or not.

  • ico-file

    Policy Alerts

    Set up automated policies for acceptance, rejection, and internal approval process of open source components according to different parameters. As soon as a developer attempts to add a problematic open source component - you’ll get an alert.

  • ico-version

    Version Alerts

    Be notified when newer versions of your open source components become available so you can keep your software up to date. Get alerts when you add a version to your software more than once, so you can delete doubles and speed up your software’s performance.

Reporting

Because WhiteSource continually and automatically logs a detailed inventory of your open source components, dependencies, licenses and license references, 100% accurate, up-to-date reports are always just a click away, and can be downloaded to spreadsheets in seconds.

Inventory

A comprehensive list of all your open source components, including all dependencies. For each component, you can see its language, description, licenses and occurrences in your products.

Risk

Detailed list of all vulnerable open source components based on severity. You can see the description of each vulnerable component, including link to the CVE and a link to a fix, if applicable.

Security Vulnerabilities

An aggregated report showing all your risks due to vulnerable components, copyleft licenses and outdated open source libraries.

High Severity Bugs

Detailed list of all critical and blocker software bugs in your products. You can see the description of each component, including link to the project bug tracker and a link to a fix, if applicable.

Alerts

An aggregated report of all security vulnerability, high severity bugs, outdated libraries and policy alerts.

Due Diligence

A comprehensive report of all open source components, including all dependencies, with a license reference.