...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
|---|---|---|---|---|---|
apiKey | (Mandatory) A unique identifier of your organization. Used to identify the organization in plugins. | N/A | N/A | No default | -apiKey |
userKey | Unique identifier of the user that can be generated from the Profile page in your WhiteSource account. NOTE: Required only if Enforce user level access is selected in the Integrate page. | N/A | N/A | No default | -userKey |
requesterEmail | The provided email will be matched with an existing WhiteSource account. Requests for new libraries will be created with the matched account as the requester email. user@provider.com | N/A | N/A | No default | No |
projectName | The name of the project to update (mandatory). NOTE: If not defined, then projectToken must be defined instead. | N/A | N/A | No default | -project |
projectVersion | The project's version. NOTE: Added to the name if Use version in project names is selected in the Integrate page. | N/A | N/A | No default | -projectVersion |
projectToken | Unique identifier of the project to update; found on the Integrate page. NOTE: If not defined, then projectName must be defined instead. | N/A | N/A | No default | -projectToken |
projectTag | Enables setting of project tag only for a newly-created project. Project tag should be defined with key:value For example: projectTag= myTagKey:myTagValue NOTE: This parameter is not supported when using the Repo Integrations or the Azure DevOps Services Integration. | N/A | N/A | No default | -projectTag |
productName | Name of the product to update | N/A | N/A | MyProduct | -product |
productVersion | Version of the product and project to update. It overrides the project version. | N/A | N/A | No default | -productVersion |
productToken | Unique identifier of the product to update; found on the Integrate page. | N/A | N/A | No default | -productToken |
projectPerFolder | Creates one project per subfolder according to your "-d" parameter. Each subfolder is named according to the folder. | A project per folder is created | A project per folder is not created | False | -projectPerFolder |
projectPerFolderIncludes | Comma or space-delimited list of folder names to be included in the scan. NOTE: Relevant only if projectPerFolder is True. | N/A | N/A | All folders | No |
projectPerFolderExcludes | Comma or space-delimited list of folder names to be excluded from the scan. NOTE: Relevant only if projectPerFolder is True. | N/A | N/A | The default value is "" | No |
wss.connectionTimeoutMinutes | Connection timeout in minutes. | N/A | N/A | 60 | |
wss.url=https://saas.whitesourcesoftware.com/agent | Enable the relevant URL according to your organization's WS Server URL from your Profile page on the Server URLs panel (additionally, it can be found in the Integrate tab). Then, add the agent path. | N/A | N/A | -wss.url |
...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
|---|---|---|---|---|---|
offline | Whether to create an offline update request instead of sending one to WhiteSource. | An offline request file is created in the whitesource folder next to the scanned project. | Results are sent directly to the server. | False | -offline |
updateType | If scanning a previously-scanned project, whether to append or override the results.
| N/A | N/A | OVERRIDE | -updateType |
ignoreSourceFiles | Whether to only include package dependencies for all package managers/dependency resolvers. IMPORTANT: As of version 21.2.2, this parameter is being deprecated and will be replaced by a new parameter, fileSystemScan. | Overrides the individual NOTE: When ignoreSourceFiles is used, then the includes/excludes parameter will be ignored. | No override action will occur, and each of the package manager's | False | No |
fileSystemScan | Performs a file system scan for source files and binaries, in addition to the package manager based dependencies resolution. The files to be scanned can be controlled by the includes and excludes parameters and the resolver-specific ignoreSourceFiles parameters. IMPORTANT: This parameter is new for version 21.2.2, and overrided overrides the soon-to-be-deprecated ignoreSourceFiles. | Performs a file system scan for source files and binaries, in addition to the package manager based dependencies resolution. | Only package manager based dependencies resolution is being performed. | True | No |
scanComment | Adds a comment to a scan. The comment is then displayed in the Project Vitals panel of the Project pages, and the Plugin Request History Report. Supports UTF-8 characters. | A comment is added to the scan. | No comments will be added to the scan. | No default | -scanComment |
failErrorLevel | When set to ALL - the Unified Agent will exit on any major error (such as resolution failed, pre-steps error, etc.) Otherwise, there is no change in behavior. Possible values - ALL or DEFAULT. See here for more information about this parameter. | N/A | N/A | "DEFAULT" | No |
requireKnownSha1 | Checks for dependencies with known/unknown SHA-1. | The Unified Agent will terminate the scan if one or more dependencies with an unknown SHA-1 were found. | The scan will continue normally. | True | -requireKnownSha1 |
generateProjectDetailsJson | Whether to generate a JSON file upon scan completion containing the projectTokens and projectNames. | The Unified Agent generates a JSON file at the end of the scan named scanProjectDetails.json containing the projectTokens and projectNames. | The JSON file report will not be generated. | False | No |
generateScanReport | (For Organization and Product Administrators only) Whether to create a report in JSON format at the end of the scan, which includes information on vulnerabilities, policy violations, top fixes, and inventory details. The filename format is '<project_name>-<yyyy-mm-dd>T<HHmmss>+<UTC offset>-scan_report.json'. NOTES:
| A report in JSON format is created at the end of the scan, which includes information on vulnerabilities, policy violations, top fixes, and inventory details. | The report will not be generated. | False | -generateScanReport |
scanReportTimeoutMinutes | Time-out (in minutes) for the process of generating the scan report. If the timeout interval has passed then the report will not be generated, but the scan will continue. | N/A | N/A | 10 | No |
scanReportFilenameFormat | Controls the filename format of a generated scan report.
