...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
| Table of Contents |
|---|
Overview
...
Start Visual Studio.
From the menu bar, select Extensions > Manage Extensions. The Manage Extensions screen is displayed.
In the Manage Extensions screen, open the Online section from the sidebar and click Visual Studio Marketplace.
In the Search area on the right, enter whitesource and press Enter.
Select the WhiteSource Advise extension, and click Download.
Click Close and restart Visual Studio so that the extension can be installed.
Activating WhiteSource Advise
...
NOTE: If you check Remember license key, the activation credentials will be stored for later use. Once stored, the WhiteSource Advise activation credentials will be used for all projects.
Scanning for Security Vulnerabilities
Automatically Scanning Projects
WhiteSource automatically scans your solution and/or its projects after you perform a Build or Rebuild action on those solutions/projects.
If you do not want WhiteSource Advise to automatically scan your solution/project, you can disable this functionality.
...
Configuring WhiteSource Advise
| Info |
|---|
Changes made to the WhiteSource settings will only apply after running the next scan. |
To configure WhiteSource Advise, do as follows:
From the menu bar, click Extensions > WhiteSource > Options. The Options screen is displayed.
Set the Automatically Scan after Build or Rebuild action parameter to False, click OK.
Manually Scanning Projects
...
Review the options and modify if necessary. See here for a list of all options.
Click OK.
Options Table
Option | Description | Default Setting |
|---|---|---|
Automatically scan after build or rebuild action | When enabled, WhiteSource will trigger a scan after a Build or Rebuild action is performed on any of your solutions/projects. | Selected (checked) |
Only show issues for direct dependencies | When enabled, WhiteSource Advise will only return vulnerabilities for direct dependencies defined in your dependency file. | Unselected (not checked) |
Minimum vulnerability severity level | Alert only on detected vulnerabilities satisfying a Low/Medium/High minimum severity level.
| Low |
Scanning for Security Vulnerabilities
To scan for security vulnerabilities, do one of the following:
Scanning a Solution
Scanning Projects
Scanning a Solution
To manually scan a solution, do any of the following:
From the menu bar, click Extensions > WhiteSource > Scan Solution with WhiteSource Advise
From the Solution Explorer pane, right-click the solution and from the context menu, click Scan Solution with WhiteSource Advise
Scanning Projects
To manually scan one or more projects, do as follows:
...
From the menu bar, select Extensions > Manage Extensions. The Manage Extensions screen is displayed.
In the Manage Extensions screen, open the Updates section from the sidebar and click Visual Studio Marketplace.
Select the WhiteSource Advise extension, and click Update.
NOTE: If the WhiteSource Advise extension is not displayed, a new version is not available.Click Close and restart Visual Studio so that the extension can be updated.
Uninstalling WhiteSource Advise
...
From the menu bar, select Extensions > Manage Extensions. The Manage Extensions screen is displayed.
In the Manage Extensions screen, open the Installed section from the sidebar and click Visual Studio Marketplace.
In the Search area on the right, enter whitesource and press Enter.
Select the WhiteSource Advise extension, and click Uninstall.
In the popup, click Yes.
Click Close and restart Visual Studio so that the extension can be uninstalled.