...
The process begins with setting up the Unified Agent to scan. There are several methods (in this order of precedence): Command-line parameters, environment variables, configuration file, or leave the config file's default values. See here for more information regarding these methods.
The Unified Agent scanning works the following way: Directories are scanned using GLOB patterns to identify the open-source components, whereupon the Unified Agent checks each new component against product/project level policies and organizational policies (note that no source code is scanned - only descriptive information is sent to WhiteSource). Policies are created to alert organizations to act based on predetermined actions and criteria, such as rejecting/accepting a component based on its license type. If any components were rejected by a policy, the Unified Agent provides a policy violation exit code, which can be used to fail a build.
...