Try our new research platform with insights from 80,000+ expert users
DevOps CI/CD Team Lead at a computer software company with 10,001+ employees
Real User
Technology-agnostic scanning facilitates security auditing, but the UI needs improvement
Pros and Cons
  • "The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
  • "The dashboard UI and UX are problematic."

What is our primary use case?

We use this solution for scanning NodeJS and Maven projects during the CI/CD processes. We have hundreds of scans per day for any project that runs on our CI and passes the release build.

This means that any release build runs the WhiteSource scan before deployment to production clusters, which ensures that we are pretty covered in terms of licenses for open source dependencies.

We are running on top of hundreds of microservices and thousands of daily builds, of which part of them are moving to production deployment eventually.  

How has it helped my organization?

In general, we are covered for open source licensing issues and CVE errors on particular versions for open source dependencies. Moreover, we have covered ourselves for security auditing by stating that we are users of WhiteSource.

What is most valuable?

The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar). It helps us to scan easily and is agnostic to the technology.

What needs improvement?

The dashboard UI and UX are problematic. This solution looks like a 1995 web site and it's very hard to understand what the issue is and why it failed.

Buyer's Guide
Mend.io
October 2024
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.

For how long have I used the solution?

I have been using WhiteSource for almost five years.

What do I think about the stability of the solution?

The stability is great.

How are customer service and support?

Our account manager is the best!

Which solution did I use previously and why did I switch?

This is my first open-source scanning solution.

What about the implementation team?

The setup was performed independently.

Which other solutions did I evaluate?

I didn't choose it but I saw a demo of Synk.

What other advice do I have?

Improve the UI please... developers cannot find themselves in this dashboard.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Release Engineer at a tech vendor with 201-500 employees
Real User
Deployment is easy: In 30 minutes, your product is analysed and the results are available.

How has it helped my organization?

With WhiteSource, we have been able to automate the scan of our Open Source dependencies. Before, it was a 50% automated in-house solution.

What is most valuable?

  • Open Source dependencies scan
  • Common Vulnerabilities and Exposures (CVE) detection
  • Useful license and copyright reports.
  • Dashboards to manage the risk by product or by organisation.

We are using a lot of Open Source components to develop our products. WhiteSource is the perfect tool to manage the Open Source governance. All our continuous integration stack is using WhiteSource to scan our dependencies (Maven, NPM, Docker).

Next, we are integrating the WhiteSource reports in our products (in a legal-notices folder) to store all the copyright and licensing information. WhiteSource replaced a painful and complex in-house solution, now it's fully automated.

What needs improvement?

Notifications could be improved. Everything else is OK.

If one of our products is using a dependency with a black-listed license (LGPL, for example) we like to notify the developer who added this dependency. And we use the same notification if you try to use a component with no license or no copyright information.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

No issues.

How are customer service and technical support?

Customer Service:

A nine out of 10. They are really reactive when we have a question.

Technical Support:

A nine out of 10. They are really reactive when we have a question.

Which solution did I use previously and why did I switch?

We were using an in-house solution based on some Maven plugins. The process was not fully-automated. We were looking for a fully-automated solution.

How was the initial setup?

Really straightforward. The first scan was ready in 30 minutes.

What about the implementation team?

My team (release engineering) implemented WhiteSource for our company.

What was our ROI?

We are really happy to use WhiteSource. A lot of time has been saved and the results are more accurate.

What's my experience with pricing, setup cost, and licensing?

The setup cost is cheap. For our company, we received a good price to manage unlimited products and versions.

Which other solutions did I evaluate?

We did a comparison with Black Duck, but WhiteSource was better at managing the Open Source stuff.

What other advice do I have?

We are a happy customer.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Mend.io
October 2024
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Sr. Director, Cloud Operations at a computer software company with 1,001-5,000 employees
Real User
Easy to use, easy to set up, and gives good results
Pros and Cons
  • "Its ease of use and good results are the most valuable."
  • "It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."

What is most valuable?

Its ease of use and good results are the most valuable.

What needs improvement?

It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools.

Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process.

For how long have I used the solution?

I have been using this solution for one month. I am using its latest version.

What do I think about the scalability of the solution?

We are still implementing it. We haven't gone through scalability, but we don't expect any problem.

How are customer service and technical support?

Their support is average. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. 

How was the initial setup?

The initial setup was pretty straightforward. The deployment took about three weeks.

What about the implementation team?

We did it ourselves.

What other advice do I have?

I would rate WhiteSource a nine out of ten. It is a good product.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
AVP at a computer software company with 5,001-10,000 employees
Real User
Provides the ability to identify security vulnerabilities and is fast and easy to implement
Pros and Cons
  • "The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
  • "The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."

What is most valuable?

The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business. 

What needs improvement?

The turnaround time for upgrading databases for this tool as well as the accuracy could be improved. 

It would be good if containerization could be included under the current licensing but this is not something I have looked into.

For how long have I used the solution?

I have been using this solution for four years.

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

This is a scalable solution. 

How are customer service and support?

This solution offers good support which we have used multiple times. 

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup of this solution was straightforward and easy.

What's my experience with pricing, setup cost, and licensing?

This is an expensive solution. 

When setting up this solution, it is important to have clear cut planning and to define the automation rules. 

What other advice do I have?

I would recommend using WhiteSource. It has an edge over other tools in the market and is a faster solution. 

WhiteSource is easy to integrate with the CICD pipeline and runs standalone scans as it is a SaaS deployment. Integration of this solution does not require much time or knowledge. 

I would rate this solution a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1250700 - PeerSpot reviewer
Senior Productization Specialist at a tech services company with 51-200 employees
Real User
Good reporting capability but the support needs to be improved
Pros and Cons
  • "The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution."
  • "WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."

What is our primary use case?

I use this solution for product inventory trace and 3PPs handling in aspect of License Compliance & Security.

I've been using both the UI & API.

How has it helped my organization?

At first, WhiteSource was great in regards to have a clear picture of what we use in our products.

Then later, we started having different issues with WhiteSource, especially in our containers/Docker images. The problem has not been resolved yet, even after many followups on this matter.

What is most valuable?

The most valuable features are the reporting, customizing libraries "In-house, White list, license selection", comparing the products/projects, and License & Copyright resolution.

What needs improvement?

WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers.

This solution needs better support and customer service.

For how long have I used the solution?

I have been using WhiteSource for one year.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Mend.io Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free Mend.io Report and get advice and tips from experienced pros sharing their opinions.