About WhiteSource
WhiteSource is the leading solution for agile open source security and license compliance management.
It integrates with your development environments and DevOps pipeline to detect open source libraries with security or compliance issues in real-time.
WhiteSource doesn’t only alert on issues, it also provides actionable, validated remediation paths to enable quick resolution and automated policy enforcement to speed up time-to-fix. It also helps you focus on what matters by prioritizing remediation based on whether your code is actually using a vulnerable method or not, and gu aranteeing zero false positives.
We've got you covered with support for over 200 programming languages, and continuous tracking of multiple open source vulnerabilities databases including the NVD, security advisories, peer-reviewed vulnerability knowledge bases, and open source projects issue trackers.
Pricing starting from:
US$4 000,00
- Free Version
- Free Trial
- Subscription
Top 5 alternatives to WhiteSource
Key benefits of WhiteSource
- Find and fix open source vulnerabilities, in real time
- Prioritize vulnerabilities based on effectiveness
- Inventory management
- Open source license compliance
- Enforce policies automatically and create reports for all teams: security, DevOps, legal and management
- Supports due diligence, OEM or M&A
Devices
Business size
Markets
Australia, Canada, China, Germany, United Kingdom, Israel, India, Japan, United States and 4 others
Supported Languages
English, French, German, Hebrew
Pricing starting from:
US$4 000,00
- Free Version
- Free Trial
- Subscription
Top 5 alternatives to WhiteSource
Images
No images available
Features
Total features of WhiteSource: 33
- API
- Access Controls/Permissions
- Alerts/Notifications
- Application Security
- Approval Workflow
- Collaboration Tools
- Compliance Management
- Compliance Tracking
- Container Scanning
- Continuous Integration
- Dashboard
- Deployment Management
- Endpoint Protection Software
- Graphical User Interface
- Issue Management
- License Inventory
- License Tracking
- Mobile Development
- Patch Management
- Policy Management
- Prioritization
- Product Activation
- Real Time Monitoring
- Release Management
- Reporting/Analytics
- Risk Assessment
- Runtime Container Security
- Software Development
- Source Control
- Trial License
- Vulnerability Assessment
- Vulnerability Scanning
- Web App Development
Alternatives
Alloy Navigator
Jira
Caspio
Syxsense
Reviews
Already have WhiteSource?
Software buyers need your help! Product reviews help the rest of us make great decisions.
Write a Review!
- Industry: Information Technology & Services
- Company size: 1 001-5 000 Employees
- Used Monthly for 6-12 months
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 8.0 /10
WhiteSource Review
Reviewed on 2021/12/07
Pros
WhiteSource give you the ability to scan open source packages within your source code.
The ability to integrate it with Azure pipelines is a huge plus
Cons
Duplicated result for same packages and within the same project
-
Review Source
Overall rating
- Ease of Use
- Customer Support
FOSS lifecycle management with Whitesource
Reviewed on 2015/11/10
Using Whitesource to manage the process of analysing FOSS for a large product with hundreds of...
Using Whitesource to manage the process of analysing FOSS for a large product with hundreds of opensource dependencies.
Makes life much easier and helps you cover all dependencies much more accurately.
Some processes are still a bit course (though improved dramatically over the past 18 months)
Refresh performance might be a bit slow when there are very large dependency lists.
Best product out there for FOSS lifecycle management
- Used for 1-5 months
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 1.0 /10
Tons of false positives, prepare to spend hours fixing it manually
Reviewed on 2018/06/07
After much manual configuration, a nicely formatted output that looks reputable. I could have just...
After much manual configuration, a nicely formatted output that looks reputable. I could have just made my own in excel a lot faster.
Pros
Fast, quick reviews of your code. They do a good job of putting all the relevant reports and dashboards in front of you quickly. Once you manually fix everything, it can look really good.
Cons
The false positives are awful. I had to spend hours and hours manually fixing everything it mis-identified - dozens of libraries and thousands of source files. If you use a library not in its database... too bad. You can make a support request and wait for them to enter it for you, whenever they get around to it.
The search is pretty awful. There is some kind of syntax to using it but when I asked our account rep, she couldn't give me any documentation on it. You will frequently see results like "openssl-v0_9_8" in your search, but if you type "openssl" it will vanish and not come up. Don't ever both trying to search for a version, it doesn't work. This results in a lot of time scrolling through very large lists. Naming schemes are random and follow no established pattern.
For a good half of all libraries, they have not assigned a license. Guess who gets to go google search them all? You, the user! Isn't the point of this tool to help me identify the licensing?
UI navigation is challenging. Back button will take you to a different place than you were almost every time. You'll love the dashboard... because you have to go back to it roughly every 5 minutes and start over.
No great system for notes/todos/reminders. When you have to fix 60 libraries, it's hard to remember what you want to do with each one.
-
Review Source
Overall rating
- Ease of Use
- Customer Support
work with it for a long time still place to improve.
Reviewed on 2015/11/10
It aggregates my licenses in one centralized place. The software helps me to generate the reports...
It aggregates my licenses in one centralized place. The software helps me to generate the reports for many requests that I have inside my organization. It also helps me to identify the changes between versions and compare them.
-
Review Source
Overall rating
Easy to use. Saves tons of time.
Reviewed on 2013/05/28
We used to document it all manually. Now its done easily and effectively. Not to mention that we...
We used to document it all manually. Now its done easily and effectively. Not to mention that we missed many things, so with this we were able to fix some small issues before they become big issues....
Pros
easy
inexpensive
very comprehensive
no more hassle
WhiteSource FAQs
Below are some frequently asked questions for WhiteSource.Q. What type of pricing plans does WhiteSource offer?
WhiteSource offers the following pricing plans:
- Starting from: US$4 000,00
- Free Trial: Available
Starting at $4,000 a year, based on contributing developers, get our pricing here: https://whitesourcesoftware.com/pricing
Q. Who are the typical users of WhiteSource?
WhiteSource has the following typical customers:
2-10, 11-50, 51-200, 201-500, 501-1 000, 1 001+
Q. What languages does WhiteSource support?
WhiteSource supports the following languages:
English, French, German, Hebrew
Q. Does WhiteSource support mobile devices?
WhiteSource supports the following devices:
Android (Mobile)
Q. What other apps does WhiteSource integrate with?
WhiteSource integrates with the following applications:
Bitbucket, CircleCI, CloudBees Core, Docker, GitHub, GitLab, Jira, Microsoft Azure, Travis CI
Q. What level of support does WhiteSource offer?
WhiteSource offers the following support options:
FAQs/Forum, Knowledge Base, Phone Support
Related categories
See all software categories found for WhiteSource.
