The WhiteSource bundled plugin identiﬁes all the open-source components and dependencies in your build, reports any known security vulnerabilities, and lists their licenses.
Before you can use the plugin, you need the following:
- An active organization (and API token) for the WhiteSource SaaS service.
- Access to the WhiteSource administrative site.
- A product and project to report results to.
- The project token.
Create server configuration file
The WhiteSource plugin's server configuration file is located in:
|whitesourceServerUrl||Specifies the URL to the WhiteSource server. Change the URL only if you are using the on-premises version of WhiteSource.|
Example server configuration file:
Configure WhiteSource plugin
When you add the WhiteSource plugin to a chain, specify the plugin configuration details.
To configure the WhiteSource step:
Add the WhiteSource step to a chain, as described in Create chains.
Enter the plugin configuration details:
Field Description Title Enter a name for the plugin step or accept the default name. Api key Enter the API key of a product registered in WhiteSource (also known as organization token). Copy the value from WhiteSource. Product token (Optional) Enter the product token generated when registered in WhiteSource. Copy the value from WhiteSource. Project token Enter the project token generated when the product was registered in WhiteSource. Copy the value from WhiteSource. Include pattern
(Optional) To include only specific resources, enter Ant patterns separated with spaces, for example:
(Optional) To exclude specific resources, enter Ant patterns separated with spaces, for example:
Poll delay (Optional) Specify how often, in seconds, the plugin polls the WhiteSource database. The default polling period is 30 seconds. Update Inventory (Optional) Update the WhiteSource project dashboard with new findings. If not selected, the findings are only reported in PulseUno.