In order to use the selection tool you first need to receive a link from WhiteSource. Clicking on the link will take you to the Chrome Web Store. Click on the “Add To Chrome” button and download the WhiteSource Selection Extension.
After downloading the WhiteSource Selection extension we first need to create a new access token. Log into your WhiteSource account and click on the “admin” tab. Select “personal access tokens” option.
On your left, enter the email of the user you wish to grant access to, click “add” and copy the token. Click on the Selection plugin extension, select “settings” and paste the token under “update token”. Click on “submit”.
When you browse for a specific library version page within one of the open source repositories you can see the WhiteSource selection plugin red mark when a library is identified.
For example, go to Maven Central and look for Apache Commons BeanUtils. Once we browse into the page of version 1.8.0, you can see the library is identified. Click on the icon, the selection tool will pop up and you’ll be able to see the following information:
1) Library identity: to ensure you are looking at the right component.
2) Used also in: will show you if your organization is already using this specific library. This will indicate usage for this specific version.
3) Licenses: will show you the open source license of this component.
4) Security Vulnerabilities: will provide a list of all related CVEs and its severity.
5) Quality: will provide an overall score based on the activity, like: commits, version releases etc.
6) Policies: will show you whether the license of the library meets your company’s policy as configured in your WhiteSource account.
Your developers can also ask for a specific repository, thus saving time and preventing the addition of problematic components to your software.