WhiteSource
Whitesource is an open source security and license compliance management platform. It was founded in 2011 by Ron Rymon, Azi Cohen, and Rami Sass.[1][2]
Contents
History[edit]
The company was founded after its three co-founders sold their previous company, Eurekify, to CA Technologies. During the due diligence process, the co-founders experienced first hand the challenge in generating an accurate open source inventory report.[3]
Versions:
- 20.1.2
- 20.1.1
- 19.11.2 Easier Onboarding for JFrog Artifactory Docker Integration
- 19.9.1
- GitLab Core beta version, enabling GitLab users to access WhiteSource security alerts within GitLab’s native environment
- 18.12.1
Overview[edit]
The company launched its open source license management platform. The software discovers open source components in the customers’ apps.[4][5] It then alerts them when a vulnerable code is added to the software projects that are being used or when threats pop up that affect the existing software.[6][7]
WhiteSource provides an open source security and license compliance management platform for organizations to manage their open source assets:
Detection[edit]
Automatically identifies all the open source components and dependencies in your build by constant and automatic cross-referencing of your open source components against WhiteSource’s definitive database of open source repositories.
Selection[edit]
While you search for open source components, our browser plugin reveals any reported bugs, security risks, undesirable licenses (as defined by the company policy you set up) newer versions and more for each component. WhiteSource has the ability to prioritize vulnerabilities by performing static scans to understand if the vulnerable part of a component is being directly called by the application
Alerting[edit]
The earlier you detect an issue the easier and less expensive it is to fix. Find out about potential pitfalls in your open source components and their dependencies before they turn into problems with optional security, policy, bug, and newer version email alerts. Each indicates level of severity, from high to low.
Reporting[edit]
Because WhiteSource continually and automatically logs a detailed inventory of your open source components, dependencies, licenses and license references, 100% accurate, up-to-date reports are always just a click away, and can be downloaded to spreadsheets in seconds.
Funding[edit]
Main investors in the company include Susquehanna Growth Equity, 83North, Microsoft Ventures, David Strohm and the Israeli Innovation Authority. The company has raised $46 million as of 2018.[6][3][2][8]
Product[edit]
WhiteSource Bolt was launched in 2016 [9]. and since December 2018 is available free for GitHub and Azure DevOps users capable of providing coverage for both binaries and source libraries.
External links[edit]
Plugins[edit]
Related terms[edit]
- WhiteSource Core
- WhiteSource for Containers[10]
- WhiteSource for developers [11], integrated with GitLab[12]
- WhiteSource Prioritize
- WhiteSource Remediate
- WhiteSource DevOps Azure Extension
See also[edit]
- Software Composition Analysis (SCA): Flexera, FOSSA, GitLab Ultimate, JFrog Xray, Snyk, Sonatype, Synopsys: Black Duck, Veracode, WhiteHat Security, WhiteSource, Bill of Materials (BOM), Semgrep, Clair
- AppSec
- WhiteSource (SCA): WhiteSource Core, Unified Agent, Renovate, WhiteSource Server release notes
- Security: Security portfolio, Security standards, Hardening, CVE, CWE, Wireless Network Hacking, vulnerability scanner, Security risk assessment, SCA, Application Security Testing, OWASP, Data leak, NIST, SANS, MITRE, Security policy, Access Control attacks, password policy, password cracking, Password manager, MFA, OTP, UTF, Firewall, DoS, Software bugs, MITM, Certified Ethical Hacker (CEH) Contents, Security+ Malware, FIPS, DLP, Network Access Control (NAC), VAPT, SIEM, EDR, SOC, pentest, PTaaS, Clickjacking, MobSF, Janus vulnerability, Back Orifice, Backdoor, CSO, CSPM, PoLP, forensic, encryption, Keylogger, Pwn2Own, CISO, Prototype pollution
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.. Source: wikipedia
- ↑ Harris, Richard. "WhiteSource Bolt detects vulnerable open source components". App Developer Magazine. Retrieved 2018-02-20.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ 2.0 2.1 "Open source software co WhiteSource raises $10m - Globes English". Globes (in עברית). Retrieved 2018-02-20.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ 3.0 3.1 "Whitesource מגייסת מיליון דולר; תנהל את ספריות הקוד הפתוח שלכם [גיוס] | גיקטיים". www.geektime.co.il (in עברית). Retrieved 2018-02-20.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ "WhiteSource offers open-source license management as a service". SD Times. 2012-05-14. Retrieved 2018-02-20.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ Messmer, Ellen. "Security of open-source software again being scrutinized". Network World. Retrieved 2018-02-20.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ 6.0 6.1 Greene, Tim. "Open source code is common, potentially dangerous, in enterprise apps". Network World. Retrieved 2018-02-20.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ "5 Advantages of Using Open Source Software". TechCo. 2015-12-15. Retrieved 2018-02-20.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ "WhiteSource nabs $35M to track open source code for security vulnerabilities". TechCrunch. Retrieved 2018-10-17.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ "R Consortium announced IBM is a Platinum member, smartphone sales slowing down, and WhiteSource's new developer tool". SD Times. 2016-06-07. Retrieved 2018-02-20.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ https://whitesource.atlassian.net/wiki/spaces/WD/pages/710640440/WhiteSource+for+Containers
- ↑ https://whitesource.atlassian.net/wiki/spaces/WD/pages/772636719/WhiteSource+for+Developers
- ↑ https://resources.whitesourcesoftware.com/news-whitesource/whitesource-enhances-gitlab-integration-with-support-for-gitlab-ultimate
Advertising: