Whitesource documentation for security alerts is unclear

[jomora]

Hey,

the Whitesource documentation regarding "Alerts" is unclear.

https://whitesource.atlassian.net/wiki/spaces/WD/pages/809894145/Managing+Alerts

It states:

Alerts work the following way: Upon scan completion, a customer’s inventory is synchronized to WhiteSource, and the application analyzes the customer’s open-source libraries and source files and compares them to the WhiteSource knowledge base and policy definitions. If security vulnerabilities, licensing and compatibility issues, or policy violations, etc. exist, alerts are triggered for the organization.

In particular, the term "Upon scan completion" suggests that the inventory is only analyzed once upon scan completion. However, we face the situation that we have an alert in "Security Alerts: View By Vulnerability" which was created on the 14th of August, but the scan was triggered on the 13th.

I see two options for the process:

1. The inventory is analyzed regularly, e.g. daily, after the scan results have been uploaded initially.
2. There is a delay of one day between the scan and the update/creation of the alerts.

Could you please clarify the process?

Thanks a lot in advance.

(In case Github issues are not the best way to talk about the documentation, please let us know!)

[LenaKleyner]

Hi @jomora ,

Thanks for your feedback. This specific repository is for the Unified Agent distribution so I think the best way to continue this discussion is via the support channel (support@whitesourcesoftware.com).

Thanks,

Lena