Table of Contents |
---|
...
WhiteSource Advise supports JavaScript projects using npm (package.json dependency files) that include a package-lock.json file.
NOTE: Yarn projects are not supported.
Prerequisites
Ensure the following:
...
Start WebStorm.
From the menu bar, select File > Settings. The Settings screen is displayed.
From the left sidebar, click Plugins.
In the Search box, enter whitesource and then press Enter from your keyboard. The WhiteSource Advise plugin information is displayed.
Click Install and then click Restart IDE.
In the pop-up dialog box, click Restart.
Activating WhiteSource Advise
...
NOTE: If you check Remember Token, the login credentials will be stored for later use. Once stored, the WhiteSource Advise login credentials will be used for all projects.
Configuring WhiteSource Advise
To configure WhiteSource Advise, do as follows:
Info |
---|
Changes made to the WhiteSource settings will only apply after running the next scan. |
From the menu bar, select File > Settings. The Settings screen is displayed.
Select Tools > WhiteSource.
In Scan Results Settings, review the options and modify if necessary. See here for a list of all options.
Options Table
Option | Description | Default Setting |
---|---|---|
Only show issues for direct dependencies | When enabled, WhiteSource Advise will only return vulnerabilities for direct dependencies defined in your dependency file. | Unselected (not checked) |
Scanning a Project for Security Vulnerabilities
...