With the growing speed and availability of open source components, it becomes easy to add features and integration of software with other components which makes software development easier. But there are a few points to be remembered while using any open source component.
- Security vulnerabilities
- Licensing risks of open source component.
- Outdated open source components.
The above are a very important part of the the software development life cycle to eliminate any discrepancies related to security or legal issues.
WhiteSource provides one fine platform to solve such issues without putting in much effort by developers, They can concentrate on core development instead of spending time on finding these issues which can be easily handled by WhiteSource.
WhiteSource is an open source management solution which does
- Open source licensing and compliance management
- Open Source security vulnerabilities alerts and management
- Executive dashboards, policy enforcement, and reporting
WhiteSource checks your software and generates open source inventory report, including detail from open source. The WhiteSource gathers information on open source components and they keep the inventory updated.
WhiteSource covers almost all commonly used languages and provide detail report, This tool can track all your open source components used knowing or unknowingly within your software.
It sends alerts for any potential issue observed in open source component used by software. It does check for outdated/expired component, It provides detail on security issues found in any opensource component.
WhiteSource does not store (keep track of) any software component which is not open source, this means it’s safe and your code will not be touched.
CI tool Integration (Jenkins)
The best part of the tool is that it has plugin available for the widely used CI tool – Jenkins.
WhiteSource Jenkins plugin is the best and easy way to integrate with WhiteSource to run the checks during build and integration phase in an automatic way.
Its very easy to use, not even just for Maven project also for free style projects.
Easy to configure and use within project. Only token needs to be added and plugin automatically takes care of everything.
Multiple options are available at job level to define the project and modules to be included.
Logs are pretty descriptive when plugin start processing in Jenkins job.
WhiteSource basic principle talks about
Managing the component vs governing the component.
Developers can leave the managing part up to WhiteSource and only concentrate on the issue of governance at the component level in software.