Versions Compared

Old Version 59

changes.mady.by.user Tsur Rothfeld

Saved on

compared with

New Version 60

changes.mady.by.user Tsur Rothfeld

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

WhiteSource Advise for IntelliJ IDEA supports Java, Kotlin and Scala projects using Maven (pom.xml dependency files), and supports Java projects using Gradle (build.gradle dependency files).

NOTES: 

  • Gradle Kotlin projects are not supported in WhiteSource Advise.

  • When using the the "apply from" script plugin in Gradle projects, remote script location is not supported.

...

  • A valid license for WhiteSource for Developers

  • A license key for WhiteSource Advise for IDE, available via one of the following options:

    • If you do not have direct access to the WhiteSource Application, obtain the license key from your WhiteSource Administrator.

    • If you have access to the WhiteSource Application, do as follows (NOTE: This option is only available when using version 20.11.1 or later of WhiteSource Advise):

      1. Go to the WhiteSource Application.

      2. Open the Profile page.

      3. In the WhiteSource Advise - IDE Integration section at the bottom, select your organization.

      4. Copy your personal license key to be used later in Activating WhiteSource Advise.

  • Java JDK 1.8 and up (see here for instructions) or OpenJDK 1.8 and up is installed

  • Depending on whether scanning Maven or Gradle applications, note the following guidelines:

    • Apache Maven application is installed and the Maven path and all environment variables are set up (see here for instructions).

    • Gradle application is installed and the Gradle path and all environment variables are set up. NOTE: Gradle version 4.8 or above must be installed.

  • IntelliJ IDEA is installed and you are familiar with its basic functionality

  • The plugin supports the following IntelliJ IDEA versions:

    • 2020.3

    • 2020.2

    • 2020.1

    • 2019.3

    • 2019.2

    • 2019.1

    • 2018.3

    • 2018.2

    • 2018.1

    • 2017.3

    • 2017.2

  • Limitation - Gradle support for the following IntelliJ IDEA versions are notsupported on macOS: 

    • 2019.1

    • 2018.3

    • 2018.2

    • 2018.1

    • 2017.3

    • 2017.2

...

  1. Start IntelliJ IDEA.

  2. From the menu bar, select File > Settings. The Settings screen is displayed.

  3. From the left sidebar, click Plugins.

  4. In the Search box, enter whitesource and then press Enter from your keyboard. The WhiteSource Advise plugin information is displayed.

  5. Click Install and then click Restart IDE.

  6. In the pop-up dialog box, click Restart.

Activating WhiteSource Advise

...

  1. Start IntelliJ IDEA, specifying the preferred project.

  2. From the sidebar on the right, click WhiteSource (if you do not see the sidebar, select View >Tool Windows > WhiteSource). The Welcome screen is displayed.

  3. In Email, enter your organizational email (the email domain must be licensed to use Advise).

  4. In License Key, enter your license key (See here for more information on how to obtain a license key). 

  5. Click Connect.

...

  • To quickly locate the component referenced by a reported vulnerability in the project’s pom.xml or build.gradle view, double-click the component in the WhiteSource security check tab. The referenced component description in the pom.xml or build.gradle file will be displayed and highlighted in the main code view.

  • To quickly locate vulnerability analysis results for a component in the pom.xml or build.gradle view, click the WhiteSource Advise severity icon displayed to the left of that component reference in the pom.xml. Note that the icon denotes the severity of the vulnerability (yellow: low severity; orange: medium severity; red: high severity). A tooltip featuring relevant analysis details including a dependency path from the proprietary code to the open-source component will be displayed. Vulnerability details are also displayed as part of the tooltip and include the vulnerability identifier (e.g., CVE), severity, and a fix suggestion if available. A Details link is displayed which leads to the WhiteSource Vulnerability Database, providing more information on the specific vulnerability.

  • To quickly display an analysis summary for a component in the pom.xml or build.gradle view, hover the mouse pointer over the code for the component in that view; a tooltip will be displayed, featuring a list of all vulnerabilities found within the particular component.

...

The About screen displays information about the Advise plugin's version, general information on your IDE, along with links for Privacy policy and Terms and Conditions.

Generating Debug Logs for WhiteSource Support

To generate debug logs, do as follows:

  1. From the menubar, click Help. A menu is displayed.

  2. Select Diagnostic Tools > Debug Log Settings. The Custom Debug Log Configuration dialog box is displayed.

  3. Enter this text: #org.whitesource.intellij.plugin

  4. Click OK.

Debug logs will now be generated for the integration.

Upgrading WhiteSource Advise 

...