Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
110 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Tool has unique options and easy to configure.
What do you like best about the product?
Using Whitesource tool it is easy to identify and Manage the open source components used in our applications.
What do you dislike about the product?
for most of the WS features documentation is incomplete.
What problems is the product solving and how is that benefiting you?
we are able to identify the vulnerable and outdated open source components early in the phase of development which saves development team time to fix the issues in pre prod.
Recommendations to others considering the product:
One of the best FOSS tool available in the market.
Indispensable
What do you like best about the product?
Turns keeping your software up to date from a chore into something you don’t even need to think about.
What do you dislike about the product?
Faster creation of MRs - perhaps a database of who uses what dependency so as soon as a new release is created they can all be updated, rather than each repo polling their dependencies individually.
What problems is the product solving and how is that benefiting you?
Keeping a large number of repos up to date with internal and external dependency changes. It had made it much easier for us to split our own libraries up into smaller pieces.
Recommendations to others considering the product:
Focus on building a good test suite so you can turn on auto merging. Also an automatic semantic release pipeline makes things even smoother.
Whitesource is an excellent tool for ensuring adequate security for third party software packages
What do you like best about the product?
The licensing/copyright check is a major time saver.
What do you dislike about the product?
For Nodejs the npm packages run deep, and currently it is not easy to determine the root package for some of the vulnerabilities.
What problems is the product solving and how is that benefiting you?
Whitesource automates the listing of third party packages, checks the liceensing/copyright info, and displays any CVEs within these packages.
Recommendations to others considering the product:
I would recommend integrating the scan process into your devOps pipeline.
Whitesource gave me the functionality that I have been looking for
What do you like best about the product?
I mostly like the github integration that makes me get better result
What do you dislike about the product?
I do not like the UI of whitesource, I think it can be more user friendly
What problems is the product solving and how is that benefiting you?
WhiteSource helping me to solve security and compliance issues
Automating software IPR checking
What do you like best about the product?
The offering is delivered as SaaS and has an intuitive and easy to use interface which provides rapid access to key information on IPR and security vulnerabilities in an easy to understand graphical format. the wide range of reporting options allow potential issues to be captured and explored in more detail.
What do you dislike about the product?
Configuration of the scanning element of the offering requires some practice and there are a large number of parameters to master.
What problems is the product solving and how is that benefiting you?
We have transitioned from a manual process of IPR audit to a fully automated and integrated one which saves considerable time and allows experts to concentrate in areas the specifically require human intervention. This greatly reduces the exposure to to potential IPR liability issues for the organisation.
WhiteSource identifies security vulnerabilities in easy steps & provides remediation for quick fixes
What do you like best about the product?
User friendly, quick remediation & better reports
What do you dislike about the product?
Provides only OSS security vulnerabilities
What problems is the product solving and how is that benefiting you?
Outdated versions of Open source libraries, vulnerable library components
Recommendations to others considering the product:
WhiteSource is best in class solution, easy to adapt and with good customer support.
Best Open Source Analysis (OSA) at this moment.
What do you like best about the product?
Best Open Source analysis with their In-house and other multiple sources of software vulnerabilities. Also one of the few companies in the market which will give you license & policy violations alert as well.
Pipeline integration of this tools is greatly helpful for the software which are shipped out securely & safely.
Also, Whitesource is a software as a service (SAAS) offering, so there is no need to physically maintain any server at your end or your data center for any implementation.
Mostly such things are helpful in today's world as most of your administration is offloaded to them.
Pipeline integration of this tools is greatly helpful for the software which are shipped out securely & safely.
Also, Whitesource is a software as a service (SAAS) offering, so there is no need to physically maintain any server at your end or your data center for any implementation.
Mostly such things are helpful in today's world as most of your administration is offloaded to them.
What do you dislike about the product?
No downside of using this software in OSA and DEVOPS Pipeline.
Support Team's response is sometimes delayed but sometimes it's prompt.
Need to define an SLA
Support Team's response is sometimes delayed but sometimes it's prompt.
Need to define an SLA
What problems is the product solving and how is that benefiting you?
Open Source software which are used in almost all of software products needs to be evaluated for vulnerabilities and secure products should be shipped in market.
The JAR file which is their unified agent can easily be run in a JAVA based environment on any base operating system.
There is no file which is being uploaded to WhiteSource, instead all your open source software's SHA1 values are being sent to whiteSource securely and then Whitesource does their analysis on their side.
Whitesource's R&D team is also working diligently to improve their vulnerability DB.
Also, this tool can be incorporated in DevSecOps pipeline as well.
The JAR file which is their unified agent can easily be run in a JAVA based environment on any base operating system.
There is no file which is being uploaded to WhiteSource, instead all your open source software's SHA1 values are being sent to whiteSource securely and then Whitesource does their analysis on their side.
Whitesource's R&D team is also working diligently to improve their vulnerability DB.
Also, this tool can be incorporated in DevSecOps pipeline as well.
Recommendations to others considering the product:
Best valuation for the price point in the market right now, go for it.
Other Opensource tools are available, but they aggregate their data from open source websites such as NVD or CVE web sites, they are good to a certain extent, however a paid products gives you more insight into multiple data sources for vulnerability and their in-house research and development team also enhances their product to give you optimum use of white source.
Other Opensource tools are available, but they aggregate their data from open source websites such as NVD or CVE web sites, they are good to a certain extent, however a paid products gives you more insight into multiple data sources for vulnerability and their in-house research and development team also enhances their product to give you optimum use of white source.
The best on the market open source dependencies analysis tool
What do you like best about the product?
WhiteSource provide information on vulnerabilities resolution via SAAS dashboard and extensive, well researched database of known vulnerable and malicious libraries.
What do you dislike about the product?
Takes time to understand all scan configuration parameters but once understood it is easy to use.
What problems is the product solving and how is that benefiting you?
Resolving known vulnerabilities according to their seventies as soon as they are introduced to our software.
Recommendations to others considering the product:
Industry standard and must have
Whitesource Reseller (Australia and New Zealand
What do you like best about the product?
I love the software and the benefits it provides to me, and to my clients. I have worked with Whitesource for the past year and I really love the software and the experience dealing with Whitesource the company.
What do you dislike about the product?
At present, I really can't think of anything that I dislike about Whitesource the company OR Whitesource the software solution.
What problems is the product solving and how is that benefiting you?
I am assisting my clients to solve their business issues with regard to use of Open Source, such as inventory, code quality, licensing concerns, and potential security vulnerabilities.
Recommendations to others considering the product:
Try it. If it works for you, I recommend you purchase a subscription.
WhiteSource is facilitating our life
What do you like best about the product?
With WhiteSource, the open source governance is fully automated.
We just have to add their plugin in our CI tool and our Open Source dependencies are now managed with WhiteSource.
Compare to our previous solution (manual and painful) it's a huge win.
We just have to add their plugin in our CI tool and our Open Source dependencies are now managed with WhiteSource.
Compare to our previous solution (manual and painful) it's a huge win.
What do you dislike about the product?
We would like to export our reports with the PDF format, but this feature is missing for the moment.
Except that, WhiteSource is a very good software.
Except that, WhiteSource is a very good software.
What problems is the product solving and how is that benefiting you?
Before using WhiteSource, we were using a manual solution to scan our Open Source dependencies.
With WhiteSource, we now have a solution to do a continuous analysis of our Open Source dependencies.
We are spending less time on this subject and WhiteSource is able to generate all the reports we need.
With WhiteSource, we now have a solution to do a continuous analysis of our Open Source dependencies.
We are spending less time on this subject and WhiteSource is able to generate all the reports we need.
showing 91 - 100