Principal Software Architect at a tech services company with 10,001+ employees
Real User
Top 10
Scalable and stable, with a broad range of features
Pros and Cons
  • "The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
  • "The initial setup could be simplified."

What is our primary use case?

To my knowledge, we are using the latest, SaaS, version. 

What is most valuable?

The solution boasts a broad range of features and covers much of what an ideal SCA tool should. It covers the containers. One can create his teams and, should he encounter an issue, send an alert to the team's DL. 

I am quite happy with WhiteSource. It is very good and provides many things, including extensive reports involving vulnerabilities. 

What needs improvement?

I am not clear if WhiteSource provides on-premises service. I know that its competitors provide on-premises and SaaS-based services for the same licensing fee and model, but I am not sure if this applies to WhiteSource, as well. I believe it does not. 

It is preferable to use on-cloud services, although on-premises one should equally be an option, if I would prefer to not go for SaaS-based hosting. The licensing model should be the same for the different options. 

The initial setup could be simplified. 

For how long have I used the solution?

I have been using WhiteSource for more than a year. 

Buyer's Guide
Mend
March 2023
Learn what your peers think about Mend. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
687,947 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution is very stable. 

What do I think about the scalability of the solution?

It is a preferequisite that the solution is scalable, as it is SaaS-based. 

How are customer service and support?

I have not had experience with customer support. 

How was the initial setup?

The initial setup was of an intermediate complexity. It was neither complex, nor straightforward. It could have been easier. Understandably, it involved a certain amount of configuration. 

What's my experience with pricing, setup cost, and licensing?

I cannot comment on billing, as this was handled by other departments in my previous organization. 

As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using. 

Which other solutions did I evaluate?

The reason I logged into the IT Central Station web site is because I was looking for crisp documentation so that I may compare WhiteSource with Black Duck. I did not find what I was looking for. All I found was a conglomerate of user experiences, not the research reports I was searching for.

I am currently using both of these products.

What other advice do I have?

I rate Whitesource as an eight out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Nils Hedström - PeerSpot reviewer
Architect/Developer at a insurance company with 5,001-10,000 employees
Real User
Top 10
Useful report automation, beneficial reports, but report triggered operation halting needed
Pros and Cons
  • "WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
  • "WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."

What is our primary use case?

We use WhiteSource for scanning open source libraries called SCA and both the vulnerabilities and open source licenses. We deployed WhiteSource with Azure DevOps.

What is most valuable?

WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful.

What needs improvement?

WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance.

For how long have I used the solution?

I have been using WhiteSource for a few years.

What do I think about the stability of the solution?

WhiteSource is a stable solution.

What do I think about the scalability of the solution?

We have approximately 20 people using this solution in my organization.

How are customer service and support?

I have not used technical support.

Which solution did I use previously and why did I switch?

I have previously used other solutions, such as OWASP Dependency-Check, Snyk open-source, and CheckMark

How was the initial setup?

The initial setup of WhiteSource is straightforward.

What about the implementation team?

We did the deployment of the solution ourselves. We used one person for the deployment.

What was our ROI?

We have received a return on investment.

What's my experience with pricing, setup cost, and licensing?

WhiteSource is a free solution to use.

Which other solutions did I evaluate?

We evaluated other solutions before choosing WhiteSource. We ended up choosing WhiteSource because of some of its unique features.

What other advice do I have?

I rate WhiteSource a seven out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Mend
March 2023
Learn what your peers think about Mend. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
687,947 professionals have used our research since 2012.
AVP at a computer software company with 5,001-10,000 employees
Real User
Top 20
Provides the ability to identify security vulnerabilities and is fast and easy to implement
Pros and Cons
  • "The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
  • "The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."

What is most valuable?

The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business. 

What needs improvement?

The turnaround time for upgrading databases for this tool as well as the accuracy could be improved. 

It would be good if containerization could be included under the current licensing but this is not something I have looked into.

For how long have I used the solution?

I have been using this solution for four years.

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

This is a scalable solution. 

How are customer service and support?

This solution offers good support which we have used multiple times. 

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup of this solution was straightforward and easy.

What's my experience with pricing, setup cost, and licensing?

This is an expensive solution. 

When setting up this solution, it is important to have clear cut planning and to define the automation rules. 

What other advice do I have?

I would recommend using WhiteSource. It has an edge over other tools in the market and is a faster solution. 

WhiteSource is easy to integrate with the CICD pipeline and runs standalone scans as it is a SaaS deployment. Integration of this solution does not require much time or knowledge. 

I would rate this solution a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
FOSS Coordinator at a manufacturing company with 5,001-10,000 employees
Real User
Top 10
A stable and scalable solution for free and open source scanning
Pros and Cons
  • "The solution is scalable."
  • "The solution lacks the code snippet part."

What is our primary use case?

I use the solution for free and open source scanning. 

What needs improvement?

The solution lacks the code snippet part. I plan to raise this issue with those at WhiteSource.

For how long have I used the solution?

I have been using WhiteSource for more than a year. 

What do I think about the stability of the solution?

The solution is scalable. 

What do I think about the scalability of the solution?

The solution is stable. 

How are customer service and technical support?

The technical support is good, although not the best. It could be more customer friendly. 

How was the initial setup?

The initial setup was straightforward.

Installation took no more than five minutes. 

What about the implementation team?

CI/CD integration required the use of a consultant. 

We did not require much technical team for this. The team consists of four people. 

What's my experience with pricing, setup cost, and licensing?

The solution involves a yearly licensing fee. 

Which other solutions did I evaluate?

There were only two products at this point in time which we evaluated, the solution being one of these. We plan to reevaluate its use. 

What other advice do I have?

The solution is only cloud-based, not on-premises. 

It is user-friendly. 

There are around 50 people currently using it in our organization. 

I rate WhiteSource as an eight out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Lead Software Engineer at a tech services company with 10,001+ employees
Real User
Integrates well with Azure DevOps, stable, and affordable
Pros and Cons
  • "The results and the dashboard they provide are good."
  • "I would like to see the static analysis included with the open-source version."

What is most valuable?

The integration with Azure DevOps was good.

The results and the dashboard they provide are good.

It was pretty straightforward for me.

What needs improvement?

I would like to see the static analysis included with the open-source version. That would be good.

For how long have I used the solution?

I used the trial version of WhiteSource for a month. We chose to work with Veracode instead.

What do I think about the stability of the solution?

It's was pretty stable. I don't have any complaints about the stability of WhiteSource.

How are customer service and technical support?

I did not have any contact with the technical support. I did not have any issues in the time that I used this solution.

What's my experience with pricing, setup cost, and licensing?

It was approximately $2,000 per year or per month, I don't recall exactly.

When compared with Veracode, Veracode was very very expensive. It was approximately $200,000.00 per year for the whole Suite.

WhiteSource is much more affordable than Veracode.

Which other solutions did I evaluate?

We are evaluating Veracode.

What other advice do I have?

It was pretty good. I would rate WhiteSource an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Mend Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2023
Buyer's Guide
Download our free Mend Report and get advice and tips from experienced pros sharing their opinions.