| N/A | N/A | Default value is " | No |
updateEmptyProject | Whether to create an empty project in WhiteSource or to update an existing project with empty data. NOTE: This parameter affects all resolvers/package managers. | Updates/creates a project even if there are no dependencies. | Will not create/ update the empty project. | True | No |
log.files.level | For storing logs by default, this determines the log's level:
NOTES:
wss-scan-<date>-<time> | N/A | N/A | Debug | -log.files.level |
log.files.maxFileSize | For storing logs by default, this is the maximum size in MB. If exceeding this size, the file will be overridden. NOTE: This reflects one run (cycle) of the Unified Agent. The files accumulate after each run. | N/A | N/A | 10 MB | No |
log.files.maxFilesCount | For storing logs by default, this is the maximal count of log files. If exceeding this size, the oldest files will be overridden with new files. NOTE: This reflects one run (cycle) of the Unified Agent. The files accumulate after each run. | N/A | N/A | 3 | No |
log.files.path | Location of the created log file. NOTE: In Windows, do not put " | N/A | N/A | The default location of the logs is in the 'whitesource' folder (determined by the whiteSourceFolderPath parameter) | No |
sendLogsToWss | Whether to send logs to WhiteSource. | Sends logs to WhiteSource. | Will not send logs to WhiteSource. | False | No |
case.sensitive.glob | Whether the file system should be case sensitive. | The file system will be case sensitive. | The file system will not be case sensitive. | False | No |
showProgressBar | Whether to display a progress bar inside logs. NOTE: This parameter is valid for the Unified Agent only (not Prioritize). | Progress bars will be displayed inside logs. | Progress bars will not be displayed inside logs. | True | No |
...
For more information regarding Apache Ant integration, refer here.
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
|---|---|---|---|---|---|
ant.resolveDependencies | Whether or to scan Apache Ant-based projects. In cases where the 'ant.pathIdIncludes' parameter is not provided, the Unified Agent will look for the following extensions in your project: jar, war, ear, par, rar, dll, exe, ko, so, msi, zip, tar, tar.gz, swc, swf. | Scans Apache Ant-based projects. | Will not scan Apache Ant-based projects. | True | No |
ant.pathIdIncludes | Regular expression or comma/space-delimited list of path ids (specified in the build.xml file) to include in the scan. NOTE: In order for this parameter's value to have an impact on the scan, the parameter 'ant.resolveDependencies' must be set to True. | N/A | N/A | The default value is ".*" | No |
ant.external.parameters | List of key=value (separated by comma), these values are equal to the ANT <property> XML tag. | N/A | N/A | No default | No |
...
For more information regarding NuGet integration, refer here.
