Table of Contents |
---|
Overview
WhiteSource Advise for Visual Studio is an extension for Visual Studio that is designed to empower developers with important, valuable information on security vulnerabilities concerning open-source components employed in their development projects.
WhiteSource Advise for Visual Studio does the following:
It facilitates workflows by making critical component vulnerability information available to the software developer from within the IDE, preventing the need to use a separate application for such purpose.
It offers a transparent UX for developers, by seamlessly integrating with the IDE environment. It provides a dedicated view including reported security vulnerabilities (CVEs) as well as recommendations for fixing them.
Support for Languages and Package Managers
...
Start Visual Studio.
From the menu bar, select Extensions > Manage Extensions. The Manage Extensions screen is displayed.
In the Manage Extensions screen, open the Online section from the sidebar and click Visual Studio Marketplace.
In the Search area on the right, enter whitesource and press Enter.
Select the WhiteSource Advise extension, and click Download.
Click Close and restart Visual Studio so that the extension can be installed.
Activating WhiteSource Advise
...
Option | Description | Default Setting |
---|---|---|
Automatically scan after build or rebuild action | When enabled, WhiteSource will trigger a scan after a Build or Rebuild action is performed on any of your solutions/projects. | Selected (checked) |
Only show issues for direct dependencies | When enabled, WhiteSource Advise will only return vulnerabilities for direct dependencies defined in your dependency file. | Unselected (not checked) |
Minimum vulnerability severity level | Alert only on detected vulnerabilities satisfying a Low/Medium/High minimum severity level.
| Low |
Include dev dependencies | Whether to alert on vulnerabilities detected in dev dependencies. | Unselected (not checked) |
Scanning for Security Vulnerabilities
...
From the menu bar, select Extensions > Manage Extensions. The Manage Extensions screen is displayed.
In the Manage Extensions screen, open the Updates section from the sidebar and click Visual Studio Marketplace.
Select the WhiteSource Advise extension, and click Update.
NOTE: If the WhiteSource Advise extension is not displayed, a new version is not available.Click Close and restart Visual Studio so that the extension can be updated.
Uninstalling WhiteSource Advise
...
From the menu bar, select Extensions > Manage Extensions. The Manage Extensions screen is displayed.
In the Manage Extensions screen, open the Installed section from the sidebar and click Visual Studio Marketplace.
In the Search area on the right, enter whitesource and press Enter.
Select the WhiteSource Advise extension, and click Uninstall.
In the popup, click Yes.
Click Close and restart Visual Studio so that the extension can be uninstalled.