The WhiteSource Selection Tool is a Chrome extension that allows the developer to receive information on an open source library before it is even downloaded.
The tool will show a notification whenever it identifies that the user has browsed into a library page in one of the supported repositories.
Installing the Selection Tool
In order to install the WhiteSource Selection Tool you you will need to contact your WhiteSource account manager and receive a link.
Once you click on the link, just install the tool, like any other Chrome extension.
Configuring the Selection Tool
You will have to create a personal access token for each user of the Selection Tool.
In order to do so, click on Admin and select Personal Access Tokens:
On this screen, please enter the email address of the user and click add.
The system will then auto generate a token and will send an email notification to the user:
This token should be entered into the tool under the settings screen
Using the Selection Tool
When you browse for a specific library version page within one of the open source repositories you can see the WhiteSource selection plugin red mark when a library is identified.
Just click on the icon and the selection tool will pop up and you’ll be able to see the following information:
1) Library identity to ensure you are looking at the right component.
2) USED ALSO IN will show you if your organization is already using this specific library. This will indicate usage for this specific version.
3) LICENSES will show you the open source license of this component
4) SECURITY VULNERABILITY will provide a list of all related CVEs and its severity.
5) QUALITY will provide an overall score based on the activity, like: commits, version releases etc.
6) POLICIES will show you whether the license of the library meets your company’s policy as configured in your WhiteSource account.
The WhiteSource Selection Tool currently supports the following repositories:
1. RubyGems - https://rubygems.org/
2. Pypi - https://pypi.python.org/pypi
3. MvnRepository - http://mvnrepository.com/
4. Maven central - http://search.maven.org/
5. NPM - https://www.npmjs.com/
Request new repository support
Your developers will can also ask to cover a new specific repository by clicking the ADD WEBSITE button.