WhiteSource

The WhiteSource bundled plugin identifies all the open-source components and dependencies in your build, reports any known security vulnerabilities, and lists their licenses.

Prerequisites

Before you can use the plugin, you need the following:

  • An active organization (and API token) for the WhiteSource SaaS service.
  • Access to the WhiteSource administrative site.
  • A product and project to report results to.
  • The project token.

Back to top

Create server configuration file

The WhiteSource plugin's server configuration file is located in:

${dataDir}/conf/experts/com.serena.starlight/whitesource/whitesource-pulse-expert.properties

Property Description
whitesourceServerUrl Specifies the URL to the WhiteSource server. Change the URL only if you are using the on-premises version of WhiteSource.

Example server configuration file:

Copy code
whitesourceServerUrl=https://saas.whitesourcesoftware.com

Back to top

Configure plugin settings

When you add the WhiteSource plugin step to a chain, specify the following configuration details:

Field Description
Title Enter a name for the plugin step. Default: WhiteSource.
Api key Enter the API key of a product registered in WhiteSource (also known as organization token). Copy the value from WhiteSource.
Product token (Optional) Enter the product token generated when registered in WhiteSource. Copy the value from WhiteSource.
Project token Enter the project token generated when the product was registered in WhiteSource. Copy the value from WhiteSource.
Include pattern

(Optional) To include only specific resources, enter Ant patterns separated with spaces, for example:

**/*.jar **/*.js

Exclude pattern

(Optional) To exclude specific resources, enter Ant patterns separated with spaces, for example:

**/*sources.jar **/*javadoc.jar

Poll delay (Optional) Specify how often, in seconds, the plugin polls the WhiteSource database. The default polling period is 30 seconds.
Update Inventory (Optional) Update the WhiteSource project dashboard with new findings. If not selected, the findings are only reported in PulseUno.

Back to top

See also: