Versions Compared

Old Version 34

changes.mady.by.user Marcin Wolski

Saved on

compared with

New Version 35

changes.mady.by.user Marcin Wolski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Log in

WhiteSource software provides several methods for user login. In GÉANT, use the single sign-on login (SSO):

...

For more information on accounts management and customisation of WhiteSource and products visibility, see Re: MANUAL: Accessing WhiteSource and visibility levels.

Dashboard (key information in WhiteSource user interface)

Many things are shown on the WhiteSource dashboard. To understand them, read the following text which is focused on licences and interpretation of the provided data for GÉANT.

...

  • License - The name of the licence for the library

  • License Type - The type of licence (Open Source, Closed Source, Unknown)

  • Risk - The licence copyright risk score (for details, see Risk Score Attribution)

  • Library - The name of the open-source library (click the library name to be forwarded to its Library Details page)

  • License Reference - Includes an indication as to where the licence was found

  • Copyright - The range of years for the library's copyright

  • Homepage - Link to the homepage of the library

  • Author - The name of the author of the library

  • Project - The project where the library is used

  • Product - The product where the library is used

Finding your product and projects

The Product page displays detailed information about a specific product (the result of a product scan for a specific version). The product page for a product is accessed from the Products menu.

The Project page displays detailed information about a specific project within a previously selected product. It can be accessed from the Projects menu.

Interpreting Risk Report

The Risk Report is a tool that provides a view of all aspects of open-source libraries concerning their licences, security, quality and compliance.

Creating the Report

  1. The report is available from the Reports menu. 
  2. Define the scope for which the report should be created. The defaults scope is organisational (i.e., GÉANT), but you can select any individual product and/or project.
  3. Click Apply.

Understanding the Report Data

The report contains several panels and tables displaying risk-related information. The Risk Report has the following sections:

  1. How do we compare? - This section compares the results of measuring the level of risk and compliance of the selected range (GÉANT, product or project) with the overall average statistics calculated for WhiteSource clients. Includes the following three charts: Vulnerable Libraries, Policy Violating Libraries, Outdated Libraries
  2. Security - This panel displays the vulnerability score (based on the highest severity vulnerability), the number of vulnerable components out of total components, severity distribution, ageing security vulnerabilities, licence risk distribution, outdated components out of total components and libraries with multiple versions
  3. License Risks and Compliance - This panel provides an overview of the License Distribution of the organisation (or product), showing which licences are used and how many libraries are associated with each licence.
  4. Quality - This panel provides information about any outdated libraries
  5. Additional Risk Information - Contains detailed tables with various component-level breakdowns

Exporting the Report

Click Export to PDF at the top right of the report and export the Risk report as a PDF file.

Interpreting License Compatibility Report

The License Compatibility Report provides information on the compatibility of libraries with different software licences distributed together in the same product or project. 

Creating the Report

  1. The report is available from the Reports menu. 

  2. Select the scope for which the report should be created - open the dropdown menu next to the report name and select the product or project for which you want the report

  3. Click Apply and wait for the data to load into the report preview table.

Understanding the Report Data

The report table provides the following columns:

...

The easiest way to check the compatibility of libraries with your project licence is to select a library with the same license. If you can't find one, you need to add a library with that licence to your product or project and rescan it with WhiteSource.

Customising visibility

The GÉANT WhiteSource admins can always see all scanned GÉANT products.

...