Skip to end of metadata
Go to start of metadata


  • Indication that a user has activated his account after inviting him to WhiteSource, and the ability to resend the activation email. Available in the Admin Users page (!adminOrganization_users)
  • Ability to resend an activation email via Login page, this can be used by customers that created an account and didn't receive an activation email (to validate their email address).


  • GitHub Pull Request Integration (via webhooks)
  • Added protection against Cross-Frame Scripting (XFS)


  • Jira Integration - open Jira tickets via policy


  • Add / remove / update policies via API


  • Limit API requests via IP Whitelist
  • Add CORS support for API requests


  • Add copyrights to Due Diligence report
  • Vulnerability Fixes via API - available while querying for security vulnerability alerts


  • Vulnerability resolution duration report
  • Popularity based policy
  • Version range based policy
  • Add vulnerabilities for product comparison report


  • Added support for SAML


  • Security Vulnerability Fixes
  • Enhance Copyrights report in Release Management Dashboard
  • Add HDF5 and HDF4 licenses
  • Display projects and products in exported Alert, Vulnerability and Bug reports (XML / Excel)
  • Limit Request History report according to product membership
  • Fix IE error in Library Details page (for some libraries)
  • Add missing bug key to Excel report
  • Fix not showing details panel when requesting resolution for source files
  • Fix error when calculating new version alerts
  • Resolve Alpine licenses
  • Various bug fixes and performance enhancements



  • Cluster all alerts by library and type into a single record (instead of one per project)



  • Presented new UI and look & feel
  • Added GitHub integration
  • Added JFrog integration
  • Added IP filtering support
  • Improved performance of reports
  • Fixed PDF export issue on large projects


  • Improved performance of alert lookup.
  • Remove organization option from Library Location report, add search button - don't fetch on selection change.
  • Fix unknown copyright resolution request email not sending.


  • Export In-House libraries to Excel and XML.


  • Source file inventory report doesn't load all records by default, search by file name or local path.
  • Improve performance of Alerts lookup.


  • Change source file origin library available from Library page.
  • Show loading in Policies panel (policies page).


  • Show in-house details in request comments when automatically approving a library due to in-house match.


  • Security Vulnerabilities and High Severity Bugs comparison in Library Version Comparison page - accessible by clicking "compare" in the Known Versions panel in a Library's details page.
  • Bug - fix SPDX export for licenses with broken link.
  • Show loading in all panels of request page.
  • Add link to licenses in policies creation widget.
  • Display in-house information (rule / manually marked) message in request comments.


  • Add support for Docker integration - WhiteSource Docker Agent.


  • Show library locations (detected by a plugin on your local machine) - Enabled in the Integration page.


  • Add libraries with known issues in Security and Quality panel in Home page.


  • Additional settings for requests in Policies page:
    a. Open requests for new libraries - this is unchecked by default when creating a new organization, no requests will be created for new libraries sent from plugins. This should be checked after the initial setup (testing integration with plugins and settings up policies) is complete to avoid creating a large amount of requests.
    Use version in project names - with this checked the version property in the plugin will be incorporated into the WhiteSource project name.
  • Fix not showing vulnerable libraries in vulnerability details page.
  • Add support for ActionScript.


  • Group Security Vulnerability alerts.
  • Group High Severity Bug alerts.
  • Add support for Swift source files.


  • Improved vulnerability matching for RPM files.


  • Improve resolution for new resources


  • Added version column for excel inventory report
  • Various bug fixes


  • Add links to weekly update email.
  • Improve "click to copy" to copy tokens to clipboard.


  • Remove maven-style dependency resolution for Java components.
  • Enable hierarchy for non-Java components (i.e. NPM).


  • Multiple origin library selection via Source File Inventory.
  • Added "Facebook Platform" license.
  • Refactor Getting Started page when creating a new account.


  • New alerts and notifications when adding new vulnerabilities.
  • Ribbon Bar now sticks to top of browser window when scrolling under it.


  • Updated UI.


  • Added "Swap" button in Product and Version comparison pages.
  • Performance improvement when loading alerts.


  • Performance improvement loading inventory in home, project and product pages.
  • Origin library selection via Source File Inventory.


  • Toggle creating requests for new libraries (accessed via the Integration API page).
  • Show source library links relative to their actual version in GitHub.


  • Project search bar in Products tab.
  • Upgrade to GWT 2.7 and GWTP 1.4.
  • Added licenses: CodeIgniter, Crypto.


  • Filter File Clusters from panels and reports.
  • Auto-Approve File Clusters.
  • Dedicated report for File Clusters.
  • Filter Inventory report by resource type.
  • Direct dependency indication in project inventory exported report.
  • Request license resolution for multiple libraries via Product or Project page.


  • Support for GO programming language.


  • Paging in Alerts report.
  • Paging in Pending Tasks dashboard.


  • Source File Cluster security vulnerabilities.
  • New license type: "Unspecified License" to describe libraries that have not provided any license information.
  • Fix issue when inviting users to organization.
  • Toggle between Hierarchy Tree or Flat List of dependencies in Library Details.
  • Show total rows in various data grids.


  • Support multiple platform source file lookup.
  • Improve performance of handling large data sets.
  • Various fixes and improvements.


  • Additional performance improvement of file-lookup to prevent client timeouts when using the File System Agent.
  • Increase Jboss max-post-size, default timeout
  • Change license text of GPL-3.0, CDDL 1.0, CDDL 1.1 to fit encoding


  • Added license text files: AGPL-1.0, EDL-1.0, ICU, Jython



  • Source File Clustering feature - cluster files by local path and license or copyright information.


  • Improve performance of source file lookup to prevent client timeouts (source file index).


  • Filter and invert selection in Admin Products page.
  • Contact support link.


  • Improve performance of source file lookup to prevent client timeouts (server).


  • Refactor data hierarchy of Organization -> Product -> Project to prevent persistence issues.


  • Disable notification of requests approved by matching an in-house rule.
  • Disable notification of requests approved by matching a policy (configurable via Notification Settings).
  • Disable ignoring direct dependencies with scope "test" or "provided" (configurable via Maven Dependency Resolution Settings).


  • Migrated from Google to Google+ social login via Janrain.
  • Add support for projects hosted on Gitorious@TI.


  • Add support for ruby gems.
  • "Offline" update requests created by File System Agent (via Admin console).
  • Library Copyright information.
  • Create inventory entry for files found by FS Agent with different a license than the origin source library (project host).
  • Show local path for files found by FS Agent.
  • Fix rendering issue in license pie chart when number of licenses larger than 22.


  • Enhanced Security Configuration: Minimal password, Password Complexity, Block user after 5 failed login attempts.

  • Random login messages.


  • Source library vulnerabilities.
  • Add support for NPM plugin.
  • HTML Release Management report.
  • Limit drag and drop to 100 files.
  • Changed application colors and UI look and feel.
  • Source File inventory report.


  • Add support for NPM.
  • Save and show path of source file on client's local machine.


  • Security vulnerability alerts for source libraries and suspected vulnerability alerts for source files that don't exist in the inventory.
  • None