...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
---|---|---|---|---|---|
resolveAllDependencies | Whether to enable or disable by default all dependency resolvers for a scan. For example, when the following parameters are set, only npm dependencies will be resolved in this case: | When set to True, the default for all package managers' resolveDependencies parameter is set to True, unless explicitly set to False. | When set to False, the default for all package managers' resolveDependencies the parameter is set to False, unless explicitly set to True. | True | -resolveAllDependencies |
excludeDependenciesFromNodes=.*commons-io.*,.*maven-model | Comma-delimited list of regular expressions. Specify an artifact id or multiple artifact ids (comma-delimited) to exclude the provided tree nodes and their sub-nodes from the scan. NOTE: These will not be added to your project inventory. | N/A | N/A | No default | No |
Java
Maven
...
In case the following parameters are set explicitly in the Unified Agent configuration file (when the generic ResolveAllDependencies parameter is set to false), the Maven multi-module project should automatically be detected.
maven.resolveDependencies=true
maven.aggregateModules=false
As a result, the Unified Agent will scan it and create a project per module in WhiteSource.
The 'mvn dependency:tree' command will run on your POM.xml file as part of the Unified Agent. It requires each of your dependencies to include a 'groupId', 'artifactId' and 'version' tag.
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
---|---|---|---|---|---|
maven.ignoredScopes | Define which exact scope names to ignore. By default, the Unified Agent ignores direct dependencies with scope 'test' and 'provided'. | N/A | N/A | "provided" and "test" | -maven.ignoredScopes |
maven.resolveDependencies | Whether to resolve Maven dependencies, requires "pom.xml". | In case the project is a Maven project, the resolution will start. | The Maven resolution will not start resolution. | True | -maven.resolveDependencies |
maven.ignoreSourceFiles | When using the dependency resolver, it will only include pom.xml dependencies, not source files and packages. NOTE: Only relevant when fileSystemScan is true. | Will ignore files from scan, those which have extensions such as:".java", ".class","pom.xml". | Will not ignore the mentioned file extensions. | False | |
maven.aggregateModules | Combines all pom modules into a single WhiteSource project with an aggregated dependency flat list (no hierarchy). | Will create a single project for all modules, to be displayed as a flat list. | A project will be created for each module and displayed as a hierarchical tree. | False | -maven.aggregateModules |
maven.ignorePomModules | Whether to ignore dependency resolving of a pom.xml file containing a 'pom' value inside a packaging tag, i.e., '<packaging>pom</packaging>'. | The dependency resolver will ignore all dependencies specified inside a pom.xml file that contains a packaging tag with 'pom' value ('<packaging>pom</packaging>') | The dependency resolver will not ignore all dependencies specified inside a pom.xml file that contains a packaging tag with 'pom' value ('<packaging>pom</packaging>') | True | No |
maven.runPreStep | Whether to run "mvn clean install" command on found pom.xml folder | Will run the "mvn clean install" command | Will not run the "mvn clean install" command | False | No |
maven.ignoreMvnTreeErrors | If the command `mvn dependency:tree` fails, we try to resolve the partial output (of the command) if it exists and parse all the direct dependencies from the pom.xml file. | The scan will end with success and will send a flat list (direct only). | The scan will end with errors. | False | No |
maven.environmentPath | Path to the Maven installation in case it does not match the M2_HOME environment variable | N/A | N/A | No default | No |
maven.m2RepositoryPath | Path to .m2 folder, in case it is not available in the default location. | N/A | N/A | No default | No |
maven.downloadMissingDependencies | Allows users to disable downloading missing dependencies in Maven. | In case there is a missing dependency jar/binary in the repository, the code will try to download the missing dependency. | The downloading of missing dependencies will be disabled. | True | No |
maven.additionalArguments | Provides any parameters starting with '-' or '--', and Unified Agent should add these to the end of the Maven commands. Example values:
| N/A | N/A | No default | No |
failErrorLevel | Returns an error code for the following cases:
NOTE: When set to ALL, the Unified Agent returns an error code for all errors in the scan, rather than SUCCESS. This can be useful for customers migrating from the plugins (NPM, MAVEN etc.) to the Unified Agent. | N/A | N/A | DEFAULT | No |
maven.projectNameFromDependencyFile | Whether a project name will be taken from the dependency file. | The project name will be taken from the pom.xml's 'artifactId' field. Works only when the maven resolver is the only active resolver. If the Unified Agent identifies any additional resolvers besides Maven that are set to True, an error is generated. | The project name will be taken from the CLI/configuration file. | False | No |
...
...
Gradle
...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
---|---|---|---|---|---|
gradle.ignoredConfigurations
| Enables you to determine which dependency configurations to ignore in the scan. The format is according to the following:
For example: ignores configurations named “testCompileOnly” and “testRuntimeOnly”.
