Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
WhiteSource identifies security vulnerabilities in easy steps & provides remediation for quick fixes
What do you like best about the product?
User friendly, quick remediation & better reports
What do you dislike about the product?
Provides only OSS security vulnerabilities
What problems is the product solving and how is that benefiting you?
Outdated versions of Open source libraries, vulnerable library components
Recommendations to others considering the product:
WhiteSource is best in class solution, easy to adapt and with good customer support.
- Leave a Comment |
- Mark review as helpful
Best Open Source Analysis (OSA) at this moment.
What do you like best about the product?
Best Open Source analysis with their In-house and other multiple sources of software vulnerabilities. Also one of the few companies in the market which will give you license & policy violations alert as well.
Pipeline integration of this tools is greatly helpful for the software which are shipped out securely & safely.
Also, Whitesource is a software as a service (SAAS) offering, so there is no need to physically maintain any server at your end or your data center for any implementation.
Mostly such things are helpful in today's world as most of your administration is offloaded to them.
Pipeline integration of this tools is greatly helpful for the software which are shipped out securely & safely.
Also, Whitesource is a software as a service (SAAS) offering, so there is no need to physically maintain any server at your end or your data center for any implementation.
Mostly such things are helpful in today's world as most of your administration is offloaded to them.
What do you dislike about the product?
No downside of using this software in OSA and DEVOPS Pipeline.
Support Team's response is sometimes delayed but sometimes it's prompt.
Need to define an SLA
Support Team's response is sometimes delayed but sometimes it's prompt.
Need to define an SLA
What problems is the product solving and how is that benefiting you?
Open Source software which are used in almost all of software products needs to be evaluated for vulnerabilities and secure products should be shipped in market.
The JAR file which is their unified agent can easily be run in a JAVA based environment on any base operating system.
There is no file which is being uploaded to WhiteSource, instead all your open source software's SHA1 values are being sent to whiteSource securely and then Whitesource does their analysis on their side.
Whitesource's R&D team is also working diligently to improve their vulnerability DB.
Also, this tool can be incorporated in DevSecOps pipeline as well.
The JAR file which is their unified agent can easily be run in a JAVA based environment on any base operating system.
There is no file which is being uploaded to WhiteSource, instead all your open source software's SHA1 values are being sent to whiteSource securely and then Whitesource does their analysis on their side.
Whitesource's R&D team is also working diligently to improve their vulnerability DB.
Also, this tool can be incorporated in DevSecOps pipeline as well.
Recommendations to others considering the product:
Best valuation for the price point in the market right now, go for it.
Other Opensource tools are available, but they aggregate their data from open source websites such as NVD or CVE web sites, they are good to a certain extent, however a paid products gives you more insight into multiple data sources for vulnerability and their in-house research and development team also enhances their product to give you optimum use of white source.
Other Opensource tools are available, but they aggregate their data from open source websites such as NVD or CVE web sites, they are good to a certain extent, however a paid products gives you more insight into multiple data sources for vulnerability and their in-house research and development team also enhances their product to give you optimum use of white source.
The best on the market open source dependencies analysis tool
What do you like best about the product?
WhiteSource provide information on vulnerabilities resolution via SAAS dashboard and extensive, well researched database of known vulnerable and malicious libraries.
What do you dislike about the product?
Takes time to understand all scan configuration parameters but once understood it is easy to use.
What problems is the product solving and how is that benefiting you?
Resolving known vulnerabilities according to their seventies as soon as they are introduced to our software.
Recommendations to others considering the product:
Industry standard and must have
Whitesource Reseller (Australia and New Zealand
What do you like best about the product?
I love the software and the benefits it provides to me, and to my clients. I have worked with Whitesource for the past year and I really love the software and the experience dealing with Whitesource the company.
What do you dislike about the product?
At present, I really can't think of anything that I dislike about Whitesource the company OR Whitesource the software solution.
What problems is the product solving and how is that benefiting you?
I am assisting my clients to solve their business issues with regard to use of Open Source, such as inventory, code quality, licensing concerns, and potential security vulnerabilities.
Recommendations to others considering the product:
Try it. If it works for you, I recommend you purchase a subscription.
WhiteSource is facilitating our life
What do you like best about the product?
With WhiteSource, the open source governance is fully automated.
We just have to add their plugin in our CI tool and our Open Source dependencies are now managed with WhiteSource.
Compare to our previous solution (manual and painful) it's a huge win.
We just have to add their plugin in our CI tool and our Open Source dependencies are now managed with WhiteSource.
Compare to our previous solution (manual and painful) it's a huge win.
What do you dislike about the product?
We would like to export our reports with the PDF format, but this feature is missing for the moment.
Except that, WhiteSource is a very good software.
Except that, WhiteSource is a very good software.
What problems is the product solving and how is that benefiting you?
Before using WhiteSource, we were using a manual solution to scan our Open Source dependencies.
With WhiteSource, we now have a solution to do a continuous analysis of our Open Source dependencies.
We are spending less time on this subject and WhiteSource is able to generate all the reports we need.
With WhiteSource, we now have a solution to do a continuous analysis of our Open Source dependencies.
We are spending less time on this subject and WhiteSource is able to generate all the reports we need.
A could-be-amazing tool that still has some way to go
What do you like best about the product?
I find the risk report being the most useful thing, other features are on the way to being good but still need some work done. It does seem to detect potential license violations quite well but for instance it doesn't deal with dual licenses: e.g. when a component is licensed under GPL AND MIT the tool will identify it as a violation even though it's no longer the case.
What do you dislike about the product?
Most usability issues. The tool just doesn't do the workflow that would be optimal in my opinion. The components seem disjointed, the user interface is a bit clunky and it's quite difficult to identify necessary actions once an issue has been identified. However, I do feel that the engine part is quite solid, what the tool needs is a massive re-think of the UI.
What problems is the product solving and how is that benefiting you?
We have to identify potential non-open source components in our source code as well detect any security vulnerabilities in our 3rd party components.
Recommendations to others considering the product:
I would strongly recommend making sure that the product is suitable for the intended purposes and the in-house users are comfortable with the UI. Trialling the product can be a bit of a pain especially as they insist on knowing your full company details and intended purposes just to allow you to have a look. During trial I was very satisfied with the product and only during full deployment of our 30+ individual maven projects did I start suffering from the usability issues.
In no time you are ready to scan your open source libraries
What do you like best about the product?
* As a customer we got the full focus of Whitesource team
* Whitesource is very skilled in understanding the needs of its customers
*The RFP onsite was very successfull, in no time we had a full idea of their product (it allmost felt like we were ready to start using it
*The very customer centric approach at all levels
*High quality of the staff, they know exactly what they are doing.
* Whitesource is very skilled in understanding the needs of its customers
*The RFP onsite was very successfull, in no time we had a full idea of their product (it allmost felt like we were ready to start using it
*The very customer centric approach at all levels
*High quality of the staff, they know exactly what they are doing.
What do you dislike about the product?
The initial request for information was rather poorly documented. Also the level of detail provided to our technical questions was sometimes too low.
What problems is the product solving and how is that benefiting you?
Using the tool we will have a clear view on where open source code is used in our systems. We'll have a view on the vulnerabilities and the licence conflicts.
Recommendations to others considering the product:
you'll meet a great product that in the first place is brought and supported by a great team of professionals
Very nice
What do you like best about the product?
Integration features are good .................
What do you dislike about the product?
No custom Report generation available .......
What problems is the product solving and how is that benefiting you?
Yo confidential
White source review
What do you like best about the product?
Reactif for customers issues and services. Well understanding the customer's issue and quick remediation.
What do you dislike about the product?
Wide panel of services proposed but some of them not really well implemented with bug fixing needed.
What problems is the product solving and how is that benefiting you?
Involving my whole company for using White source, most particularly developers teams.
Having reduced the among of high and critical vulnerable products.
Having reduced the among of high and critical vulnerable products.
Using Mend integration to Continuous Integration system
What do you like best about the product?
The API, The Unified agent JAR and the service-oriented attitude from Mend engineering and success managers
What do you dislike about the product?
Performance in huge projects (might be solved with workarounds) .
The CLI is running as JAVA jar only.
The dashboard UX is bad. Really need to improve it
The CLI is running as JAVA jar only.
The dashboard UX is bad. Really need to improve it
What problems is the product solving and how is that benefiting you?
Keeps us and our customers safe from legal and security aspects
showing 91 - 100