Up until now WhiteSource automatically detected all your open source libraries and provided you information about its licenses and known security vulnerabilities. From now on, White Source will also track and alert you on software bugs discovered in your open source libraries.
Each bug is classified based on severity: Trivial, Minor, Major, Critical and Blocker.
You can see a detailed report of all your critical and blocker bugs. Just choose the high-severity bugs report from the reports drop down menu. This report lists all known open high-severity bugs of libraries in your inventory.
You can also set up an automated policy based on Bug Rating. Just go to policies, click ‘add policy’, name your policy and choose ‘Bug Rating’ from the drop down menu.
In addition to alerts and reports, you can also see the overall quality rating for each component, when the data is publicly available.
In the library details page you can see the quality rating, which takes into consideration the following:
- Bug rating – reflects the amount and severity of open bugs for this specific version.
- Fix rating – represent the amount of bugs fixed in this specific version.
- Version Activity – is the commit activity in this version compared to the other version.
For additional information you can click the details link and see the following:
- Bug Statistic – the number of open and closed issues reported by severity.
- Source Control Activity - number of commits as an indicator for its level of activity.
- High Severity Bugs - the issue tracker link for each critical and blocker bug. Note that you might see an issue closed in the project’s issue tracker, but if the issue was fixed in a later version it will remain open in your version until you’ll upgrade your version.
We’d love to hear your feedback.