Page Comparison

...

Configuration File Parameter

Description and Expected Behavior

If True

If False

Default

Command Line Parameter Available?

resolveAllDependencies

Whether to enable or disable by default all dependency resolvers for a scan.

For example, when the following parameters are set, only npm dependencies will be resolved in this case:
resolveAllDependencies=false
npm.resolveDependencies=true
#maven.resolveDependencies=false

When set to True, the default for all package managers' resolveDependencies parameter is set to True, unless explicitly set to False.

When set to False, the default for all package managers' resolveDependencies the parameter is set to False, unless explicitly set to True.

True

-resolveAllDependencies

excludeDependenciesFromNodes=.*commons-io.*,.*maven-model

Comma-delimited list of regular expressions.

Specify an artifact id or multiple artifact ids (comma-delimited) to exclude the provided tree nodes and their sub-nodes from the scan.

NOTE: These will not be added to your project inventory.

N/A

No default

No

Java

Maven

...

In case the following parameters are set explicitly in the Unified Agent configuration file (when the generic ResolveAllDependencies parameter is set to false), the Maven multi-module project should automatically be detected.
- maven.resolveDependencies=true
- maven.aggregateModules=false

As a result, the Unified Agent will scan it and create a project per module in WhiteSource.

The 'mvn dependency:tree' command will run on your POM.xml file as part of the Unified Agent. It requires each of your dependencies to include a 'groupId', 'artifactId' and 'version' tag.

Back to top.

Configuration File Parameter	Description and Expected Behavior	If True	If False	Default	Command Line Parameter Available?
maven.ignoredScopes	Define which exact scope names to ignore. By default, the Unified Agent ignores direct dependencies with scope 'test' and 'provided'. This value can be overridden to ignore specific scopes.	N/A	N/A	"provided" and "test"	-maven.ignoredScopes
maven.resolveDependencies	Whether to resolve Maven dependencies, requires "pom.xml".	In case the project is a Maven project, the resolution will start.	The Maven resolution will not start resolution.	True (except for when `resolveAllDependencies=false`	-maven.resolveDependencies
maven.ignoreSourceFiles	When using the dependency resolver, it will only include pom.xml dependencies, not source files and packages. NOTE: Only relevant when fileSystemScan is true.	Will ignore files from scan, those which have extensions such as:".java", ".class","pom.xml".	Will not ignore the mentioned file extensions.	False
maven.aggregateModules	Combines all pom modules into a single WhiteSource project with an aggregated dependency flat list (no hierarchy).	Will create a single project for all modules, to be displayed as a flat list.	A project will be created for each module and displayed as a hierarchical tree.	False	-maven.aggregateModules
maven.ignorePomModules	Whether to ignore dependency resolving of a pom.xml file containing a 'pom' value inside a packaging tag, i.e., '<packaging>pom</packaging>'.	The dependency resolver will ignore all dependencies specified inside a pom.xml file that contains a packaging tag with 'pom' value ('<packaging>pom</packaging>')	The dependency resolver will not ignore all dependencies specified inside a pom.xml file that contains a packaging tag with 'pom' value ('<packaging>pom</packaging>')	True	No
maven.runPreStep	Whether to run "mvn clean install" command on found pom.xml folder	Will run the "mvn clean install" command	Will not run the "mvn clean install" command	False	No
maven.ignoreMvnTreeErrors	If the command `mvn dependency:tree` fails, we try to resolve the partial output (of the command) if it exists and parse all the direct dependencies from the pom.xml file.	The scan will end with success and will send a flat list (direct only).	The scan will end with errors.	False	No
maven.environmentPath	Path to the Maven installation in case it does not match the M2_HOME environment variable	N/A	N/A	No default	No
maven.m2RepositoryPath	Path to .m2 folder, in case it is not available in the default location.	N/A	N/A	No default	No
maven.downloadMissingDependencies	Allows users to disable downloading missing dependencies in Maven.	In case there is a missing dependency jar/binary in the repository, the code will try to download the missing dependency.	The downloading of missing dependencies will be disabled.	True	No
maven.additionalArguments	Provides any parameters starting with '-' or '--', and Unified Agent should add these to the end of the Maven commands. Example values: -s=path/to/settings.xml -s=path/to/settings.xml --threads=2.0C	N/A	N/A	No default	No
failErrorLevel	Returns an error code for the following cases: resolver.runPrepStep failed An error occurred in collecting/running dependencies NOTE: When set to ALL, the Unified Agent returns an error code for all errors in the scan, rather than SUCCESS. This can be useful for customers migrating from the plugins (NPM, MAVEN etc.) to the Unified Agent.	N/A	N/A	DEFAULT	No
maven.projectNameFromDependencyFile	Whether a project name will be taken from the dependency file.	The project name will be taken from the pom.xml's 'artifactId' field. Works only when the maven resolver is the only active resolver. If the Unified Agent identifies any additional resolvers besides Maven that are set to True, an error is generated.	The project name will be taken from the CLI/configuration file.	False	No

...

