Help the communities most affected by the California wildfires in only a few minutes. We'll donate $10 for every review you submit.

WhiteSource Software

4.0
(16)

Open Source license and security management software

Work for WhiteSource Software?

Learning about WhiteSource?

We can help you find the solution that fits you best.

Find the Right Product

WhiteSource Software Reviews

Ask WhiteSource a Question
Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • For Category
  • Industry
Ratings
Company Size
User Role
For Category
Industry
Showing 17 WhiteSource reviews
LinkedIn Connections
WhiteSource review by Anuradha W.
Anuradha W.
Validated Reviewer
Verified Current User
Review Source

"Automated our current process for monitoring and documenting Open Source dependencies"

What do you like best?

Really impressed with their service, and the response time when an unknown library needed resolution.

Very detailed information for most of the open source dependencies.

Dependency version history and their vulnerabilities have been helpful.

UI and the usability of the tool and its plugins makes it easier to use.

What do you dislike?

We still come across a lot of dependencies which are still undetected by the Tool, but they're later resolved once we request resolution manually. I suggest their Database to be frequently updated.

Some features we requested were still not implemented, specially the feature to display an attribute for "folder location" for dependencies uploaded from a disk location.

The tool needed a lot of tune up before first use.

Recommendations to others considering the product

If your requirements fits the whitesource specification, I would then definitely recommend it. Also sort out all your feature requests before purchasing the full software.

What business problems are you solving with the product? What benefits have you realized?

Automation of our existing process, which in-turn saves a lot of hours and the risks associated with Open source dependencies.

Sign in to G2 Crowd to see what your connections have to say about WhiteSource Software
WhiteSource review by Reka B.
Reka B.
Validated Reviewer
Verified Current User
Review Source

"A could-be-amazing tool that still has some way to go"

What do you like best?

I find the risk report being the most useful thing, other features are on the way to being good but still need some work done. It does seem to detect potential license violations quite well but for instance it doesn't deal with dual licenses: e.g. when a component is licensed under GPL AND MIT the tool will identify it as a violation even though it's no longer the case.

What do you dislike?

Most usability issues. The tool just doesn't do the workflow that would be optimal in my opinion. The components seem disjointed, the user interface is a bit clunky and it's quite difficult to identify necessary actions once an issue has been identified. However, I do feel that the engine part is quite solid, what the tool needs is a massive re-think of the UI.

Recommendations to others considering the product

I would strongly recommend making sure that the product is suitable for the intended purposes and the in-house users are comfortable with the UI. Trialling the product can be a bit of a pain especially as they insist on knowing your full company details and intended purposes just to allow you to have a look. During trial I was very satisfied with the product and only during full deployment of our 30+ individual maven projects did I start suffering from the usability issues.

What business problems are you solving with the product? What benefits have you realized?

We have to identify potential non-open source components in our source code as well detect any security vulnerabilities in our 3rd party components.

What Static Code Analysis solution do you use?

Thanks for letting us know!
WhiteSource review by Bruno L.
Bruno L.
Validated Reviewer
Verified Current User
Review Source

"WhiteSource is facilitating our life"

What do you like best?

With WhiteSource, the open source governance is fully automated.

We just have to add their plugin in our CI tool and our Open Source dependencies are now managed with WhiteSource.

Compare to our previous solution (manual and painful) it's a huge win.

What do you dislike?

We would like to export our reports with the PDF format, but this feature is missing for the moment.

Except that, WhiteSource is a very good software.

What business problems are you solving with the product? What benefits have you realized?

Before using WhiteSource, we were using a manual solution to scan our Open Source dependencies.

With WhiteSource, we now have a solution to do a continuous analysis of our Open Source dependencies.

We are spending less time on this subject and WhiteSource is able to generate all the reports we need.

WhiteSource review by Bernhard A.
Bernhard A.
Validated Reviewer
Verified Current User
Review Source

"Simple tool for more visibility around our libraries (versions, security vulnerabilities and bugs)"

What do you like best?

that it is a hosted solution and you don't have to take care yourself about the setup or data

suggests versions of the oudated or insecure library

shows also critical and blocking bugs known in the libraries

very good dashboard with an overview of what is going on

the tool lists also the licenses of the libraries which is very important if you use open source libraries in your commercial product, which might forces you to open source your code as well (LGPL)

What do you dislike?

the web ui has a lot of animated "flashy" things which I don't like, I prefer more simple html to visualize the data

the mails regarding news could be more simple or summarized

sometimes there are false-positives listed in the security vulnerabilities because the tool expects a higher version to be fixed, but instead there is a other (lower) version which also fixes the problem, but in such cases the support is very helpful and immediately checks the issue

Recommendations to others considering the product

simply use it, because I guess you don't have any monitoring on your libraries yet

What business problems are you solving with the product? What benefits have you realized?

with whitesource we have now numbers of how many libraries are outdated or vulnerable

this visibility makes it easier to argue that library needs to be updated

but the main purpose of whitesource is to see security vulnerabilities

the major benefit is that with whitesource we have a list of libraries with

- current version

- newest version

- vulnerabilities

- known bugs

WhiteSource review by John B.
John B.
Validated Reviewer
Verified Current User
Review Source

"Great product and great support!"

