Code scanning technology emerged at 2001, before agile became the main stream. WhiteSource offers an agile approach to open source management.
Code scanning suffers from three key shortcomings:
Scanning is done periodically, usually pre-release. Finding an issue at that point is extremely expensive due to the complexity of replacing components and the risk of meeting the release timeline. WhiteSource audits your code every time you run your build, therefore enabling you to fix issues earlier in the process when it is easier and less expensive.
Scanning your code is a long and time-consuming process. In almost all cases, a scan results in thousands of potential matches, most of which are false positive, and take a lot of time to sift through. It wastes a lot of your developer’s time to separate the wheat from the chaff.
Scanners are naturally complex. They require on-premise installation and considerable customization. That means training your developers and making them devote a substantial part of their time to mastering the scanner and the process.