WhiteSource is with you in every step of the software development lifecycle, and keeps monitoring your open source components, even after you release, based on the last build inventory report.
From the moment you plug it in,WhiteSource constantly and automatically detects all open source components in your code and cross-references them against a continuously updated database of over 3,000,000 open source libraries, so that you are notified immediately if an issue arises in one of the open source libraries from which you have drawn. It also analyzes all your open source components against your automated policies to make sure they all comply with your company's policies - a white list of automatically approved licenses; a black list of automatically rejected licenses (choose to get an alert and/or fail the build when a component or dependency with one of these is added); and a list of licenses that need to be approved on a case-by-case basis. .
WhiteSource’s Effective Usage Analysis technology adds a never before seen level of resolution for understanding which vulnerable functionalities are indeed effective (i.e. getting calls from the proprietary code). Thus, reducing open source vulnerability alerts by 70% and helping development teams prioritize the issues that truly need fixing.
WhiteSource will not only generate 100% accurate, up-to-date due diligence reports within minutes, but will also continue to detect your open source components while you continue to develop your products, and flags any problems along the way, so you will never be surprised.