Description de WhiteSource

The leading solution for agile open source security and license compliance management, WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time. It provides remediation paths and policy automation to speed up time-to-fix. It also prioritizes vulnerability alerts based on usage analysis. We support over 200 programming languages and offer the widest vulnerability database aggregating information from dozens of peer-reviewed, respected sources.

Qui utilise WhiteSource ?

We help software, security and DevOps teams, and companies developing software applications.

WhiteSource Logiciel - 1 WhiteSource Logiciel - 2 WhiteSource Logiciel - 3 WhiteSource Logiciel - 4

WhiteSource ne vous convainc pas tout à fait ?
Comparer avec une alternative populaire

WhiteSource

4,3 (7)
WhiteSource
Indisponible dans votre pays
4.000,00 $US
Version gratuite
Version d'essai gratuite
33
9
4,0 (7)
3,7 (7)
4,2 (7)
VS.
À partir de
Types de licence
Fonctionnalités
Intégrations
Facilité d'utilisation
Rapport qualité-prix
Service client
Prix introuvable
Version gratuite
Version d'essai gratuite
43
1
4,4 (5.566)
4,6 (5.566)
4,4 (5.566)
Pourquoi ce message s'affiche-t-il ?

Alternatives à WhiteSource

Sponsors
GitHub permet aux équipes de développement de collaborer, d'examiner et de gérer le code au sein d'un pipeline DevOps et d'une sécurité de code intégrée. En savoir plus sur GitHub
Gérez intelligemment les menaces relatives à la chaine d'approvisionnement de l'open source avec la plateforme de sécurité cloud native de Bytesafe. En savoir plus sur Bytesafe
Gardez une longueur d'avance sur toutes les menaces grâce à une sécurité avancée et proactive des points de terminaison qui prédit, détecte et neutralise les vulnérabilités. En savoir plus sur Syxsense
Jira est l'outil de développement logiciel n° 1 utilisé par les équipes agiles. Des millions de clients l'ont choisi pour planifier et développer de grands produits. Essayez-le gratuitement ! En savoir plus sur Jira
Vous aide à utiliser l'open source, à rester en sécurité, à trouver et à corriger les vulnérabilités de vos dépendances en continu.
SonarQube permet aux équipes de développement de toutes envergures de résoudre les problèmes de sécurité et de qualité du code au sein de leurs flux de travail.
Gardez une trace de l'avancement et de l'activité de vos projets. Codez, testez et déployez.
Microsoft Defender for Cloud Apps is a cloud access security broker (CASB)
Trend Micro Cloud One: automated, flexible, all-in-one security on AWS. Try it yourself with a free, 30-day trial.

Avis sur WhiteSource

Note moyenne

Note globale
4,3
Facilité d'utilisation
4,0
Service client
4,2
Fonctionnalités
3,3
Rapport qualité-prix
3,7

Avis classés par taille de l'entreprise (nombre d'employés)

  • <50
  • 51-200
  • 201-1.000
  • >1.001

Trouver les avis classés par note

5
57%
4
29%
2
14%
Elyes
Elyes
Application Security Engineer (Tunisie)
Utilisateur LinkedIn vérifié
Services et technologies de l'information, 1.001-5.000 employés
Temps d'utilisation du logiciel : 6 à 12 mois
Source de l'avis

WhiteSource Review

5,0 l’année dernière

Avantages :

WhiteSource give you the ability to scan open source packages within your source code. The ability to integrate it with Azure pipelines is a huge plus

Inconvénients :

Duplicated result for same packages and within the same project

Mo
Mo
Lead DevOps Engineer (É.-U.)
Utilisateur LinkedIn vérifié
Services juridiques, 501-1.000 employés
Temps d'utilisation du logiciel : plus de deux ans
Source de l'avis

Alternatives envisagées :

Good supplement to other SAST tools for "shift left" security.

4,0 le mois dernier Nouveau

Avantages :

Easy integration with Azure DevOps and Mend for Github and the fact that you can run as a task during the pipeline but you don't have to see the output from a CLI since they provide a tab on the pipeline run to see a good report on used libraries and vulnerabilities.

Inconvénients :

Other tools have auto fixing which is not a need but good to have. Auto-fixing is not always "auto" and might need review which doesn't make it a big con.

Don
VP Software Development (É.-U.)
Temps d'utilisation du logiciel : 1 à 5 mois
Source de l'avis

Tons of false positives, prepare to spend hours fixing it manually

2,0 il y a 5 ans

Commentaires : After much manual configuration, a nicely formatted output that looks reputable. I could have just made my own in excel a lot faster.

Avantages :

Fast, quick reviews of your code. They do a good job of putting all the relevant reports and dashboards in front of you quickly. Once you manually fix everything, it can look really good.

Inconvénients :

The false positives are awful. I had to spend hours and hours manually fixing everything it mis-identified - dozens of libraries and thousands of source files. If you use a library not in its database... too bad. You can make a support request and wait for them to enter it for you, whenever they get around to it. The search is pretty awful. There is some kind of syntax to using it but when I asked our account rep, she couldn't give me any documentation on it. You will frequently see results like "openssl-v0_9_8" in your search, but if you type "openssl" it will vanish and not come up. Don't ever both trying to search for a version, it doesn't work. This results in a lot of time scrolling through very large lists. Naming schemes are random and follow no established pattern. For a good half of all libraries, they have not assigned a license. Guess who gets to go google search them all? You, the user! Isn't the point of this tool to help me identify the licensing? UI navigation is challenging. Back button will take you to a different place than you were almost every time. You'll love the dashboard... because you have to go back to it roughly every 5 minutes and start over. No great system for notes/todos/reminders. When you have to fix 60 libraries, it's hard to remember what you want to do with each one.

Udi
System Architect & FOSS Evaluator (Israël)
Temps d'utilisation du logiciel : Non fourni
Source de l'avis

FOSS lifecycle management with Whitesource

5,0 il y a 7 ans

Commentaires : Using Whitesource to manage the process of analysing FOSS for a large product with hundreds of opensource dependencies.
Makes life much easier and helps you cover all dependencies much more accurately.
Some processes are still a bit course (though improved dramatically over the past 18 months)
Refresh performance might be a bit slow when there are very large dependency lists.
Best product out there for FOSS lifecycle management

shaul
SW director (Israël)
Temps d'utilisation du logiciel : Non fourni
Source de l'avis

work with it for a long time still place to improve.

4,0 il y a 7 ans

Commentaires : It aggregates my licenses in one centralized place. The software helps me to generate the reports for many requests that I have inside my organization. It also helps me to identify the changes between versions and compare them.