We use this solution for scanning NodeJS and Maven projects during the CI/CD processes. We have hundreds of scans per day for any project that runs on our CI and passes the release build.
This means that any release build runs the WhiteSource scan before deployment to production clusters, which ensures that we are pretty covered in terms of licenses for open source dependencies.
We are running on top of hundreds of microservices and thousands of daily builds, of which part of them are moving to production deployment eventually.
In general, we are covered for open source licensing issues and CVE errors on particular versions for open source dependencies. Moreover, we have covered ourselves for security auditing by stating that we are users of WhiteSource.
The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar). It helps us to scan easily and is agnostic to the technology.
The dashboard UI and UX are problematic. This solution looks like a 1995 web site and it's very hard to understand what the issue is and why it failed.
I have been using WhiteSource for almost five years.
Our account manager is the best!
This is my first open-source scanning solution.
The setup was performed independently.
I didn't choose it but I saw a demo of Synk.
Improve the UI please... developers cannot find themselves in this dashboard.