Gradle

...

Back to top.
Configuration File Parameter
Description and Expected Behavior
If True
If False
Default
Command Line Parameter Available?
gradle.ignoredConfigurations

Enables you to determine which dependency configurations to ignore in the scan.
The format is according to the following:
Exact configuration names to ignore.
Values must be space-delimited.
For example: `gradle.ignoredConfigurations= testCompileOnly testRuntimeOnly`
ignores configurations named “testCompileOnly” and “testRuntimeOnly”.
Configurations can use regular expressions.
For example:`gradle.ignoredConfigurations=.test.` ignores all configuration names that contain the string "test".
NOTE: this paramter was previously named `gradle.ignoredScopes`
N/A
N/A
No default
No
gradle.resolveDependencies
Whether to resolve Gradle dependencies. Requires build.gradle or build.gradle.kts.
Resolves Gradle dependencies
Will not resolve Gradle dependencies
True
(except for when `resolveAllDependencies=false`
-gradle.resolveDependencies
gradle.runAssembleCommand
In case of a missing dependency, executes the 'gradle assemble' command
NOTE: This command is executed only if `gradle.resolveDependencies` is True.
Executes the 'gradle assemble' command
Will not execute the 'gradle assemble' command
True
No
gradle.runPreStep
The Unified Agent will add additional jars to the customer's global cache.
In most Gradle versions the "gradle dependencies" command we run does this.
For each build.gradle file that the Unified Agent finds:
Unified Agent will copy the Gradle project to a temporary system folder.
Inside of each copied project's build.gradle file, the Unified Agent will add a task (named 'copyDependencies') in order to download the missing dependencies
Unified Agent will run 'gradle copyDependencies' - this step will add the missing dependencies to the user's global cache
Will depend on Gradle dependencies to fill out missing cache dependencies.
False
No
gradle.ignoreSourceFiles
When using the dependency resolver, it will include only package dependencies, not source files.
NOTE: Only relevant when fileSystemScan is true.
The scan includes only package dependencies, not source files.
When using the dependency resolver, it will include package dependencies, plus source files.
False
No
gradle.aggregateModules
Whether to create a single project for all modules.
Creates a single project for all modules.
A project will be created for each module. The name of the project will be equal to the name of the module (if so, projectName will be ignored).
False
-gradle.aggregateModules
gradle.preferredEnvironment
When set to 'wrapper', the Unified Agent will run the 'gradlew' wrapper command. If set to 'gradle', it will use the built-in gradle command.
N/A
N/A
gradle
No
gradle.localRepositoryPath
Paths to the gradle local repository.
For example, in Windows, the path can be defined as the following:
C:\\Users\\JSmith\\.gradle\\caches\\modules-2\\files-2.1
NOTE: From 19.5.3 it can handle a list of paths with comma/space-delimited.
N/A
N/A
No default
No
gradle.wrapperPath
The path to `the gradle wrapper.`
N/A
N/A
No default
No
gradle.downloadMissingDependencies
Enables the user to disable downloading of missing dependencies in Gradle.
Enables the Unified Agent to download missing dependencies.
The Unified Agent will not download missing dependencies.
True
No
gradle.additionalArguments
Enables users to add additional arguments to the Unified Agent's existing commands. The existing commands are gradle dependencies or gradle wrapper dependencies. This works the following way:
Users can provide any parameters starting with '-' or '--', and Unified Agent will add these at the end
For example:
`-Pbranch=dev -PbuildWithSources=false`
`--no-daemon --info`
`-Pbranch=dev -PbuildWithSources=false --no-daemon --info`
N/A
N/A
No default
No
gradle.includedConfigurations
Enables you to determine which dependency configurations to include in the scan.
The format is according to the following:
Exact configuration names to include.
Values should be space-delimited.
For example:
`gradle.includedConfigurations= compileOnly testCompileOnly`
Includes configurations named “compileOnly” and “testCompileOnly”.
Configurations can include regular expressions.
For example:
`gradle.includedConfigurations=.Only.`
Includes all configuration names that contain the string "Only"
NOTE: this parameter was previously named `gradle.includedScopes`
N/A
N/A
No default
No
gradle.excludeModules
Enables excluding specific modules in the Gradle scan.
The format is according to the following:
Exact modules to exclude. Values should be space delimited. For example: gradle.excludeModules= Dev Prod - exclude scopes named 'Dev' and 'Prod'.
Regular expressions. For example: gradle.excludeModules=.Dev. includes all module names that contain (anywhere in their name) the string "Dev".
N/A
N/A
No default
No
gradle.includeModules
Enables including specific modules in the Gradle scan.
The format is according to the following:
Exact modules to include. Values must be space delimited. For example: gradle.includeModules= Dev Prod - include modules named 'Dev' and 'Prod'.
Regular expressions. For example: gradle.includeModules=.Dev. includes all module names that contains these characters.
N/A
N/A
No default
No
gradle.innerModulesAsDependencies
When set to false, this parameter ignores and excludes all the modules dependencies from the resolution scan.
Includes all the modules dependencies from the resolution scan."
Ignores and excludes all the modules dependencies from the resolution scan.
True
No
...
Configuration File Parameter
Description and Expected Behavior
If True
If False
Default
Command Line Parameter Available?
sbt.resolveDependencies
Whether to resolve `Scala` dependencies (using `sbt`).
Will resolve `Scala` dependencies.
The Scala dependencies will not be resolved.
True
(except for when `resolveAllDependencies=false`)
No
sbt.ignoreSourceFiles
When using the dependency resolver, it will include only package dependencies, not source files (file extensions .scala and .sbt).
NOTE: Only relevant when fileSystemScan is true.
Will ignore such source files in the scan.
Will scan such source files.
True
No
sbt.aggregateModules
Whether to create a single project for all modules.
Will gather all Scala modules' scanned dependencies into one project in the WhiteSource application.
A project will be created individually for each module. The name of the project will be equal to the name of the module (projectName will be ignored in this case).
False
No
sbt.runPreStep
Whether to run "sbt compile" on found in the Scala project folder.
Will run the "sbt compile" command.
Will not run the command.
False
No
sbt.includedScopes
Describes which scopes should be scanned in the Scala resolver. Users can define additional scopes.
N/A
N/A
The default values are "compile" and "runtime"
No

