Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
White Source Open Source Compliance
What do you like best about the product?
Easy to integrate open source policies directly into your Continuous Integration.
What do you dislike about the product?
Nothing to dislike. Does exactly what it says on the tin and at a reasonable price
What problems is the product solving and how is that benefiting you?
Open Source compliance used to be an expensive, manual process. Now it is continually happening as part of our day to day process.
Recommendations to others considering the product:
Much more cost effective than Black Duck.
- Leave a Comment |
- Mark review as helpful
Simple tool for more visibility around our libraries (versions, security vulnerabilities and bugs)
What do you like best about the product?
that it is a hosted solution and you don't have to take care yourself about the setup or data
suggests versions of the oudated or insecure library
shows also critical and blocking bugs known in the libraries
very good dashboard with an overview of what is going on
the tool lists also the licenses of the libraries which is very important if you use open source libraries in your commercial product, which might forces you to open source your code as well (LGPL)
suggests versions of the oudated or insecure library
shows also critical and blocking bugs known in the libraries
very good dashboard with an overview of what is going on
the tool lists also the licenses of the libraries which is very important if you use open source libraries in your commercial product, which might forces you to open source your code as well (LGPL)
What do you dislike about the product?
the web ui has a lot of animated "flashy" things which I don't like, I prefer more simple html to visualize the data
the mails regarding news could be more simple or summarized
sometimes there are false-positives listed in the security vulnerabilities because the tool expects a higher version to be fixed, but instead there is a other (lower) version which also fixes the problem, but in such cases the support is very helpful and immediately checks the issue
the mails regarding news could be more simple or summarized
sometimes there are false-positives listed in the security vulnerabilities because the tool expects a higher version to be fixed, but instead there is a other (lower) version which also fixes the problem, but in such cases the support is very helpful and immediately checks the issue
What problems is the product solving and how is that benefiting you?
with whitesource we have now numbers of how many libraries are outdated or vulnerable
this visibility makes it easier to argue that library needs to be updated
but the main purpose of whitesource is to see security vulnerabilities
the major benefit is that with whitesource we have a list of libraries with
- current version
- newest version
- vulnerabilities
- known bugs
this visibility makes it easier to argue that library needs to be updated
but the main purpose of whitesource is to see security vulnerabilities
the major benefit is that with whitesource we have a list of libraries with
- current version
- newest version
- vulnerabilities
- known bugs
Recommendations to others considering the product:
simply use it, because I guess you don't have any monitoring on your libraries yet
Great product and great support!
What do you like best about the product?
The online interface looks nice and is easy to use and intuitive. WhiteSource allows us to easily see all of our 3rd-party Java libraries at a glance and quickly tell which ones we need to fix- whether they conflict with our license, have security holes, or need to be updated. What used to be a manual process (as in no one ever really did it..) is now a nice automated process.
What really shines is their support- they are quick to meet with us and solve any issues we have. Even during the evaluation period, they made improvements to the product in areas we were concerned. It always pays to have awesome customer support. I know if we run into any other issues that they'll be quick to fix them.
What really shines is their support- they are quick to meet with us and solve any issues we have. Even during the evaluation period, they made improvements to the product in areas we were concerned. It always pays to have awesome customer support. I know if we run into any other issues that they'll be quick to fix them.
What do you dislike about the product?
WhiteSource has trouble with C++ libraries, but its not a deal breaker. It just requires more manual work. However, I expect it to get better as we get everything set up+ I know the WhiteSource team is continuing to improve this part.
Also, I would appreciate them improving the Jenkins plugin. It doesn't support variable replacement in the includes/excludes, so I was forced to use the command-line tool. The WhiteSource team mentioned that they would look into fixing it.
Also, I would appreciate them improving the Jenkins plugin. It doesn't support variable replacement in the includes/excludes, so I was forced to use the command-line tool. The WhiteSource team mentioned that they would look into fixing it.
What problems is the product solving and how is that benefiting you?
We needed to go through all our 3rd-party libraries to make sure we aren't going against our license or company policy. We also wanted to be able to fix security vulnerabilities before they make it into our product. Furthermore, in the future, we want to continue to ensure that future added libraries do not cause issues. Recently found out that they have a simple workflow for approving libraries, so that is a nice bonus.
Bootstrapping startup that will go the extra mile for service
What do you like best about the product?
My favorite part about whitesource is that their product is modern. Unlike the competitors, whitesource software is built with modern frameworks and CI platforms in mind. They don't assume you have a server closet or that your entire office runs windows XP :)
What do you dislike about the product?
I don't really have any complaints. They are growing which means some features are still being built-out. But any time I have had a problem, whitesource has gone the extra mile to provide a work-around or solution. So it's not really a big deal.
What problems is the product solving and how is that benefiting you?
We are trying to make sure we respect all open-source contributors and authors by respecting their licenses. And Whitesource does a great job of helping us do that. Beyond that we get the added benefit of security scans and automated alerts from their system, as well as our CI.
We would eventually like to enact some policies using whitesource so that we can find and correct license issues long before production. I haven't gotten into the policy side of whitesource too much, but it seems pretty straightforward. And I know they plan to continue expanding that.
We would eventually like to enact some policies using whitesource so that we can find and correct license issues long before production. I haven't gotten into the policy side of whitesource too much, but it seems pretty straightforward. And I know they plan to continue expanding that.
Recommendations to others considering the product:
Really dig in to whether or not these companies support your stack. We wasted a lot of time looking into companies that knew very well that their software didn't even work with our tech-stack. Their plan was to get you to sign a contract and then bully you into professional services.
With whitesource, run a trial. Take a sample collection of code and scan it. Have them show you the interface and play with the demo. It is such a great experience and you'll find out right in the beginning how well they fit.
Past this, it's very easy to expect a software package like this to do all these tiny little things. But once you get into it, you realize you don't actually care about half of it. So really think about what's important to you in this process and you can save a lot of time.
Also, remember that the folks at whitesource do this for a living. So if you don't understand something, or want to know how other companies handle a certain problem... ask whitesource! They have a great level of experience and could even save you a lot of time and money guiding you to the right answer.
With whitesource, run a trial. Take a sample collection of code and scan it. Have them show you the interface and play with the demo. It is such a great experience and you'll find out right in the beginning how well they fit.
Past this, it's very easy to expect a software package like this to do all these tiny little things. But once you get into it, you realize you don't actually care about half of it. So really think about what's important to you in this process and you can save a lot of time.
Also, remember that the folks at whitesource do this for a living. So if you don't understand something, or want to know how other companies handle a certain problem... ask whitesource! They have a great level of experience and could even save you a lot of time and money guiding you to the right answer.
Great Product to identify OpenSource violations & Vulnerabilities
What do you like best about the product?
Ease of use
Ease of integration
Meaningful reports
Customer Support
Ease of integration
Meaningful reports
Customer Support
What do you dislike about the product?
Documentation: Need more documentation
Support for new file types
Support for new file types
What problems is the product solving and how is that benefiting you?
Identifying and remediating Open Source we use in the product
Fixing Vulnerabilities
Getting Compliant
Fixing Vulnerabilities
Getting Compliant
showing 101 - 105