Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Once you set up a Workflow Rule, WhiteSource Remediate will start monitoring your selected repositories for vulnerable dependencies and generate corresponding fix Pull Requests.

Configuration of credentials


If you are running Remediate against already, or making use of WhiteSource for, then you don’t need to provision credentials explicitly.

Regardless of which platform you are running on ( or GitHub Server), Remediate can locate and embed open source Release Notes from projects hosted on into Pull Requests. When Renovate functionality is enabled, Remediate may also need to fetch lists of tags and releases from for other reasons (such as to check if a particular open-source package has any newer versions).

However, GitHub heavily rate limits any unauthenticated API requests to, so if credentials are not available then Remediate will disable Release Notes fetching as well as github-tags, github-releases, and go datasources to ensure predictable behavior. Remediate will log a WARN message on startup if such credentials are missing.

For other use cases (including self-hosted GitHub Enterprise Server), to provide such credentials to the Remediate container, you should configure a Personal Access Token into the environment variable GITHUB_COM_TOKEN. This token can belong to any account and does needs only public read-only permissions. For details on creating such a token,


click here

WhiteSource cannot provide customers with a token for accessing as that would go against that platform’s Terms of Service.

Proxy Support

WhiteSource Remediate can be configured to work with proxy servers using either the prop.json configuration file or using environment variables.