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
|---|---|---|---|---|---|
nuget.resolveDependencies | Whether to resolve NuGet packages.config and .csproj files. | Resolves NuGet packages.config and .csproj files. | Will not resolve NuGet packages.config and .csproj files. | True | No |
nuget.resolvePackagesConfigFiles | Whether to resolve NOTE: In order for this parameter's value to impact the scan, the parameter nuget.resolveDependencies must be set to True. | Resolves | Will not resolve | True | No |
nuget.resolveCsProjFiles | Whether to resolve NOTE: In order for this parameter's value to impact the scan, the parameter nuget.resolveDependencies must be set to True. | Resolves | Will not resolve | True | No |
nuget.restoreDependencies | Whether to run dotnet restore on found '.csproj' files in order to download the project's dependencies. | Runs dotnet restore on found '.csproj' files | Will not run dotnet restore on found '.csproj' files | False | No |
nuget.preferredEnvironment | Defines the preferred NuGet restore command. Available values are nuget and dotnet. NOTE: This parameter will be used only if the nuget.restoreDepencies parameter is set to True. | N/A | N/A | No default | No |
nuget.packagesDirectory | Provides a path to the directory where WhiteSource temporary files will be created (and removed at the end of a scan). NOTE: Provide a short directory, in order to avoid errors related to the path size during the restore command. | N/A | N/A | No default | No |
nuget.ignoreSourceFiles | When using the dependency resolver, whether to include package dependencies or package dependencies + source files. NOTE: Only relevant when fileSystemScan is true. | Includes only package dependencies | Includes package dependencies and source files | True | No |
nuget.runPreStep | Whether to run nuget restore on found 'packages.config' files in order to download the project's dependencies. | Runs nuget restore on found 'packages.config' files in order to download all dependencies to a temporary folder, scans this folder and deletes it after fetching the dependencies. | Will not run nuget restore on found 'packages.config' files. | False | No |
nuget.resolveNuspecFiles | Indicates whether to resolve NOTE: In order for this parameter's value to impact the scan, the parameter nuget.resolveDependencies must be set to True. | Resolves | Will not resolve | True | No |
nuget.resolveAssetsFiles | Resolves obj/project.assets.json file for new .NET dependency management structure. | N/A | N/A | True | No |
...
For more information regarding Go integration, refer here.
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
|---|---|---|---|---|---|
go.resolveDependencies | Whether to resolve Go dependencies. | Will resolve Go projects. | Will not resolve Go projects. | True | No |
go.collectDependenciesAtRuntime | Whether to collect Go dependencies at runtime (similar to the 'runPreStep' parameter for the other languages). When set to True, refer here for an explanation. | Will run the command relevant to the select dependency manager. | Will not run the command | False | No |
go.dependencyManager | Determines the Go dependency manager for use when scanning a Go project. Valid values are:
If left empty, the Unified Agent will first try to resolve the dependencies using the first package manager from this list. If it fails, it continues and tries the next one until it succeeds. | N/A | N/A | No default (empty) | No |
go.ignoreSourceFiles | When using the dependency resolver, it will only include package dependencies, not source files. NOTE: Only relevant when fileSystemScan is true. | Will ignore .go. files from scan. | Will not ignore .go. files from the scan. | False | No |
go.glide.ignoreTestPackages | When using the Glide resolver, whether to ignore test packages defined in the 'testImport' section of the 'glide.yaml' file. | Ignore test packages from the scan. | Does not ignore the mentioned test packages from the scan. | True | No |
go.gogradle.enableTaskAlias | Enables/disables task aliasing for gogradle. Set to True when using gogradle dependency manager and the gradle argument (in 'gradle.properties') includes 'gograld.alias=true'. | Enables task aliasing for gogradle. | Disables task aliasing for gogradle. | False | No |
...
For more information regarding HTML integration, refer here.
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
|---|---|---|---|---|---|
html.resolveDependencies | Whether to resolve JavaScript dependencies from | Resolve JavaScript dependencies from | Will not resolve JavaScript dependencies from | True | No |
...
For more information regarding Docker images, see here.