R

WhiteSource supports integration with R via the Packrat package manager, but can also be used by customers not using Packrat. The configuration parameters that are specifically related to R programming language include the following:

Back to top.

Configuration File Parameter	Description and Expected Behavior	If True	If False	Default	Command Line Parameter Available?
r.resolveDependencies	Whether to resolve R dependencies defined in the DESCRIPTION file.	Resolves R dependencies.	Will not resolve R dependencies	True (except for when `resolveAllDependencies=false`	No
r.runPreStep	Whether to run the `Rscript` command.	Runs the `Rscript` command	Will not run the `Rscript` command	False	No
r.ignoreSourceFiles	When using the dependency resolver, it will include only package dependencies, not source files. NOTE: Only relevant when fileSystemScan is true.	Includes only package dependencies.	The scan will include package dependencies + source files.	True	No
r.cranMirrorUrl	The repository for downloading the R packages while running the pre-step. NOTE: Required when r.runPreStep is True.	N/A	N/A	No default	No
r.packageManager	Describes which type of R package manager the UA should use. The default value is packrat. Setting the value to 'None' will scan R dependencies without using any package manager - it will only use basic R commands e.g. `Rscript -e "installed.packages()".`	N/A	N/A	'packrat'	No

...

Versions Compared

Old Version 75

New Version 76

Key

Java

Maven

Gradle

R

Configuration File Parameter	Description and Expected Behavior	If True	If False	Default	Command Line Parameter Available?
gradle.ignoredConfigurations	Enables you to determine which dependency configurations to ignore in the scan. The format is according to the following: Exact configuration names to ignore. Values must be space-delimited. For example: `gradle.ignoredConfigurations= testCompileOnly testRuntimeOnly` ignores configurations named “testCompileOnly” and “testRuntimeOnly”. Configurations can use regular expressions. For example:`gradle.ignoredConfigurations=.test.` ignores all configuration names that contain the string "test". NOTE: this paramter was previously named `gradle.ignoredScopes`	N/A	N/A	No default	No
gradle.resolveDependencies	Whether to resolve Gradle dependencies. Requires build.gradle or build.gradle.kts.	Resolves Gradle dependencies	Will not resolve Gradle dependencies	True (except for when `resolveAllDependencies=false`	-gradle.resolveDependencies
gradle.runAssembleCommand	In case of a missing dependency, executes the 'gradle assemble' command NOTE: This command is executed only if `gradle.resolveDependencies` is True.	Executes the 'gradle assemble' command	Will not execute the 'gradle assemble' command	True	No
gradle.runPreStep	The Unified Agent will add additional jars to the customer's global cache. In most Gradle versions the "gradle dependencies" command we run does this.	For each build.gradle file that the Unified Agent finds: Unified Agent will copy the Gradle project to a temporary system folder. Inside of each copied project's build.gradle file, the Unified Agent will add a task (named 'copyDependencies') in order to download the missing dependencies Unified Agent will run 'gradle copyDependencies' - this step will add the missing dependencies to the user's global cache	Will depend on Gradle dependencies to fill out missing cache dependencies.	False	No
gradle.ignoreSourceFiles	When using the dependency resolver, it will include only package dependencies, not source files. NOTE: Only relevant when fileSystemScan is true.	The scan includes only package dependencies, not source files.	When using the dependency resolver, it will include package dependencies, plus source files.	False	No
gradle.aggregateModules	Whether to create a single project for all modules.	Creates a single project for all modules.	A project will be created for each module. The name of the project will be equal to the name of the module (if so, projectName will be ignored).	False	-gradle.aggregateModules
gradle.preferredEnvironment	When set to 'wrapper', the Unified Agent will run the 'gradlew' wrapper command. If set to 'gradle', it will use the built-in gradle command.	N/A	N/A	gradle	No
