...

WhiteSource Remediate is part of WhiteSource for Developers and integrated with WhiteSource for GitHub.com, WhiteSource for GitHub Enterprise, WhiteSource for Bitbucket Server, and WhiteSource for GitLab. In addition, Remediate is integrated with WhiteSource Renovate (see below for details). Renovate enables you to save time and reduce risk by automating dependency updates in software projects. 

WhiteSource Remediate provides the following capabilities:

...

Supported Package Managers

NOTE: In WhiteSource for GitLab, mirrored repositories are not supported.

...

1. From the WhiteSource web application, click the Integrate tab.
2. Expand the WhiteSource for Developers option.
3. From within the relevant repo integration settings, click Manage Workflow Rules. The Workflow Rules page is displayed.
4. Click Add Rule. The Add Rule dialog box is displayed.
   
   
   
5. Select a Product and/or Project scope from the Scope area or leave at the default (applies to all of your WhiteSource Products and Projects).
6. Select a rule type from the Type dropdown menu.
7. Click OK to create the rule.

Once you set up a Workflow Rule, WhiteSource Remediate will start monitoring your selected repositories for vulnerable dependencies and generate corresponding fix Pull Requests.

Configuration of github.com credentials

...

WhiteSource cannot provide customers with a token for accessing github.com as that would go against that platform’s Terms of Service.

Providing the Integration Activation Key

WhiteSource Remediate can be configured to work with the integration activation key using either the prop.json configuration file or using environment variables.

NOTE: The environment variable takes precedence over an activation key value specified inside a prop.json file. 

Providing the Integration Activation Key in prop.json

You can provide the integration's activation key to the Remediate container using a prop.json file.

Providing the Integration Activation Key using environment variables

You can provide the integration activation key by using the W4D_BOLT_OP_ACTIVATION_KEY environment variable inside the Remediate container.

Proxy Support

WhiteSource Remediate can be configured to work with proxy servers using either the prop.json configuration file or using environment variables.

Proxy

...

Configuration in prop.json

When configuring proxies using prop.json, the "no proxy" list will be automatically configured to match the VCS endpoint in use (i.e. the GitHub, GitLab or Bitbucket Server endpoint). Internally Remediate will convert these to HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables and pass them to child processes such as npm and composer.

Proxy

...

Configuration Using Environment Variables

WhiteSource Remediate also supports the industry convention of HTTP_PROXY, HTTPS_PROXY and NO_PROXY. This provides more flexibility if you need to also configure any internal/private registries in the no proxy list so is the recommended configuration approach. Such variables will be passed transparently to child processes.

Integration with WhiteSource Renovate

WhiteSource Renovate functionality can be enabled in WhiteSource Remediate.

With Renovate functionality enabled, Remediate will then raise PRs/MRs not only for vulnerable dependencies but also for outdated dependencies too.

Renovate is designed for users who aim to keep their dependencies up-to-date, primarily for the reasons of:

...