AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
avatar for WhiteSource


Our StoryYou are inches from selling your software. All you need to do is produce an inventory report as part of due diligence for the acquiring company. You send your manually-­tracked report. It gets rejected. You resort to code-­scanning, which you had tried to avoid because it’s so expensive and time-­consuming. You get the post-­scan report and now have a huge task in front of you to rule out false positives and correct errors.
We have been there.
For the founders of WhiteSource it was a nightmare that lasted several weeks. In the end, we were lucky that the code scan did not report any critical issues, and we were able to push through the sale of our software company, Eurekify, in 2008 to CA Technologies. But, it was a bumpy road.
We decided then and there that our next entrepreneurial mission would be to save other companies from this fate by designing a solution to automate all tasks surrounding the use of open source components: a solution built by a software development team, for software development teams.
Welcome to WhiteSource. It’s the only all-­in-one licensing, security, quality and reporting solution for managing open source components, and the only one that operates in real-­time, by automatically and continuously scanning dozens of open source repositories, and cross-­referencing this data directly against the open source components in your build. It helps you find optimal components, automatically alerts you about known security vulnerabilities, bugs, new versions, patches, and fixes in the components you’re using. It automates the creation and enforcement of your company’s licensing policies, and centralizes inter-­departmental communications and approval processes. It keeps detailed inventories and due diligence reports. It’s compatible with pretty much all programming languages, build tools and development environments. And possibly the best thing about it – you just plugin and forget about it – unless there’s a problem.
It’s everything software development teams need to get the maximum out of using open source components, without the headache, so they can focus on what they should be doing – making beautifully constructed software.