Versions Compared

Old Version 38

changes.mady.by.user Marcin Wolski

Saved on

compared with

New Version 39

changes.mady.by.user Marcin Wolski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Log in

WhiteSource Mend software provides several methods for user login. In GÉANT, use the single sign-on login (SSO):

  1. Open WhiteSource Mend login at http://whitesourcemend.software.geant.org/

  2. Click Sign in with SSO.

  3. Enter your GÉANT email address to be forwarded to the GÉANT login page.

  4. Log in with your identity provider as you would for other GÉANT services.
  5. Your GÉANT WhiteSource Mend Home Page opens.

For more information on accounts management and customisation of WhiteSource Mend and products visibility, see MANUAL: Accessing WhiteSource Mend and visibility levels (note this page is stored in a private space and it can be accessed only by GN4-3 members)

Dashboard (key information in

...

Mend user interface)

Many things are shown on the WhiteSource Mend dashboard. To understand them, read the following text which is focused on licences and interpretation of the provided data for GÉANT.

The dashboard in WhiteSource Mend can be at the organisation (GÉANT), Product or Project level. A detailed explanation of the terms Products, Projects, and Organisations in WhiteSource Mend is here. In a nutshell: your team is working on a WhiteSource Mend 'product' which may consist of several related pieces of software, which are in WhiteSource Mend called 'projects'.

The dashboard at the organisation level is WhiteSource Mend Home Page; at the product level, it is Product Page, and at the project level, Project Page. Regardless of the level, the dashboard contains the following key information:

...

  • Library Name - The standard name of the library

  • Type - Indicates whether the library is a source library

  • Description - Short functional description of the library

  • Licences - Licences associated with the library

  • Match Type - One of the following:

    • Exact match - The library was matched by SHA-1 checksum

    • Best match - Source files were matched by SHA-1 checksum; the library was identified by the found source by best match

    • Filename match - Library could not be matched by SHA-1 checksum but was matched the filename

    • Suspected match - Library match is expected and will be updated with the exact match (in the near future, supposedly after the WhiteSource Mend database is updated)

  • Occurrences - Number of all instances in which the library is used in any project in the organisation (you can click the details link to see the name of the project(s) and their associated product names)

...

  1. How do we compare? - This section compares the results of measuring the level of risk and compliance of the selected range (GÉANT, product or project) with the overall average statistics calculated for WhiteSource Mend clients. Includes the following three charts: Vulnerable Libraries, Policy Violating Libraries, Outdated Libraries
  2. Security - This panel displays the vulnerability score (based on the highest severity vulnerability), the number of vulnerable components out of total components, severity distribution, ageing security vulnerabilities, licence risk distribution, outdated components out of total components and libraries with multiple versions
  3. License Risks and Compliance - This panel provides an overview of the License Distribution of the organisation (or product), showing which licences are used and how many libraries are associated with each licence.
  4. Quality - This panel provides information about any outdated libraries
  5. Additional Risk Information - Contains detailed tables with various component-level breakdowns

...

The easiest way to check the compatibility of libraries with your project licence is to select a library with the same license. If you can't find one, you need to add a library with that licence to your product or project and rescan it with WhiteSourceMend.

Customising visibility

The GÉANT WhiteSource Mend admins can always see all scanned GÉANT products.

By default, anyone who applies to WhiteSource Mend can see the content of all non-restricted GÉANT products and projects in WhiteSourceMend. It is possible to restrict read permissions to scan results for specific products and projects. You can contact the GEANT WhiteSource Mend support to get access to a specific project that has limited visibility or to restrict the permissions for a specified product or project.

You may also ask the GEANT WhiteSource Mend support for the Product Administrator role to manage the access to your project, after which the responsibility of the entire product will be on you.