WhiteSource Bolt for GitHub vs
WhiteSource Full Solution

whitesource

Inventory Management: Essential Features

Inventory Management:
Essential Features

whitesource

WhiteSource Bolt for GitHub

WhiteSource Full Solution

Languages and Frameworks Coverage
Supports over 200 languages, frameworks, and development environments.
Supports over 200 languages, frameworks, and development environments.
Integrations with DevOps Tools
Integrates with GitHub.com.
Integrates with IDES, package managers, issue trackers, repos, build tools, container registries, CI servers, and security tools.
Dependency Detection
Fully resolves dependency tree and manifest files including undeclared dependencies.
Fully resolves dependency tree and manifest files including undeclared dependencies.
Automated Policy Enforcement
Initiate automated workflows based on severity level, license types, library age, and more.
Reporting
Dozens of built-in reports at the project, product or organization level, including: inventory report, due diligence report, risk and attribution reports and even trend reports.

WhiteSource Full Solution

Languages and Frameworks Coverage
Supports over 200 languages, frameworks, and development environments.
Integrations with DevOps Tools
Integrates with IDES, package managers, issue trackers, repos, build tools, container registries, CI servers, and security tools.
Dependency Detection
Fully resolves dependency tree and manifest files including undeclared dependencies.
Automated Policy Enforcement
Initiate automated workflows based on severity level, license types, library age, and more.
Reporting
Dozens of built-in reports at the project, product or organization level, including: inventory report, due diligence report, risk and attribution reports and even trend reports.
whitesource

Identifying Vulnerable Components: Essential Features

Identifying Vulnerable Components:
Essential Features

whitesource

WhiteSource Bolt for GitHub

WhiteSource Full Solution

Identifying Vulnerabilities
Aggregates dozens of sources: NVD, security advisories, and open source issue trackers.

Experts analysis to determine impact and credibility.
Aggregates dozens of sources: NVD, security advisories, and open source issue trackers.

Experts analysis to determine impact and credibility.
Accuracy and False Positives
Accurate association of vulnerabilities to specific versions for zero false positives.
Accurate association of vulnerabilities to specific versions for zero false positives.
Real-Time Alerts
Creates issues within GitHub UI to alert on vulnerable components.
Real-time alerts, including Initiating automated workflows upon detection.

Components and vulnerabilities databases are updated daily to provide the most updated information.

WhiteSource Full Solution

Identifying Vulnerabilities
Aggregates dozens of sources: NVD, security advisories, and open source issue trackers.

Experts analysis to determine impact and credibility.
Accuracy and False Positives
Accurate association of vulnerabilities to specific versions for zero false positives.
Real-Time Alerts
Real-time alerts, including Initiating automated workflows upon detection.

Components and vulnerabilities databases are updated daily to provide the most updated information.
whitesource

Vulnerability Remediation: Essential Features

Vulnerability Remediation:
Essential Features

whitesource

WhiteSource Bolt for GitHub

WhiteSource Full Solution

Pinpointing Vulnerabilities in Code (trace analysis)
Provides complete trace analysis for each vulnerability.

Shows which part of the code, down to the line number, is impacted by the vulnerable functionality.
Prioritization
Prioritize detected vulnerabilities by analyzing whether your proprietary code is actually making calls to the vulnerable functionality, reducing security alerts by 70% to 85%.
Suggested fixes
Provides one suggested link to patches, specific source files, and newer versions that fix the issue, and recommended code changes which block vulnerable methods. We even suggest changes to your system configuration to block exploitation.
Provides one suggested link to patches, specific source files, and newer versions that fix the issue, and recommended code changes which block vulnerable methods. We even suggest changes to your system configuration to block exploitation.
Auto-generation of Pull Requests
Receive automated Pull Requests (PR) whenever dependencies need updating or on an ongoing scheduled basis.

WhiteSource Full Solution

Pinpointing Vulnerabilities in Code (trace analysis)
Provides complete trace analysis for each vulnerability.

Shows which part of the code, down to the line number, is impacted by the vulnerable functionality.
Prioritization
Prioritize detected vulnerabilities by analyzing whether your proprietary code is actually making calls to the vulnerable functionality, reducing security alerts by 70% to 85%.
Suggested fixes
Provides one suggested link to patches, specific source files, and newer versions that fix the issue, and recommended code changes which block vulnerable methods. We even suggest changes to your system configuration to block exploitation.
Auto-generation of Pull Requests
Receive automated Pull Requests (PR) whenever dependencies need updating or on an ongoing scheduled basis.
whitesource

License Compliance: Essential Features

License Compliance:
Essential Features

whitesource

WhiteSource Bolt for GitHub

WhiteSource Full Solution

Real-Time Alerts
Get real-time alerts when a component with an unwanted license is added to your software.
Auditing
Offers a wide range of reports built for all relevant organizational roles.

Provides visibility for internal teams—R&D, IT, security, legal, management.

Offers visibility for compliance auditors and due diligence investigators.

Automates attribution notices for deployment.

WhiteSource Full Solution

Real-Time Alerts
Get real-time alerts when a component with an unwanted license is added to your software.
Auditing
Offers a wide range of reports built for all relevant organizational roles.

Provides visibility for internal teams—R&D, IT, security, legal, management.

Offers visibility for compliance auditors and due diligence investigators.

Automates attribution notices for deployment.