Versions Compared

Old Version 22

changes.mady.by.user Branko Marovic

Saved on

compared with

New Version 23

changes.mady.by.user Milica Ristic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

On subsequent logins, you can go directly to https://app-eu.whitesourcesoftware.com/Wss/WSS.html - depending on saved cookies, some or all of the previous steps may be skipped.

Dashboard (key information in WhiteSource user interface)

Many things are shown on the WhiteSource dashboard. To understand them, read Understanding the WhiteSource Home Page or the following text which is focused on licences licenses and interpretation of the provided data for GEANT.

Finding your product and projects

The dashboard in WhiteSource can be at the level of organization (GEANT), Product or Project. A detailed explanation of the terms Products, Projects, and Organizations in WS is here. In a nutshell: your team is working on a WhiteSource 'product' which may consist of several pieces of software, which are in WhiteSource called 'projects'.

The Product page displays detailed information about a specific product (the result of a product scan for a specific version). The product page for a product is accessed from the Products menu item of the main menu and a detailed description is here.

The Project page displays detailed information about a specific project within a previously selected product. It can be accessed from the Projects menu item in the main menu. A detailed description is here.

Key information in WhiteSource user interface

The user interface contains various information about the libraries and licenses detected by the WS.

...

dashboard at the organization level is WhiteSource Home Page, at the product level is Product Page and at the project level is Project Page. Regardless of whether it is a Home Page, Product Page or Project Page, each dashboard contains the following key information:

Detailed information about the libraries

  • Libraries alert types:
    • New Versions - The total count of outdated libraries (counts the libraries that have newer versions)
    • Multiple Versions - Multiple versions of the same library are in use
    • Multiple Licenses - An alert is triggered for any library that has more than one license. 
  • Security alerts:Security alert 
    • Per-Library Alerts -  The The total number of libraries with vulnerability alertswith vulnerability alerts (for example, the alert count for a Product with two Projects where each features an alert for the same library will be "one" and will be displayed in one row noting two project occurrences.)
    • Per-Vulnerability Alerts -  The The total number of vulnerability alertsalerts 


Detailed information about the licences (Licence Distribution)License distribution data

This section provides an overview of the license distribution of the organization (or product, project), showing which licenses are used and how many libraries are associated with each license.  The distribution of licences is shown in the pie chart. The following information is displayed for each licenselicence:

  • Name - Name of the licenselicence
  • Occurrences - Number of occurrences in the organization (or product/project)by libraries
  • Copyright - Copyright Risk Score which which is a measurement of the copyright riskrisk 

Finding your product and projects

The Product page displays detailed information about a specific product (the result of a product scan for a specific version). The product page for a product is accessed from the Products menu item of the main menu.

The Project page displays detailed information about a specific project within a previously selected product. It can be accessed from the Projects menu item in the main menu.



Significant tables and charts and how to find, customise and interpret them...

...

Interpreting Risk report

The Risk Report is a management-level tool that provides a bird's-eye view of all view of all aspects of an account's open-source libraries concerning their licenses, security, quality and compliance.

Creating the Report

  1. The report is available from the "Reports" menu
  2. Define the scope for which the report should be created. The defaults scope is Organizational (GEANT), or you can select any individual product and/or project
  3. Click Apply

Understanding the Report Data

The report contains a number of panels and tables displaying risk-related information. The Risk Report has the following sections:

  1. How do we compare? - This section compares the results of measuring the level of risk and compliance of the selected range (GEANT, product or project) with the overall average statistics calculated for WS clients. Includes the following three charts: Vulnerable Libraries, Policy Violating Libraries, Outdated Libraries.
  2. Security - This panel displays the vulnerability score (base on the highest severity vulnerability), the number of vulnerable components out of total components, severity distribution, aging security vulnerabilities, license risk distribution, outdated components out of total components and libraries with multiple versions.
  3. License Risks and Compliance - This panel provides an overview of the License Distribution of the organization (or product), showing which licenses are used and how many libraries are associated with each license.
  4. Quality - This panel provides information about any outdated libraries
  5. Additional Risk Information - Contains detailed tables with various component-level breakdowns.

Exporting the Report

Click Export to PDF at the top right of the report and export the Risk report as a PDF file. More about this is here.

Customising visibility

The GEANT WhiteSource admins can always see all scanned GEANT products.

...