How does Whitesource work?

DETECTION

• Automatically detects open source components, including transitive dependencies, in your code and repositories.
• Recognizes components with known vulnerabilities throughout the SDLC suggesting remedies

ALERT

• Generates alerts based on the vulnerability's criticality level, license type, software bug severity, component versions and update level
• Automatically apply policies in the SDLC, obtaining real-time alerts on violations and non-compliance with policies, triggering pre-defined workflows for each case.
• Reports recently discovered vulnerabilities, continuously monitoring the latest versions of your systems.

REPORT

• Generates software inventory, security, legal and quality risk reports, as well as ‘due diligence’ reports.
• Automatically creates version management reports with all your license usage rules and copyrights.

SELECTION

• Our ‘Whitesource web advisor’ plugin for browsers provides information on security, licenses and policies when your developers are browsing the web looking for open source components.
• Provides a ‘preview’ of each component, showing vulnerabilities, age of license, a quality score and whether the component is already in use in your organization.
• ‘Web Advisor’ supports all common records (MavenCentral, npm, Pypi, etc.) and web pages with reference packages (StackOverFlow, Tutorial, etc.)


The solution not only points out the problems, but also automatically offers remediation options for a quick response to the detected risk situation.

It is a software that supports more than 200 programming languages ​​and continuously monitors multiple information bases for possible open source vulnerabilities, including NVD, website issue-lists in open source projects, databases of security advisories, databases knowledge of vulnerabilities, and others.

Confira nossas outras soluções:


CHECKMARX

SEGURANÇA DE APLICAÇÃO


ACUNETIX

SCANNER DE VULNERABILIDADE


IMPERVA

SEGURANÇA DE DADOS