WhiteSource FAQs

WhiteSource is a cloud-based service, but we also offer an on-premise option, if necessary. It’s important to emphasize that we do not scan your code. We also offer a dedicated instances option. (more)

No. WhiteSource for Containers is part of the WhiteSource product. It integrates with more than 15 different tools: CI/CD, build tools, image registries, and containers management platforms, to give you an updated view of your container’s lifecycle. You can also define automated policies to block unwanted open source components from entering your containers. (more)

Our plugins integrate with your repositories, build tools, CI servers and more. It calculates the digital signature for all your components without ever scanning your code. It then cross-reference the digital signatures with the ones in WhiteSource database to detect the open source components in your products. An immediate up-to-date report is generated with all components and issues detected. It does that every time you run your build. (more)

WhiteSource automates the entire process of open source component selection, approval and management, including detection and remediation of security and compliance issues. It integrates with all stages of your software development lifecycle (SDLC) to alert in real time and help you fix issues faster and easier. (more)

The WhiteSource database is the biggest and most mature database of open source vulnerabilities. It contains more than 300,000 vulnerable components which are aggregated from the CVE/NVD, and various other sources like the GitHub issue tracker, security advisories, and open source projects issue trackers.

WhiteSource uses a proprietary patented algorithm that matches between vulnerability and only the impacted version, thus guaranteeing no false positives that waste developers’ time. (more)

We offer a variety of reports that will help you monitor all of your open source activity such as an Inventory report, due diligence report, high severity bugs report and vulnerability report and many more. You can see some examples at the bottom of this page. (more)

Yes, WhiteSource enforces policies automatically throughout the software development process. You can define your policies according to security vulnerabilities severity, open source license type, software bugs severity, age of a component and many more. You can approve, reject, initiate an approval flow or open an issue ticket based on your criteria and definitions.

In addition, WhiteSource also offers a browser extension, which notifies your developers if a certain component meets your organization’s policies while searching online in the worldwide web without downloading the component. (more)