Log in

WhiteSource provides several methods for user login. In GEANT, use the single sign-on login (SSO):

1. Open WhiteSource login at https://app-eu.whitesourcesoftware.com/

2. Click Sign in with SSO.

3. Enter your GEANT email address to be forwarded to the GEANT login page.

4. Log in with your identity provider as you would for other GEANT services.
5. Your GEANT WhiteSource Home Page opens.

On subsequent logins, you can go directly to https://app-eu.whitesourcesoftware.com/Wss/WSS.html - depending on saved cookies, some or all of the previous steps may be skipped.

Dashboard

Many things are shown on the WhiteSource dashboard. To understand them, read Understanding the WhiteSource Home Page or the following text which is focused on licences and interpretation of the provided data for GEANT.

Finding your product and projects

A detailed explanation of the terms Products, Projects, and Organizations in WS is here. In a nutshell: your team is working on a WhiteSource 'product' which may consist of several pieces of software, which are in WhiteSource called 'projects'.

The Product page displays detailed information about a specific product (the result of a product scan for a specific version). The product page for a product is accessed from the Products menu item of the main menu and a detailed description is here.

The Project page displays detailed information about a specific project within a previously selected product. It can be accessed from the Projects menu item in the main menu. A detailed description is here.

Key information in WhiteSource user interface

The user interface contains various information about the libraries and licenses detected by the WS.

Information about libraries:

• New Versions - The total count of outdated libraries (counts the libraries that have newer versions)
• Multiple Versions - Multiple versions of the same library are in use
• Security alert 
  • Per-Library Alerts - The total number of libraries with vulnerability alerts
  • Per-Vulnerability Alerts - The total number of vulnerability alerts

License distribution data

This section provides an overview of the license distribution of the organization (or product, project), showing which licenses are used and how many libraries are associated with each license. The following information is displayed for each license:

• Name - Name of the license
• Occurrences - Number of occurrences in the organization (or product/project)
• Copyright - Copyright Risk Score which is a measurement of the copyright risk

Significant tables and charts and how to find, customise and interpret them...

Libraries and dependencies

Licenses

Interpreting WS information about licences

The difference in interpreting the presence of a problematic library when assessing the situation vs exploring license compatibility and compliance options vs checking compliance with the established product's licence

same policy/licence across projects in the product vs differentiated project policies

Vulnerabilities

Outdated libraries

Interpreting Risk report

The Risk Report is a management-level tool that provides a bird's-eye view of all aspects of an account's open-source libraries concerning their licenses, security, quality and compliance.
The report is available from the "Reports" menu. More about this is here.

Customising visibility

The GEANT WhiteSource admins can always see all scanned GEANT products.

By default, anyone who applies to WhiteSource can see the content of all non-restricted GEANT products and projects in WhiteSource. It is possible to restrict read permissions to scan results for specific products and projects. You can contact the GEANT WhiteSource support to get access to a specific project that has limited visibility or to restrict the permissions for a specified product or project.