The WhiteSource bundled plugin identiﬁes all the open-source components and dependencies in your build, reports any known security vulnerabilities, and lists their licenses.
Before you can use the plugin, you need the following:
- An active organization (and API token) for the WhiteSource SaaS service.
- Access to the WhiteSource administrative site.
- A product and project to report results to.
- The project token.
Create server configuration file
The WhiteSource plugin's server configuration file is located in:
|whitesourceServerUrl||Specifies the URL to the WhiteSource server. Change the URL only if you are using the on-premises version of WhiteSource.|
Example server configuration file:
Configure plugin settings
When you add the WhiteSource plugin step to a chain, specify the following configuration details:
|Title||Enter a name for the plugin step. Default: WhiteSource.|
|Api key||Enter the API key of a product registered in WhiteSource (also known as organization token). Copy the value from WhiteSource.|
|Product token||(Optional) Enter the product token generated when registered in WhiteSource. Copy the value from WhiteSource.|
|Project token||Enter the project token generated when the product was registered in WhiteSource. Copy the value from WhiteSource.|
(Optional) To include only specific resources, enter Ant patterns separated with spaces, for example:
(Optional) To exclude specific resources, enter Ant patterns separated with spaces, for example:
|Poll delay||(Optional) Specify how often, in seconds, the plugin polls the WhiteSource database. The default polling period is 30 seconds.|
|Update Inventory||(Optional) Update the WhiteSource project dashboard with new findings. If not selected, the findings are only reported in PulseUno.|