What Is WhiteSource?

What Is WhiteSource?

What Is WhiteSource?

See why WhiteSource is named a leader in the Forrester Wave SCA Report, Q2 2019


Automatically identifies all the open source components and dependencies in your build by constant and automatic cross-referencing of your open source components against WhiteSource’s definitive database of open source repositories.


While you search for open source components, our browser plugin reveals any reported bugs, security risks, undesirable licenses (as defined by the company policy you set up) newer versions and more for each component, so you can make better decisions about which component to add to your build.


The earlier you detect an issue the easier and less expensive it is to fix. Find out about potential pitfalls in your open source components and their dependencies before they turn into problems with optional security, policy, bug, and newer version email alerts. Each indicates level of severity, from high to low.

  • Security Alerts

    Get real-time alerts when a vulnerable component is added to your build, or when a new CVE is released and impacts your software. Get notifications when a new version or a patch that fixes one of your vulnerable components is released.

  • Policy Alerts

    Set up automated policies for acceptance, rejection, and internal approval process of open source components according to different parameters. As soon as a developer attempts to add a problematic open source component - you’ll get an alert.

  • Version Alerts

    Be notified when newer versions of your open source components become available so you can keep your software up to date. Get alerts when you add a version to your software more than once, so you can delete doubles and speed up your software’s performance.


Because WhiteSource continually and automatically logs a detailed inventory of your open source components, dependencies, licenses and license references, 100% accurate, up-to-date reports are always just a click away, and can be downloaded to spreadsheets in seconds.


A comprehensive list of all your open source components, including all dependencies. For each component, you can see its language, description, licenses and occurrences in your products.


An aggregated report showing all your risks due to vulnerable components, copyleft licenses and outdated open source libraries.

Security Vulnerabilities

Detailed list of all vulnerable open source components based on severity. You can see the description of each vulnerable component, including a link to the CVE and a link to a fix, if applicable.


An aggregated report of all security vulnerability, high severity bugs, outdated libraries and policy alerts.

Due Diligence

A comprehensive report of all open source components, including all dependencies, with a license reference.