WhiteSource & GitLab

WhiteSource

WhiteSource automates the entire process of open source component selection, approval and management, including automatic detection and remediation of security and compliance issues. WhiteSource supports 200+ programming languages including source files, all while integrating into every stage of the software development lifecycle (SDLC) to alert in real time and help you fix issues faster and easier.

In our view, developers should have a main role in open source security, therefore, they require full visibility to vulnerabilities. As a solution to this, we created WhiteSource for Developers, a product suite allowing developers to utilize WhiteSource's capabilities within their natural development environments.

WhiteSource's integration with GitLab will allow developers to constantly keep their software safe by providing actionable information regarding the vulnerability details and the suggested fix.

Workflow

graph TD;
  Repo_Change-->WhiteSource_Scan;
  WhiteSource_Scan-->Vulnerabilities_Detected;
  Vulnerabilities_Detected-->Issues_Opened;
  Vulnerabilities_Detected-->Shown_in_Commit_Status;
  Issues_Opened-->MR_Opened;

Questions

The best GitLab.com integration option for us at the moment seems to be as a "Project Service" because of the smooth onboarding and integration into GitLab.com's UI, but this requires our code to become open source. Are there any other options?
If we do end up integrating as a "Project Service" on GitLab.com, is there any way to enable the integration for multiple projects at once? We have customers with 100+ repositories.
Is there any possibility of altering GitLab's UI with an integration? For example adding an information strip at the top of a project to show the project's overall security status.
We plan on integrating with GitLab's on-prem solution by configuring a system hook which leads to our webhook handler. Is there any way to set up a "Settings" area for WhiteSource so we can filter events by project/group?