For example: | N/A | N/A | No default | No |
gradle.resolveDependencies | Whether to resolve Gradle dependencies. Requires build.gradle or build.gradle.kts. | Resolves Gradle dependencies | Will not resolve Gradle dependencies | True | -gradle.resolveDependencies |
gradle.runAssembleCommand | In case of a missing dependency, executes the 'gradle assemble' command | Executes the 'gradle assemble' command | Will not execute the 'gradle assemble' command | True | No |
gradle.runPreStep | The Unified Agent will add additional jars to the customer's global cache. | For each build.gradle file that the Unified Agent finds:
| Will depend on Gradle dependencies to fill out missing cache dependencies. | False | No |
gradle.ignoreSourceFiles | When using the dependency resolver, it will include only package dependencies, not source files. NOTE: Only relevant when fileSystemScan is true. | The scan includes only package dependencies, not source files. | When using the dependency resolver, it will include package dependencies, plus source files. | False | No |
gradle.aggregateModules | Whether to create a single project for all modules. | Creates a single project for all modules. | A project will be created for each module. The name of the project will be equal to the name of the module (if so, projectName will be ignored). | False | -gradle.aggregateModules |
gradle.preferredEnvironment | When set to 'wrapper', the Unified Agent will run the 'gradlew' wrapper command. If set to 'gradle', it will use the built-in gradle command. | N/A | N/A | gradle | No |
gradle.localRepositoryPath | Paths to the gradle local repository. For example, in Windows, the path can be defined as the following: NOTE: From 19.5.3 it can handle a list of paths with comma/space-delimited. | N/A | N/A | No default | No |
gradle.wrapperPath | The path to | N/A | N/A | No default | No |
gradle.downloadMissingDependencies | Enables the user to disable downloading of missing dependencies in Gradle. | Enables the Unified Agent to download missing dependencies. | The Unified Agent will not download missing dependencies. | True | No |
gradle.additionalArguments | Enables users to add additional arguments to the Unified Agent's existing commands. The existing commands are gradle dependencies or gradle wrapper dependencies. This works the following way: Users can provide any parameters starting with '-' or '--', and Unified Agent will add these at the end For example:
| N/A | N/A | No default | No |
gradle.includedConfigurations | Enables you to determine which dependency configurations to include in the scan. The format is according to the following:
Values should be space-delimited.
Includes configurations named “compileOnly” and “testCompileOnly”.
For example:
Includes all configuration names that contain the string "Only" | N/A | N/A | No default | No |
gradle.excludeModules | Enables excluding specific modules in the Gradle scan. The format is according to the following:
| N/A | N/A | No default | No |
gradle.includeModules | Enables including specific modules in the Gradle scan. The format is according to the following:
| N/A | N/A | No default | No |
gradle.innerModulesAsDependencies | When set to false, this parameter ignores and excludes all the modules dependencies from the resolution scan. | Includes all the modules dependencies from the resolution scan." | Ignores and excludes all the modules dependencies from the resolution scan. | True | No |
...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
---|---|---|---|---|---|
sbt.resolveDependencies | Whether to resolve | Will resolve | The Scala dependencies will not be resolved. | True | No |
sbt.ignoreSourceFiles | When using the dependency resolver, it will include only package dependencies, not source files (file extensions .scala and .sbt). NOTE: Only relevant when fileSystemScan is true. | Will ignore such source files in the scan. | Will scan such source files. | True | No |
sbt.aggregateModules | Whether to create a single project for all modules. | Will gather all Scala modules' scanned dependencies into one project in the WhiteSource application. | A project will be created individually for each module. The name of the project will be equal to the name of the module (projectName will be ignored in this case). | False | No |
sbt.runPreStep | Whether to run "sbt compile" on found in the Scala project folder. | Will run the "sbt compile" command. | Will not run the command. | False | No |
sbt.includedScopes | Describes which scopes should be scanned in the Scala resolver. Users can define additional scopes. | N/A | N/A | The default values are "compile" and "runtime" | No |
R
WhiteSource supports integration with R via the Packrat package manager, but can also be used by customers not using Packrat. The configuration parameters that are specifically related to R programming language include the following:
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
---|---|---|---|---|---|
r.resolveDependencies | Whether to resolve R dependencies defined in the DESCRIPTION file. | Resolves R dependencies. | Will not resolve R dependencies | True | No |
r.runPreStep | Whether to run the | Runs the | Will not run the | False | No |
r.ignoreSourceFiles | When using the dependency resolver, it will include only package dependencies, not source files. NOTE: Only relevant when fileSystemScan is true. | Includes only package dependencies. | The scan will include package dependencies + source files. | True | No |
r.cranMirrorUrl | The repository for downloading the R packages while running the pre-step. NOTE: Required when r.runPreStep is True. | N/A | N/A | No default | No |
r.packageManager | Describes which type of R package manager the UA should use. The default value is packrat. Setting the value to 'None' will scan R dependencies without using any package manager - it will only use basic R commands e.g. | N/A | N/A | 'packrat' | No |
...