WhiteSource
WhiteSource is an open source security and license compliance tool which integrates with your software development lifecycle and detects all open source components in your software, including transitive dependencies, when delivering to a stream or project. It identifies known security vulnerabilities, license compliance issues, severe software bugs and version issues in your open source components.

Why use the WhiteSource expert?
Open source components are used in a variety of software projects, it has been estimated that up to 70% of software projects will contain open source components, that will comprise a software release. Certain open source components may have further open source dependencies that will also need to be audited for any potential issues.

Although enterprises are using an increasing number of open source components in their software, they may not be aware of component vulnerabilities, such as severe software bugs or potential license compliancy issue.

The WhiteSource expert automates the entire process of managing your open source components by alerting on issues in real time, checking each new added component against your open source policies and generating comprehensive, up-to-date reports within one click.

Implementation

The following steps are describe how you can set up WhiteSource and test an the expert for evaluation purposes. Click the PDF Document for more information.

Step 1: Create a WhiteSource account and login
Step 2: Create a WhiteSource rejection policy
Step 3: Create a WhiteSource product and project
Step 4: Obtain the API key
Step 5: Create a Pulse expert chain
Step 6: Test the new expert chain and review the results

Click the PDF Document for more information.