WhiteSource Reviews

Quick and accurate scanning, multiple plug-ins for various different build and ci/cd platforms. Prioritize, Whitesource for developers

hard to get some features working like

eua, and integration this Jira was challenging

Quick and accurate scanning, multiple plug-ins for various different build and ci/cd platforms. Prioritize, Whitesource for developers

One of the strengths of Mend.io lies in the simplicity of integrating their unified agent into our Continuous Integration pipeline. This streamlined process, with its commendable support system and verbose documentation, has reduced setup times. We're now efficiently detecting open-source license violations. Coupled with the integration with JIRA, it ensures that open vulnerabilities are promptly and systematically recorded, streamlining our response and tracking processes.

While the platform functions efficiently, there's scope for modernising the user interface. It would be beneficial to see Mend.io adopt a more contemporary design. However, it's worth noting that this aesthetic aspect doesn't detract from the product's overall usability.

Mend addresses the challenges associated with open-source license compliance and vulnerability detection in our codebase. Efficiently identifying and alerting us about any license violations ensures that our software remains compliant, reducing potential legal risks. Additionally, its vulnerability detection capabilities enable us to swiftly pinpoint and rectify security vulnerabilities, enhancing our applications' overall safety and integrity.

The integration of Mend.io with JIRA facilitates a systematic recording and tracking of these vulnerabilities, ensuring a structured and effective response from our team. As a result, we maintain a higher standard of code quality and save significant time and resources, allowing us to focus on further development and innovation. This has been crucial for us, especially in the demanding environment of Continuous Integration.

Streamlined approach to SCA makes integration easy and informative. New features being added that have incredible value for what you are paying.

It seems as though sometimes features are released without having much documentation published about it.

SBOM, SCA, Supply Chain Risk Managment.

The quality report & recommendations.

User friendly Interface

Sometimes rigid process, difficulties in cutomization

Sharing OpenSource Licencing details to customers

Resolve security challenges due to older versions of OSS

Mend's integration with source control systems and IDEs is simply outstanding.

Nothing I dislike as of now. But I wish mend had a chat feature or something for quick resolution of small issues without needing to open support cases.

Mend is simplifying the whole process of addressing security issues and helps us generate reports to present to our customers on how secure our applications are.

Best Open Source analysis with their In-house and other multiple sources of software vulnerabilities. Also one of the few companies in the market which will give you license & policy violations alert as well.

Pipeline integration of this tools is greatly helpful for the software which are shipped out securely & safely.

Also, Whitesource is a software as a service (SAAS) offering, so there is no need to physically maintain any server at your end or your data center for any implementation.

Mostly such things are helpful in today's world as most of your administration is offloaded to them.

No downside of using this software in OSA and DEVOPS Pipeline.

Support Team's response is sometimes delayed but sometimes it's prompt.

Need to define an SLA

Best valuation for the price point in the market right now, go for it.

Other Opensource tools are available, but they aggregate their data from open source websites such as NVD or CVE web sites, they are good to a certain extent, however a paid products gives you more insight into multiple data sources for vulnerability and their in-house research and development team also enhances their product to give you optimum use of white source.

Open Source software which are used in almost all of software products needs to be evaluated for vulnerabilities and secure products should be shipped in market.

The JAR file which is their unified agent can easily be run in a JAVA based environment on any base operating system.

There is no file which is being uploaded to WhiteSource, instead all your open source software's SHA1 values are being sent to whiteSource securely and then Whitesource does their analysis on their side.

Whitesource's R&D team is also working diligently to improve their vulnerability DB.

Also, this tool can be incorporated in DevSecOps pipeline as well.

Overall I feel that Mend is a good platform and what I love most is that they are always working on continued improvements.

Moreover features like prioritize etc make it the best

frankly it's a good tool. Still, if i have to list the cons,i would say .so , .a file types support should be added. Also, prioritize should include support for more and more package maangers .

all our deployment compliance, license violation issues, library management, vulnerability management , in house patterns/libraries and policy violation are trusted to Mend .

What do you like best?

What do you dislike?

What problems are you solving with the product? What benefits have you realized?

Turns keeping your software up to date from a chore into something you don’t even need to think about.

Faster creation of MRs - perhaps a database of who uses what dependency so as soon as a new release is created they can all be updated, rather than each repo polling their dependencies individually.

Recommendations to others considering the product:

What problems are you solving with the product? What benefits have you realized?

The licensing/copyright check is a major time saver.

For Nodejs the npm packages run deep, and currently it is not easy to determine the root package for some of the vulnerabilities.

Recommendations to others considering the product:

What problems are you solving with the product? What benefits have you realized?