Partners background
WhiteSource logo in white

JFrog Xray and WhiteSource

Universal component anaylsis accessing external data sources

The solution (integration)

WhiteSource integrates with JFrog Artifactory and JFrog Xray to help you secure open source components in your software. WhiteSource can be easily integrated with JFrog Xray by simply adding your WhiteSource account token to your Xray configuration. Once WhiteSource is integrated, Xray will start pulling data from WhiteSource based on your watches (rules) and then display all relevant information about security vulnerability (severity, impacted versions, and actionable remediation suggestions), license compliance and known severe software bugs for each open source components on your Xray dashboard.


Integrate WhiteSource with JFrog Xray and manage open source components:

Get Real-Time Alerts on Security Issues- WhiteSource alerts in real-time whenever a vulnerable open source component is added to your repository and/or build, or when a vulnerability is discovered in a component already being used in your software.

Find & Fix Open Source Security Vulnerabilities- WhiteSource detects all vulnerable open source components in your software and provides actionable remediation suggestions, enabling you to quickly find the best solution for your needs.

Automate your Open Source Approval Process- Set up automated policies to block unwanted open source components from being used by your developers.

Secure your Open Source Usage throughout your Application Lifecycle- WhiteSource ensures the security of your open source components throughout all stages of your software development lifecycle. Your developers are provided with the right tools to ensure only high-quality components are integrated into your products.

WhiteSource secures and manages open source components in your software. WhiteSource enables you to gain full control and visibility over your open source usage by continuously identifying all open source components in your software, including transitive dependencies. It then provides real-time alerts on security vulnerabilities, license compliance, and quality issues. Furthermore, it enables you to generate a wide range of ‘one-click’ comprehensive reports and to automatically enforce policies on your repositories and build process to block the usage of problematic open source components.


JFrog & WhiteSource webinar