Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Positive experience while rolling out WhiteSource
What do you like best about the product?
WhiteSource has been very active helping us to get started and get the most out of the tool, this also helps resolves the "dislikes" to a great extent. WhiteSource has also been very willing to help out investigate incorrect attribution. Single Sign-on makes makes it easy to switch to the portal. The home-view is a good dashboard with an overview of the organization, product, or project status. There are many integration options, such as Jira, GitHub, Travis CI, Jenkins, TeamCity, Bamboo, Azure DevOps, Circle CI, AWS CodeBuild, Google Cloud Build, etc.
What do you dislike about the product?
The "Policies" are quite limited in their current form and only a single policy can trigger. This means a policy at the product level can prevent organization wide policy violations to trigger. This can be useful when making exceptions as the product level, but this also means a product level admin can overrule organization wide decisions. The products - projects model takes quite a bit of insight and help to be used effectively.
What problems is the product solving and how is that benefiting you?
WhiteSource helps getting an overview of all open source software in use. It provides information about vulnerabilities and their possible implications. WhiteSource also provides license information that helps us ensure we comply with all license requirements and we do not use libraries that are only available under unacceptable licenses.
Recommendations to others considering the product:
Ask WhiteSource for a presentation, and possibly demo, on their capabilities and then request to start a trial. Let them help you try out the tool with one of your own projects.
- Leave a Comment |
- Mark review as helpful
White Source Bolt Review (open source packages scanner)
What do you like best about the product?
the easy way to implement in the cloud into our pipelines
What do you dislike about the product?
at the moment i didn't noticed anything that i can dislike
What problems is the product solving and how is that benefiting you?
the problems that everyone are facing, we all use opensource packages but without scanning them for known vulnerabilities, whitesource bolt is a great scanner for that purpose
Recommendations to others considering the product:
i recommend whitesource to scan opensource code
Invaluable tool to keep your software safe
What do you like best about the product?
Summary: Whitesource shows us which libraries can be upgraded and which ones are vulnerable. This keeps our code up-to-date with other project's releases. Having an integration into our pipeline assures us we can follow this up easily.
Applying Whitesource to our projects has helped us tremendously in keeping our project secure. It would be more difficult for our developers to search around to try and find those vulnerabilities by themselves. Most projects do have hundreds of third-party libraries, and even more are downloaded transitively. By comparing the used libraries with known and reported vulnerabilities, we have everything we need in one place.
Each new branch with updated code, triggers a Whitesource build in our pipeline. The email reports are nice triggers for our developers to start looking into vulnerabilities and library updates. Whitesource gives useful resolution suggestions, such as how to avoid the vulnerabilities or which library version no longer has the issue.
Another useful feature is the check on licences. Most developers do not bother looking into which libraries are included in their projects. Whitesource gives a comprehensive list and overview of all licences used in a project. This allows early detection of any non-free library and gives the opportunity to find alternatives quickly.
Applying Whitesource to our projects has helped us tremendously in keeping our project secure. It would be more difficult for our developers to search around to try and find those vulnerabilities by themselves. Most projects do have hundreds of third-party libraries, and even more are downloaded transitively. By comparing the used libraries with known and reported vulnerabilities, we have everything we need in one place.
Each new branch with updated code, triggers a Whitesource build in our pipeline. The email reports are nice triggers for our developers to start looking into vulnerabilities and library updates. Whitesource gives useful resolution suggestions, such as how to avoid the vulnerabilities or which library version no longer has the issue.
Another useful feature is the check on licences. Most developers do not bother looking into which libraries are included in their projects. Whitesource gives a comprehensive list and overview of all licences used in a project. This allows early detection of any non-free library and gives the opportunity to find alternatives quickly.
What do you dislike about the product?
For each new branch we add to the project, a new product section is created. When our branches are then merged into the master branch, those products remain. Each email report will also include and compare them to the other branches, making the report less useful. This has triggered us to regularly and manually delete those product sections, and only keep the latest reports and branches.
What problems is the product solving and how is that benefiting you?
Our security operations has never been happier with our results. We were also able to quickly detect a non-free license that was used, so we could avoid legal issues when our software was put into production.
Recommendations to others considering the product:
Anyone should have some tool such as WhiteSource to keep their software safe.
modern UI
What do you like best about the product?
modern and familiar UI, easy to use and comfortable
What do you dislike about the product?
structure of pages are not easy to understand
What problems is the product solving and how is that benefiting you?
detect company's license policy violations and solve them
This is tool is better to review for security vulnerability for libraries.
What do you like best about the product?
This is tool is better to review for security vulnerability for libraries.
What do you dislike about the product?
try to give flexible version of libraries.
What problems is the product solving and how is that benefiting you?
xstream and poi as well as spring security.
Tool has unique options and easy to configure.
What do you like best about the product?
Using Whitesource tool it is easy to identify and Manage the open source components used in our applications.
What do you dislike about the product?
for most of the WS features documentation is incomplete.
What problems is the product solving and how is that benefiting you?
we are able to identify the vulnerable and outdated open source components early in the phase of development which saves development team time to fix the issues in pre prod.
Recommendations to others considering the product:
One of the best FOSS tool available in the market.
Indispensable
What do you like best about the product?
Turns keeping your software up to date from a chore into something you don’t even need to think about.
What do you dislike about the product?
Faster creation of MRs - perhaps a database of who uses what dependency so as soon as a new release is created they can all be updated, rather than each repo polling their dependencies individually.
What problems is the product solving and how is that benefiting you?
Keeping a large number of repos up to date with internal and external dependency changes. It had made it much easier for us to split our own libraries up into smaller pieces.
Recommendations to others considering the product:
Focus on building a good test suite so you can turn on auto merging. Also an automatic semantic release pipeline makes things even smoother.
Whitesource is an excellent tool for ensuring adequate security for third party software packages
What do you like best about the product?
The licensing/copyright check is a major time saver.
What do you dislike about the product?
For Nodejs the npm packages run deep, and currently it is not easy to determine the root package for some of the vulnerabilities.
What problems is the product solving and how is that benefiting you?
Whitesource automates the listing of third party packages, checks the liceensing/copyright info, and displays any CVEs within these packages.
Recommendations to others considering the product:
I would recommend integrating the scan process into your devOps pipeline.
Whitesource gave me the functionality that I have been looking for
What do you like best about the product?
I mostly like the github integration that makes me get better result
What do you dislike about the product?
I do not like the UI of whitesource, I think it can be more user friendly
What problems is the product solving and how is that benefiting you?
WhiteSource helping me to solve security and compliance issues
Automating software IPR checking
What do you like best about the product?
The offering is delivered as SaaS and has an intuitive and easy to use interface which provides rapid access to key information on IPR and security vulnerabilities in an easy to understand graphical format. the wide range of reporting options allow potential issues to be captured and explored in more detail.
What do you dislike about the product?
Configuration of the scanning element of the offering requires some practice and there are a large number of parameters to master.
What problems is the product solving and how is that benefiting you?
We have transitioned from a manual process of IPR audit to a fully automated and integrated one which saves considerable time and allows experts to concentrate in areas the specifically require human intervention. This greatly reduces the exposure to to potential IPR liability issues for the organisation.
showing 81 - 90