Login Method
WhiteSource provides a number of methods for user login. In GEANT, use the single sign-on login (SSO):
- Open WhiteSource login at https://saas.whitesourcesoftware.com/Wss/WSS.html#!login WhiteSource Home
Click Sign in with SSO.
Enter your GEANT email address in order to be forwarded to the GEANT login page.
- Log in as you do it for other GEANT services.
- Your GEANT WhiteSource Home Page opens (Understanding the WhiteSource Home Page).
On subsequent logins, you can go directly to https://app-eu.whitesourcesoftware.com/Wss/WSS.html - depending on saved cookies, some or all of the previous steps may be skipped.
Finding your product and projects
A detailed explanation of the terms Products, Projects, and Organizations in WS is here. In a nutshell: your team is working on a WhiteSource 'product' which may consist of several pieces of software, which are in WhiteSource called 'projects'.
The Product Page displays detailed information about a specific product (the result of a product scan for a specific version). The product page for a product is accessed from the Products menu item of the main menu and a detailed description is here.
The Project page displays detailed information about a specific project within a previously selected product. It can be accessed from the Projects menu item in the main menu. A detailed description is here.
-------------
If it has been scanned
Narrowing the perspective to a project
Navigating multiple scans
Important information in WS (UI)
Significant tables and charts and how to find, customise and interpret them
Libraries and dependencies
Licenses
Interpreting WS information about licences
The difference in interpreting the presence of a problematic library when assessing the situation vs exploring license compatibility and compliance options vs checking compliance with the established product's licence
same policy/licence across projects in the product vs differentiated project policies
Vulnerabilities
Outdated libraries
Interpreting Risk report
The Risk Report is a management-level tool that provides a bird's-eye view of all aspects of an account's open-source libraries with regard to security, quality and compliance.
The report is available from the "Reports" menu. More about this is here.
-----------------------------------------
Where to get it
What to look at and how to interpret it
Updates of background information in reports
Customising visibility
The GEANT WhiteSource admins can always see all scanned GEANT products.
By default, anyone who applies to WhiteSource can see the content of all non-restricted GEANT products and projects in WhiteSource. It is possible to restrict read permissions to scan results for specific products and projects. You can contact the GEANT WhiteSource support to get access to a specific project that has limited visibility or to restrict the permissions for a specified product or project.