Skip to end of metadata
Go to start of metadata

Frequently Asked Questions

What is OSS Lifecycle Management?

It’s the process of tracking the OSS libraries that you use in your projects:

  • Maintaining a comprehensive list of all OSS libraries and their dependencies
  • Recording when and why you decided to use them
  • Receiving and recording the required technical and business approvals
  • Auditing the OSS inventory before technical reviews, sales, investments, etc.
  • Staying informed about changes to license requirements, the health of the community supporting the library, technical and security vulnerabilities, etc.


What is White Source?

WhiteSource is a free, cloud-based platform for managing your OSS lifecycle. It’s much more reliable than a spreadsheet, and it’s convenient and easy to use. With WhiteSource, you drag and drop your libraries, or import them from a POM file or spreadsheet, and you have an instant OSS repository. From here, you can use WhiteSource to automate the approval process, automatically retrieve license information, and assess the legal and technical risk of each OSS library to your organization.


I already have a spreadsheet with my OSS, do I need White Source?

WhiteSource provides a lot of value beyond a spreadsheet. When you add a library to the repository, WhiteSource automatically identifies all of its dependencies, and the license requirements of each one. It gives you information about the legal risk as well as the health of the community supporting it. If you are ever audited, you will have to demonstrate that you had an OSS policy, and that it was enforced. WhiteSource automates your internal review and approval process, sending out reminders, alerting about delays, and recording the whole process.

What languages are supported ?

All popular languages are supported, Java, .NET, Python, Ruby, npm, C/C++, Obj-C, JS and others.


Should I upload my source code to White Source ?

No. White Source was designed to be as less intrusive as possible. You will not be asked to upload any of your source code to our servers.



  • None