Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Supported Package Managers

Package ManagerLanguageExtra Details
Maven JavaN/A
Go ModulesGolangRemediate will update both the go.mod as well as go.sum files, as well as any vendored files found within a vendor/ directory.
npm/YarnJavaScriptWhiteSource Remediate always updates both the package file (e.g. package.json) as well as any lock file (e.g. yarn.lock) in the same commit/fix Pull Request.
If a developer subsequently updates either file on the default branch, causing a git conflict with any of Remediate's Pull Requests, then Remediate will update the fix Pull Request to resolve all conflicts while still remediating the vulnerability.
NuGet .NET

Only SDK-style .csproj files are currently supported. By default, this includes:

  • .NET Core 1.0 and above
  • .NET Standard class libraries
  • Any .csproj in the SDK-style syntax

To convert your .NET Framework .csproj into an SDK-style project, follow this guide.

pip PythonN/A
setuptools PythonN/A
Composer PHPN/A

NOTE: In WhiteSource for GitLab, mirrored repositories are not supported.


WhiteSource cannot provide customers with a token for accessing as that would go against that platform’s Terms of Service.

Providing the Integration Activation Key

WhiteSource Remediate can be configured to work with the integration activation key using either the prop.json configuration file or using environment variables.

NOTE: The environment variable takes precedence over an activation key value specified inside a prop.json file. 

Providing the Integration Activation Key in prop.json

You can provide the integration's activation key to the Remediate container using a prop.json file.

Providing the Integration Activation Key using environment variables

You can provide the integration activation key by using the W4D_BOLT_OP_ACTIVATION_KEY environment variable inside the Remediate container.

Proxy Support

WhiteSource Remediate can be configured to work with proxy servers using either the prop.json configuration file or using environment variables.



Configuration in prop.json

When configuring proxies using prop.json, the "no proxy" list will be automatically configured to match the VCS endpoint in use (i.e. the GitHub, GitLab or Bitbucket Server endpoint). Internally Remediate will convert these to HTTP_PROXYHTTPS_PROXY and NO_PROXY environment variables and pass them to child processes such as npm and composer.



Configuration Using Environment Variables

WhiteSource Remediate also supports the industry convention of HTTP_PROXYHTTPS_PROXY and NO_PROXY. This provides more flexibility if you need to also configure any internal/private registries in the no proxy list so is the recommended configuration approach. Such variables will be passed transparently to child processes.