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
docker.scanImages | Runs scans on all or specified images. When set to True, only the Docker container scan and Linux packages scan will occur. See here for more information on scanning Docker images. | Only the Docker Image scan and Linux packages scan will occur. | Image scan will not take place. | False | -docker.scanImages | ||||||
docker.includes | Comma, space or line-delimited list specifying which images to include in the scan. Values provided should come from either of the following:
| N/A | N/A | The default value is ".*.*" (All images will be scanned) | No | ||||||
docker.excludes | Comma, space or line-delimited list specifying which images to exclude in the scan. Values provided should come from either of the following:
| N/A | N/A | The default value is "" (No images will be excluded) | No | ||||||
docker.pull.enable | Whether to execute "pull" from all from all relevant registries | Executes 'pull' from all relevant registries | Will not pull anything | False | No | ||||||
docker.pull.images | Pull Docker images that match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | The default value is "" (all images will be pulled) | No | ||||||
docker.pull.maxImages | Defines the maximum number of images to be pulled. When this number of pulled images is reached, no more images are pulled. | N/A | N/A | 10 | No | ||||||
docker.pull.tags | Pulls Docker images whose tags match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | The default value is "" (all images will be pulled) | No | ||||||
docker.pull.digest | Pull Docker images whose digests match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | The default value is "" (all images will be pulled) | No | ||||||
docker.delete.force | Enables WhiteSource to use Docker to delete images via the 'force' flag. This is required if the user pulled images that are related to other images, so in this case a regular delete may not work. NOTE: Use this parameter with caution. | WhiteSource uses Docker to delete images via the 'force' flag. | WhiteSource will not use Docker to delete images via the 'force' flag. | False | No | ||||||
docker.login.sudo | Whether the Unified Agent will run 'sudo docker login'. | The Unified Agent will run 'sudo docker login'. | The Unified Agent will not run 'sudo docker login'. | True | No | ||||||
docker.projectNameFormat | Determine's the Docker project's name's format.
| N/A | N/A | "DEFAULT" | No | ||||||
docker.aws.enable | Enables pulling Docker Images from Amazon Elastic Container Registry (ECR). NOTE: If set to True, the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from Amazon Elastic Container Registry (ECR). | Will not pull Docker Images from Amazon Elastic Container Registry (ECR). | False | No | ||||||
docker.aws.registryIds | The Registry IDs list on Amazon Web Services (the AWS 12-digit account IDs that correspond to the Amazon ECR registries). The list must include the following:
NOTE: Required if docker.aws.enable=true. | N/A | N/A | No default | No | ||||||
docker.azure.enable | Enables pulling Docker Images from Azure Container registry. NOTE: If set to True, the 'docker.scanImages' and 'docker.pull.enable' parameter values must also be set to True. | Pulls Docker Images from Azure Container registry. | Will not pull Docker Images from Azure Container registry. | False | No | ||||||
docker.azure.userName | Username for Azure Container registry. NOTE: Required if docker.azure.enable is True. | N/A | N/A | No default | No | ||||||
docker.azure.userPassword | Password for Azure Container registry. NOTE: Required if if docker.azure.enable=true. However, it is not mandatory if you already logged in manually to your Azure account via the Azure Client CLI. | N/A | N/A | No default | No | ||||||
docker.azure.registryNames | Docker registry names in Azure Container registry, space-delimited. NOTE: Required if docker.azure.enable=true. | N/A | N/A | No default | No | ||||||
docker.azure.authenticationType | Whether to use “containerRegistry” or "userAccount" as the authentication type. Using "userAccount" login method requiere setting should be filled "docker.azure.userName" and "docker.azure.userPassword" Using "containerRegistry", login method will login to each registry using registry username and password provided in config file in the param docker.azure.registryAuthenticationParameters | N/A | N/A | userAccount | No | ||||||
docker.azure.registryAuthenticationParameters | Registry authentication parameters should contain username and password for each registry in the following format <registryUsername>:<registryPassword>. If there are more than one registry contain in docker.azure.registryNames param then username and password should be provided separated by space: <registry1UserName>:<registry1Password> <registry2UserName>:<registry2Password> | N/A | N/A | No default | No | ||||||
docker.artifactory.enable | Enables pulling Docker Images from the Artifactory Pro Docker registry. NOTE: Verify that the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from the Artifactory Pro Docker registry. | Will not pull Docker Images from the Artifactory Pro Docker registry. | False | No | ||||||