gradle.localRepositoryPath	Paths to the gradle local repository. For example, in Windows, the path can be defined as the following: C:\\Users\\JSmith\\.gradle\\caches\\modules-2\\files-2.1 NOTE: From 19.5.3 it can handle a list of paths with comma/space-delimited.	N/A	N/A	No default	No
gradle.wrapperPath	The path to `the gradle wrapper.`	N/A	N/A	No default	No
gradle.downloadMissingDependencies	Enables the user to disable downloading of missing dependencies in Gradle.	Enables the Unified Agent to download missing dependencies.	The Unified Agent will not download missing dependencies.	True	No
gradle.additionalArguments	Enables users to add additional arguments to the Unified Agent's existing commands. The existing commands are gradle dependencies or gradle wrapper dependencies. This works the following way: Users can provide any parameters starting with '-' or '--', and Unified Agent will add these at the end For example: `-Pbranch=dev -PbuildWithSources=false` `--no-daemon --info` `-Pbranch=dev -PbuildWithSources=false --no-daemon --info`	N/A	N/A	No default	No
gradle.includedConfigurations	Enables you to determine which dependency configurations to include in the scan. The format is according to the following: Exact configuration names to include. Values should be space-delimited. For example: `gradle.includedConfigurations= compileOnly testCompileOnly` Includes configurations named “compileOnly” and “testCompileOnly”. Configurations can include regular expressions. For example: `gradle.includedConfigurations=.Only.` Includes all configuration names that contain the string "Only" NOTE: this parameter was previously named `gradle.includedScopes`	N/A	N/A	No default	No
gradle.excludeModules	Enables excluding specific modules in the Gradle scan. The format is according to the following: Exact modules to exclude. Values should be space delimited. For example: gradle.excludeModules= Dev Prod - exclude scopes named 'Dev' and 'Prod'. Regular expressions. For example: gradle.excludeModules=.Dev. includes all module names that contain (anywhere in their name) the string "Dev".	N/A	N/A	No default	No
gradle.includeModules	Enables including specific modules in the Gradle scan. The format is according to the following: Exact modules to include. Values must be space delimited. For example: gradle.includeModules= Dev Prod - include modules named 'Dev' and 'Prod'. Regular expressions. For example: gradle.includeModules=.Dev. includes all module names that contains these characters.	N/A	N/A	No default	No
gradle.innerModulesAsDependencies	When set to false, this parameter ignores and excludes all the modules dependencies from the resolution scan.	Includes all the modules dependencies from the resolution scan."	Ignores and excludes all the modules dependencies from the resolution scan.	True	No

Configuration File Parameter	Description and Expected Behavior	If True	If False	Default	Command Line Parameter Available?
sbt.resolveDependencies	Whether to resolve `Scala` dependencies (using `sbt`).	Will resolve `Scala` dependencies.	The Scala dependencies will not be resolved.	True (except for when `resolveAllDependencies=false`)	No
sbt.ignoreSourceFiles	When using the dependency resolver, it will include only package dependencies, not source files (file extensions .scala and .sbt). NOTE: Only relevant when fileSystemScan is true.	Will ignore such source files in the scan.	Will scan such source files.	True	No
sbt.aggregateModules	Whether to create a single project for all modules.	Will gather all Scala modules' scanned dependencies into one project in the WhiteSource application.	A project will be created individually for each module. The name of the project will be equal to the name of the module (projectName will be ignored in this case).	False	No
sbt.runPreStep	Whether to run "sbt compile" on found in the Scala project folder.	Will run the "sbt compile" command.	Will not run the command.	False	No
sbt.includedScopes	Describes which scopes should be scanned in the Scala resolver. Users can define additional scopes.	N/A	N/A	The default values are "compile" and "runtime"	No