Share this page
WhiteSource
The WhiteSource bundled plugin identifies all the open-source components and dependencies in your build, reports any known security vulnerabilities, and lists their licenses.
Prerequisites
Before you can use the plugin, you need the following:
- An active organization (and API token) for the WhiteSource SaaS service.
- Access to the WhiteSource administrative site.
- A product and project to report results to.
- The project token.
Create server configuration file
The WhiteSource plugin's server configuration file is located in:
${dataDir}/conf/experts/com.serena.starlight/whitesource/whitesource-pulse-expert.properties
| Property | Description |
|---|---|
| whitesourceServerUrl | Specifies the URL to the WhiteSource server. Change the URL only if you are using the on-premises version of WhiteSource. |
Example server configuration file:
whitesourceServerUrl=https://saas.whitesourcesoftware.comConfigure plugin settings
When you add the WhiteSource plugin step to a chain, specify the following configuration details:
| Field | Description |
|---|---|
| Title | Enter a name for the plugin step. Default: WhiteSource. |
| Api key | Enter the API key of a product registered in WhiteSource (also known as organization token). Copy the value from WhiteSource. |
| Product token | (Optional) Enter the product token generated when registered in WhiteSource. Copy the value from WhiteSource. |
| Project token | Enter the project token generated when the product was registered in WhiteSource. Copy the value from WhiteSource. |
| Include pattern |
(Optional) To include only specific resources, enter Ant patterns separated with spaces, for example: **/*.jar **/*.js |
| Exclude pattern |
(Optional) To exclude specific resources, enter Ant patterns separated with spaces, for example: **/*sources.jar **/*javadoc.jar
|
| Poll delay | (Optional) Specify how often, in seconds, the plugin polls the WhiteSource database. The default polling period is 30 seconds. |
| Update Inventory | (Optional) Update the WhiteSource project dashboard with new findings. If not selected, the findings are only reported in PulseUno. |
See also:
