WhiteSource

The WhiteSource bundled plugin identifies all the open-source components and dependencies in your build, reports any known security vulnerabilities, and lists their licenses.

Prerequisites

Before you can use the plugin, you need the following:

  • An active organization (and API token) for the WhiteSource SaaS service.
  • Access to the WhiteSource administrative site.
  • A product and project to report results to.
  • The project token.

Back to top

Create server configuration file

The WhiteSource plugin's server configuration file is located in:

<pulse_data>/conf/experts/com.serena.starlight/whitesource/whitesource-pulse-expert.properties

Property Description
whitesourceServerUrl Specifies the URL to the WhiteSource server. Change the URL only if you are using the on-premises version of WhiteSource.

Example server configuration file:

Copy code
whitesourceServerUrl=https://saas.whitesourcesoftware.com

Back to top

Configure WhiteSource plugin

When you add the WhiteSource plugin to a chain, specify the plugin configuration details.

To configure the WhiteSource step:

  1. Add the WhiteSource step to a chain, as described in Create chains.

  2. Enter the plugin configuration details:

    Field Description
    Title Enter a name for the plugin step or accept the default name.
    Api key Enter the API key of a product registered in WhiteSource (also known as organization token). Copy the value from WhiteSource.
    Product token (Optional) Enter the product token generated when registered in WhiteSource. Copy the value from WhiteSource.
    Project token Enter the project token generated when the product was registered in WhiteSource. Copy the value from WhiteSource.
    Include pattern

    (Optional) To include only specific resources, enter Ant patterns separated with spaces, for example:

    **/*.jar **/*.js

    Exclude pattern

    (Optional) To exclude specific resources, enter Ant patterns separated with spaces, for example:

    **/*sources.jar **/*javadoc.jar

    Poll delay (Optional) Specify how often, in seconds, the plugin polls the WhiteSource database. The default polling period is 30 seconds.
    Update Inventory (Optional) Update the WhiteSource project dashboard with new findings. If not selected, the findings are only reported in PulseUno.

Back to top

See also: