Versions Compared

Old Version 30

changes.mady.by.user Milica Ristic

Saved on

compared with

New Version 31

changes.mady.by.user Michael Baierlein

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Log in

WhiteSource provides several methods for user login. In GEANTGÉANT, use the single sign-on login (SSO):

  1. Open WhiteSource login at https://app-eu.whitesourcesoftware.com/

  2. Click Sign in with SSO.

  3. Enter your GEANT GÉANT email address to be forwarded to the GEANT GÉANT login page.

  4. Log in with your identity provider as you would for other GEANT GÉANT services.
  5. Your GEANT GÉANT WhiteSource Home Page opens.

...

Many things are shown on the WhiteSource dashboard. To understand them, read the following text which is focused on licences and interpretation of the provided data for GEANTGÉANT.

The dashboard in WhiteSource can be at the level of organization organisation (GEANTGÉANT), Product or Project level. A detailed explanation of the terms Products, Projects, and Organizations in WS is can be found here. In a nutshell: your team is working on a WhiteSource 'product' which may consist of several related pieces of software, which are in WhiteSource called 'projects'.

The dashboard at the organization organisation level is WhiteSource Home Page; at the product level, it is Product Page, and at the project level, Project Page. Regardless of the level, the dashboard contains the following key information:

...

  1. The report is available from the "Reports" menu. 
  2. Define the scope for which the report should be created. The defaults scope is Organizational (GEANTGÉANT), or you can select any individual product and/or project
  3. Click Apply

...

  1. How do we compare? - This section compares the results of measuring the level of risk and compliance of the selected range (GEANTGÉANT, product or project) with the overall average statistics calculated for WS clients. Includes the following three charts: Vulnerable Libraries, Policy Violating Libraries, Outdated Libraries.
  2. Security - This panel displays the vulnerability score (base on the highest severity vulnerability), the number of vulnerable components out of total components, severity distribution, aging security vulnerabilities, license risk distribution, outdated components out of total components and libraries with multiple versions.
  3. License Risks and Compliance - This panel provides an overview of the License Distribution of the organization (or product), showing which licenses are used and how many libraries are associated with each license.
  4. Quality - This panel provides information about any outdated libraries
  5. Additional Risk Information - Contains detailed tables with various component-level breakdowns.

...

  • Library - The name of the open-source library that has a license conflict

  • Licence - The library's license

  • Incompatible with Licence - The licence to which the library's licence is incompatible

  • Incompatibility Type - Displays the type of licence for which there is an actual, suspected or potential incompatibility:

    • Incompatible - The library’s licence is fundamentally incompatible and cannot be used under any circumstance

    • Suspected - A suspected incompatibility is displayed when the licence compatibility is dependent on the library’s hierarchy within the Product or Project, and the library’s hierarchy is unknown

    • Potential - The library being evaluated is licenced under multiple licenses, meaning that you can choose under which licence the library will be licensed

  • Incompatibility Occurrences - Displays the number of libraries that include the suspected or actual incompatible licence. When the scope is a product, it also displays the number of projects that are impacted by the incompatibility

Customising visibility

The GEANT GÉANT WhiteSource admins can always see all scanned GEANT GÉANT products.

By default, anyone who applies to WhiteSource can see the content of all non-restricted GEANT GÉANT products and projects in WhiteSource. It is possible to restrict read permissions to scan results for specific products and projects. You can contact the GEANT WhiteSource support to get access to a specific project that has limited visibility or to restrict the permissions for a specified product or project.