- The webinar covered updates to Whitesource products including WhiteSource for Containers, workflow enhancements, the unified agent, integration updates for CircleCI, GitHub, and more. - It also discussed updates to WhiteSource Advise, WhiteSource Prioritize, and API enhancements. - Finally, it provided news about the Community Portal product idea zone and Q&A session.

1. Product Update
Webinar
December 2018 Edition
Shiri Ivtsan
Product Manager

2. 2
Today’s Agenda
• WhiteSource For Containers
• Workflow Enhancements
• Unified Agent
• Integration Updates: CircleCi, GitHub and more
• WhiteSource Advise Updates
• WhiteSource Prioritize Enhancements
• API Enhancements
• Community Portal News

3. Which insights did we gain from this?
1. A lot of manual work was required to pull and scan the container
2. Not a reliable nor efficient process we could count on 100%
3. May have been good enough for compliance but continuous security
aspect was lacking
4. More manual work came about when we learnt that a new Docker
vulnerability was published in August (CVE-2018-11757) – and we had
manually check each pod in Kubernetes for this vulnerability
Sharing Our Experience

4. The Insights We Gained From This
A new Docker vulnerability was
published in August (CVE-2018-
11757) –we had to manually
check each pod in Kubernetes for
this vulnerability
A lot of manual work
was required to pull and
scan/check the
container images for
security vulnerabilities
Not an efficient process we
could count on 100%
Bottom line? Our existing solution may be good enough for compliance
but lacks continuous security.

5. WhiteSource For Containers

6. WhiteSource for Containers
Our Goal? End-to-end, continuous, and automated coverage for containers from the
earliest steps of development through deployment
to the server
 Full governance for vulnerability and license
management during various container stages
 View, alert and enforce policies at all points along the
SDLC
 Compatible with ECR, Docker Hub*, Azure Container
Registry*, and Artifactory*, as well as a full integration
with the industry standard Kubernetes

7. WhiteSource for Containers
ProductionCI/CD Tools Image Registry
LINUX
Distribution200 Languages
Over

8. WhiteSource for Containers
Container
Orchestration
Image Registry
Identify open source components
in the container as well as the
software deployed on it as a build
image
A designated pod inside the
customer’s Kubernetes
cluster tracks changes in the
cluster, scans the container
images and reports cluster
security-related information,
such as vulnerabilities per
pod

9. Workflow Enhancements

10. Flexible Workflows
10
 As part of the workflow, an
Administrator is now able to assign
pending tasks to a group of users
who can approve a request (instead
of assigning to a single user)
 A group or a user may also be
assigned as a Default Approver to a
Product
 A group may also be assigned to
policies, using the options
“conditions” and “reassign”

11. Smart Classification Of In-House Components
11
 The ‘In-House’ report generates a
report with the full In-House
components list
 Can be exported as an Excel/XML file
or available by API
 Currently available for organization
and product administrators

12. Unified Agent
(File System Agent)

13. One Consolidated Agent
Quick Recap On The Unified Agent
 A single agent for ALL integrations and build tools
 Simplified maintenance and updates
 Supports direct & transitive dependencies

14. One Consolidated Agent
14
Expanded Package
Manager Support for:
 CocoaPods
 Hexagon
 Carthage
 7 Package Managers of Go
(such as Dep, Godep, vndr and more)

15. Additional Unified Agent Updates
15
#1 Scan Code Without Updating The Inventory
• enables you to scan your code and check policies
without actually updating the inventory
#2 Remote URL Configuration
• use a configuration file stored in a remote location
#3 Annotate A Scan
• manually add a comment to a scan via the
configuration file or via the CLI

16. End Of Life Plans
16
With the release of the
WhiteSource Unified
Agent, the following
plugins will be deprecated
as of
May 1st, 2019:

17. Integrations

18. CircleCI Orb: New Integration
18
• Orbs are CircleCI configuration packages that can be shared across
projects
• The WhiteSource Scanner (Unified Agent) can be integrated as part of
the build process in a native Orb Integration

19. Fortify SSC: Proxy Support
19
• Quick Recap: Step up your
security strategy in Fortify
SSC’s dashboard with
actionable information on
found open source
vulnerabilities
• As of now, you can use a
proxy server while
accessing Fortify via a
configuration file or CLI

20. Amazon ECR: Scan Docker Images
20
• Integrate Amazon ECR with the Unified Agent in order to scan Docker
Images
• The scanner is able to save your required images, by scanning and will be
able to scan the file system and installed packages
• It scans all the image layers, and handles archive files in the layers based
on the values defined in the configuration

21. Github: Native Integration
21
• WhiteSource is now
integrated into the native
environment of Github
• WhiteSource Bolt for Github
continuously scans all your
repos in GitHub, and opens
issue tickets every time a
vulnerable open source
library dependency is found

22. Github: Native Integration
22
• The issue will provide you with
reference links, a dependency
tree (if relevant), the
vulnerability severity as well as
a suggested fix
• The tool supports both private
and public repositories

23. AzureDevops: Native Integration
23
• Automatically detects all open source components in your software,
without ever scanning your code
• The tool provides you with real-time alerts on vulnerable and outdated
open source components and generates comprehensive up-to-date
inventory, licenses and security reports with one click

24. API Enhancements

25. API 1.1 Version
25
• API Requests can now be made for Product admin and organization
admin, according to their scope.

26. WhiteSource Advise
(WebAdvisor)

27. WhiteSource Advise Updates
27
• Scan any code snippet by highlighting it, right-clicking and selecting the
‘Scan with Web-Advisor’ option from the pop-up menu
• Add the Web-Advisor directly from your account without having to
request an invitation from an admin

28. WhiteSource Prioritize (Effective
Usage Analysis)

29. Enhanced UI Experience
29

30. Multi-Module Support
30
• Enables analysis to be directly applied on a large project structure that
is comprised of multiple sub-projects
• Run analysis on the 'sub' modules referenced from a 'main' module by
referencing parameters for the 'main' module without being required to
explicitly specify parameters for each of the 'sub' modules

31. Join our Effective Usage Analysis JavaScript beta program now!
What’s in it for you? Free access to the technology for an extended period
of time!
Sign up here: product@whitesourcesoftware.com
Missed Out On Our Last Beta Round?

32. Community Portal News

33. Product Idea Zone
33

34. Q&A Session

35. THANK YOU
For more info please contact us: product@whitesourcesoftware.com
WhiteSourceSoftware.com