docker.artifactory.url | Artifactory URL including http:// or https:// and contextpath (Artifactory default contextPath is “/artifactory" ) NOTE:
| N/A | N/A | No default | No | ||||||
docker.artifactory.pullUrl |
| N/A | N/A | No default | No | ||||||
docker.artifactory.userName | Username for Artifactory Pro Docker registry NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.userPassword | Password for Artifactory Pro Docker registry. NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.repositoriesNames | Repository names in Artifactory Pro Docker registry, space-delimited list. NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.dockerAccessMethod | Required when the user has read-only access. Values are: repopath, subdomain, port. In case customers use port method 'docker.artifactory.dockerAccessMethod=port', 'repository port' must be added to each repository in ‘docker.artifactory.repositoriesNames' in this format: <repositoryName>:<repositoryPort> | N/A | N/A | No default | No | ||||||
docker.hub.enabled | Enables pulling Docker Images from the Docker Hub registry. NOTE: Verify that the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from the Docker Hub registry. | Will not pull Docker Images from the Docker Hub registry. | False | No | ||||||
docker.hub.userName | Username for Docker Hub registry. NOTE: Required if docker.hub.enable=true | N/A | N/A | No default | No | ||||||
docker.hub.userPassword | Password required for Password for Azure Container registry. NOTE: Required if docker.hub.enable=true | N/A | N/A | No default | No | ||||||
docker.hub.organizationsNames | Space-delimited list of organizations under the user to be scanned. NOTE: Required if docker.hub.enable=true. | N/A | N/A | No default | No | ||||||
docker.scanTarFiles | Used when the user supplies the tar file of a Docker image. | The Unified Agent will scan the .tar file as a Docker image. | The Unified Agent will not scan the .tar file as a Docker image. | False | No | ||||||
docker.gcr.repositories | A list of repositories, comma-delimited. Example value: | N/A | N/A | Empty | No | ||||||
docker.gcr.enable | Enables pulling Docker Images from Google Container Registry with Docker. NOTE: Verify that the docker.scanImages and docker.pull.enable parameter values are also set to 'true' | Pulls Docker Images from Google Container Registry with Docker. | Will not pull Docker Images from Google Container Registry with Docker. | False | No | ||||||
docker.gcr.account | Email of Google Container Registry account. | N/A | N/A | Empty | No | ||||||
docker.layers | Enables users scanning docker images to receive information regarding packages in layer granularity. The layer granularity can be viewed in the interface under the hierarchical display. | Provides information packages in layer granularity. The scan will split the result into layers, each layer contains all packages/libraries and files found under the layer (in case a package was added at layer 2 and deleted from 3, it will not appear at all in the result, since its not part of the final result). | Will not provide the aforementioned information. | False | No |
...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
|---|---|---|---|---|---|
docker.scanContainers | Scan all or specified containers. General scan using local resolvers (package managers) will only occur if the resolvers are installed and available locally. Before starting a container scan, run the command "docker ps -a" to check for listed containers. | Only the Docker container scan and Linux packages scan will occur. | Container scan will not take place. | False | No |
docker.containerIncludes | Comma, space or line-delimited list specifying which containers to include in the scan. Values provided should come from any of the following:
| N/A | N/A | The default value is "*" (all containers will be scanned) | No |
docker.containerExcludes | Comma, space or line separated list specifying which containers to exclude in the scan. Values provided should come from any of the following:
| N/A | N/A | The default value is "" (no container will be excluded) | No |
...
For more information regarding Artifactory integration, see here.
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
|---|---|---|---|---|---|
artifactory.enableScan | Whether to run Artifactory repository scanner | Runs the Artifactory repository scanner (not the Unified Agent). | Will not run the Artifactory repository scanner | False | No |
artifactory.url | Artifactory host URL. NOTES
| N/A | N/A | No default | No |
artifactory.accessToken | Artifactory access token. NOTES:
| N/A | N/A | No default | No |
artifactory.repoKeys | List of repository names space/comma-delimited. NOTE: Required when | N/A | N/A | No default | No |
artifactory.userName | Artifactory user name NOTE: Required when | N/A | N/A | No default | No |
artifactory.userPassword | Artifactory user password NOTE: Required when | N/A | N/A | No default | No |
artifactory.includes | Comma, space or line separated list of GLOB patterns specifying which Artifactory repositories/folders/files to scan. | N/A | N/A | Empty | No |
artifactory.excludes | Comma, space or line separated list of GLOB patterns specifying which Artifactory repositories/folders/files to exclude. | N/A | N/A | Empty | No |
...