Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Download the zip file and extract it.

  2. Place the whitesource-artifactory-plugin.properties and whitesource-artifactory-plugin.groovy files under ${ARTIFACTORY_HOME}/var/etc/artifactory/plugins

  3. Create a new 'lib' folder under  ${ARTIFACTORY_HOME}/var/etc/artifactory/plugins.

  4. Place the following jars in the lib folder:

    • wss-agent-report-<version>.jar

    • wss-agent-api-client-<version>.jar

    • wss-agent-api-<version>.jar

    • wss-unified-agent-utils-<version>.jar

  5. Update whitesource-artifactory-plugin.properties file with the appropriate parameters (see example and full reference).

  6. Schedule the cron job in the whitesource-artifactory-plugin.groovy file, under the jobs section (see example).

  7. Restart Artifactory.

Configuring the Plugin

Properties File Example

Code Block
languagebash
// whitesource-artifactory-plugin properties file

wssUrl=""
// wssUrl="http://localhost:8080/agent"

// Organization Token:
apiKey="<your WSS api key>"

// UserKey Token: Unique identifier of user, can be generate from the profile page in your whitesource account.
//userKey="<your WSS user key>"

// Product Name - represents Artifactory instance, Artifactory repositry represents project
// In order to map repository to a product in WhiteSource mark this field as comment
productName="<your Artifactory representing name>"

// Check Policices. will check only delta between WSS and current files
checkPolicies=false

// check all files all the time. if true that checkpolicies must also be true
forceCheckAllDependencies=false

// update WSS 
updateWss=false

// update WSS regardless of the check policies result
forceUpdate=false

// Names of the repositories in the Artifactory to scan
repoKeys=["repo1","repo2","repo3"]

// Proxy Settings
useProxy=false
//proxyHost="127.0.0.1"
//proxyPort=3128
//proxyUser=""
//proxyPass=""

// The type of files that will be extracted and their content will be checked
archiveIncludes = ["war", "ear", "zip"]
// archiveExtractionDepth=2

// Once the archive was extracted, which files within it should be checked
includesRepositoryContent=["m", "mm", "js", "php", "jar", "zip"]

// Whether to run  beforeDownload/afterCreate method (defaults to true)
//triggerBeforeDownload=false
//triggerAfterCreate=false/triggerAfterCreate=false

...

Attribute

Type

Description

Required

Additional Information

wssUrl

String

URL for sending the request.

Use the 'WhiteSource Server URL' which can be retrieved from your 'Profile' page on the 'Server URLs' panel. Then, add the '/agent' path to it. For example: "https://saas.whitesourcesoftware.com/agent".

No, defaults to https://saas.whitesourcesoftware.com/agent


Code Block
apiKey

String

Unique identifier of the organization, can be retrieved from the admin page in your WhiteSource account.

Yes


userKey

String

Unique identifier of user, can be generate from the profile page in your WhiteSource account.

Required if WhiteSource administrator has enabled "Enforce user level access" option

Supported since version 18.5.1

productName

String

Represents Artifactory instance and product in WhiteSource.

Comment this field to map repository to product in WhiteSource (project will represent repository as well)

No


checkPolicies

Boolean

Whether or not to send the check policies request to WhiteSource.

No


forceCheckAllDependencies



Boolean

Used only if 'checkPolicies' is set to true.

Setting 'forceCheckAllDependencies' to true will force check all policies for all dependencies introduced to the WhiteSource projects.

Setting 'forceCheckAllDependencies' to false or not using it at all will check only the new dependencies introduced to the WhiteSource projects.

No

Supported since version 1.0.3

updateWss

Boolean

Whether or not send update to WhiteSource

Yes

Supported since version 1.0.6

forceUpdate

Boolean

Whether or not update organization inventory regardless of policy violations.

No, the default value is false.Supported 

Supported since version 1.0.3

repoKeys

Array

The list of the repositories to scan.

Yes


useProxy

boolean

Whether or not use proxy settings

Yes


proxyHost

String

Proxy host url.

No


proxyPort

Integer

Proxy port.

No 


proxyUser

String

Proxy User name if exist.

No 


proxyPass

String

Proxy password if exist.

No 


archiveIncludes

String

Comma separated list specifying the type of files that will be extracted

No. The default list inclues the following: jar, war, ear, egg, zip, whl, sca, sda, gem, tar.gz, tar, tgz, tar.bz2, rpm, rar.

Supported since version 1.0.3

archiveExtractionDepth

String

Drill down hierarchy level in archive files.
Max value is 7.

No, default is 2

Supported since version 19.4.2

includesRepositoryContent

String

Comma separated list. Specifying which files to include in the scan once the archive was extracted according to the parameters in

Code Block
archiveIncludes

No

Required since version 1.0.3

triggerBeforeDownload

Boolean

Whether or not to trigger the 'beforeDownload' method

No, the default value is true.

Supported since version 18.10.3

triggerAfterCreate

Boolean

Whether or not trigger 'afterCreate' method

No, the default value is true.

Supported since version 18.10.3

Info

The extraction depth of the Artifactory Plugin for archived files is currently to the first level. The Unified Agent has an extraction depth of up to seven levels.

Examples

Cron Scheduling Example:

...

The default log level for the plugin is "warn". To change the plugin log level, add the following to ${ARTIFACTORY_HOME}/etc/logback.xml:

Plugin logs
Code Block
<logger name="whitesource-artifactory-plugin">
    <level value="info"/>
</logger>

...