What do you like best?

The online interface looks nice and is easy to use and intuitive. WhiteSource allows us to easily see all of our 3rd-party Java libraries at a glance and quickly tell which ones we need to fix- whether they conflict with our license, have security holes, or need to be updated. What used to be a manual process (as in no one ever really did it..) is now a nice automated process.

What really shines is their support- they are quick to meet with us and solve any issues we have. Even during the evaluation period, they made improvements to the product in areas we were concerned. It always pays to have awesome customer support. I know if we run into any other issues that they'll be quick to fix them.

What do you dislike?

WhiteSource has trouble with C++ libraries, but its not a deal breaker. It just requires more manual work. However, I expect it to get better as we get everything set up+ I know the WhiteSource team is continuing to improve this part.

Also, I would appreciate them improving the Jenkins plugin. It doesn't support variable replacement in the includes/excludes, so I was forced to use the command-line tool. The WhiteSource team mentioned that they would look into fixing it.

What business problems are you solving with the product? What benefits have you realized?

We needed to go through all our 3rd-party libraries to make sure we aren't going against our license or company policy. We also wanted to be able to fix security vulnerabilities before they make it into our product. Furthermore, in the future, we want to continue to ensure that future added libraries do not cause issues. Recently found out that they have a simple workflow for approving libraries, so that is a nice bonus.

WhiteSource review by Raymond A.
Raymond A.
Validated Reviewer
Verified Current User
Review Source

"Bootstrapping startup that will go the extra mile for service"

What do you like best?

My favorite part about whitesource is that their product is modern. Unlike the competitors, whitesource software is built with modern frameworks and CI platforms in mind. They don't assume you have a server closet or that your entire office runs windows XP :)

What do you dislike?

I don't really have any complaints. They are growing which means some features are still being built-out. But any time I have had a problem, whitesource has gone the extra mile to provide a work-around or solution. So it's not really a big deal.

Recommendations to others considering the product

Really dig in to whether or not these companies support your stack. We wasted a lot of time looking into companies that knew very well that their software didn't even work with our tech-stack. Their plan was to get you to sign a contract and then bully you into professional services.

With whitesource, run a trial. Take a sample collection of code and scan it. Have them show you the interface and play with the demo. It is such a great experience and you'll find out right in the beginning how well they fit.

Past this, it's very easy to expect a software package like this to do all these tiny little things. But once you get into it, you realize you don't actually care about half of it. So really think about what's important to you in this process and you can save a lot of time.

Also, remember that the folks at whitesource do this for a living. So if you don't understand something, or want to know how other companies handle a certain problem... ask whitesource! They have a great level of experience and could even save you a lot of time and money guiding you to the right answer.

What business problems are you solving with the product? What benefits have you realized?

We are trying to make sure we respect all open-source contributors and authors by respecting their licenses. And Whitesource does a great job of helping us do that. Beyond that we get the added benefit of security scans and automated alerts from their system, as well as our CI.

We would eventually like to enact some policies using whitesource so that we can find and correct license issues long before production. I haven't gotten into the policy side of whitesource too much, but it seems pretty straightforward. And I know they plan to continue expanding that.

WhiteSource review by Tim A.
Tim A.
Validated Reviewer
Review Source
Business partner of the vendor or vendor's competitor, not included in G2 Crowd scores.

"Whitesource Reseller (Australia and New Zealand"

What do you like best?

I love the software and the benefits it provides to me, and to my clients. I have worked with Whitesource for the past year and I really love the software and the experience dealing with Whitesource the company.

What do you dislike?

At present, I really can't think of anything that I dislike about Whitesource the company OR Whitesource the software solution.

Recommendations to others considering the product

Try it. If it works for you, I recommend you purchase a subscription.

What business problems are you solving with the product? What benefits have you realized?

I am assisting my clients to solve their business issues with regard to use of Open Source, such as inventory, code quality, licensing concerns, and potential security vulnerabilities.

WhiteSource review by Cristian F.
Cristian F.
Validated Reviewer
Verified Current User
Review Source

"White Source for Open Source Software Management"

What do you like best?

Quick and easy setup. The trial was very quick to get up and running and the support through the trial process was excellent. The interface is simple and easy to get at important information. Support has been quick and responsive.

What do you dislike?

There are a few features missing that would make dealing with large codebases and large amounts of managed open source libraries much easier. Reporting could be easier, it does not export filtered down lists so while you can filter down lists in the product, the filtered down results do not export, it instead exports the fill results.

Recommendations to others considering the product

Understand what you are trying to get out of open source software management. This will help you better evaluate reporting, workflows, and key features.

What business problems are you solving with the product? What benefits have you realized?

Managing our open source license usage and enforcing our open source usage policy. Managing key library version updates and security vulnerabilities.

WhiteSource review by Albrecht S.
Albrecht S.
Validated Reviewer
Verified Current User
Review Source

"License- and Dependency Tracking on the go"

What do you like best?

Really easy to setup, convincing technology to scan for dependencies - as long as you run pure Java projects with maven.

License reports can easily be produced to satisfy RFPs.

What do you dislike?

Does not support JavaScript libraries which should be supported since they are vulnerability relevant.

The tool is sometimes slow.

Non-Open Source but widespread libraries such as Microsoft SQL Server Driver are missing.

Recommendations to others considering the product

Really use the trial to evaluate to completeness and integration of the tool into your deployment systems.

What business problems are you solving with the product? What benefits have you realized?

a) Produce third-party library reports for RFPs

b) Produce third-party license reports for RFPs

c) Regularly check for library updates.

d) Check for vulnerablities in third party libraries.

e) Get notified when license policy has been hit by a commit.

All the steps have been done manually before and the tool really saved time.

WhiteSource review by Executive Sponsor in Financial Services
Executive Sponsor in Financial Services
Validated Reviewer
Review Source

"In no time you are ready to scan your open source libraries"

What do you like best?

* As a customer we got the full focus of Whitesource team

* Whitesource is very skilled in understanding the needs of its customers

*The RFP onsite was very successfull, in no time we had a full idea of their product (it allmost felt like we were ready to start using it

*The very customer centric approach at all levels

*High quality of the staff, they know exactly what they are doing.

What do you dislike?

The initial request for information was rather poorly documented. Also the level of detail provided to our technical questions was sometimes too low.

Recommendations to others considering the product

you'll meet a great product that in the first place is brought and supported by a great team of professionals

What business problems are you solving with the product? What benefits have you realized?

Using the tool we will have a clear view on where open source code is used in our systems. We'll have a view on the vulnerabilities and the licence conflicts.

WhiteSource review by Martin B.
Martin B.
Validated Reviewer
Verified Current User
Review Source

"White Source Open Source Compliance "

What do you like best?

Easy to integrate open source policies directly into your Continuous Integration.

What do you dislike?

Nothing to dislike. Does exactly what it says on the tin and at a reasonable price

Recommendations to others considering the product

Much more cost effective than Black Duck.

What business problems are you solving with the product? What benefits have you realized?

Open Source compliance used to be an expensive, manual process. Now it is continually happening as part of our day to day process.

WhiteSource review by Clyde F.
Clyde F.
Validated Reviewer
Verified Current User
Review Source

"White source review"

What do you like best?

Reactif for customers issues and services. Well understanding the customer's issue and quick remediation.

What do you dislike?

Wide panel of services proposed but some of them not really well implemented with bug fixing needed.

What business problems are you solving with the product? What benefits have you realized?

Involving my whole company for using White source, most particularly developers teams.

Having reduced the among of high and critical vulnerable products.

WhiteSource review by Balaji R.
Balaji R.
Validated Reviewer
Verified Current User
Review Source

"Great Product to identify OpenSource violations & Vulnerabilities"

What do you like best?

Ease of use

Ease of integration

Meaningful reports

Customer Support

What do you dislike?

Documentation: Need more documentation

Support for new file types

What business problems are you solving with the product? What benefits have you realized?

Identifying and remediating Open Source we use in the product

Fixing Vulnerabilities

Getting Compliant

WhiteSource review by Administrator in Computer Software
Administrator in Computer Software
Validated Reviewer
Verified Current User
Review Source

"Using WhiteSource integration to Continuous Integration system"

What do you like best?

The API, The Maven plugin and the service oriented attitude from WhiteSource engineering

What do you dislike?

Performance in huge projects (might be solved with workarounds)

What business problems are you solving with the product? What benefits have you realized?

Keeps us and our customers safe from legal and security aspects

WhiteSource review by Petr N.
Petr N.
Validated Reviewer
Verified Current User
Review Source

"architect"

What do you like best?

dashboard, export to excel, charts, integration

What do you dislike?

we facing issues with weak support of .net and C++

What business problems are you solving with the product? What benefits have you realized?

security of open source

WhiteSource review by Administrator in Entertainment
Administrator in Entertainment
Validated Reviewer
Verified Current User
Review Source

"Bwin.PartyhiteSource customer"

What do you like best?

The ability to compare the versions of open-source libraries.

What do you dislike?

The quiltly slow dashboard web-interface.

What business problems are you solving with the product? What benefits have you realized?

Complete view over the third-party libraries we use.

WhiteSource review by Aakash K.
Aakash K.
Validated Reviewer
Review Source

"Very nice"

What do you like best?

Integration features are good .................

What do you dislike?

No custom Report generation available .......

What business problems are you solving with the product? What benefits have you realized?

Yo confidential

Kate from G2 Crowd

Learning about WhiteSource Software?

I can help.
* We monitor all WhiteSource Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.