Versions Compared

Old Version 46

changes.mady.by.user Tsur Rothfeld

Saved on

compared with

New Version 47

changes.mady.by.user Alex Ragen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • From the Project Administration page in the WhiteSource Web-UI, add a new project tag and define the corresponding AVM application name in the WhiteSource project tag, as shown here:

    Image RemovedImage Added

NOTES:

  • Tags names are case sensitive (that is, they must be AVM.application.version and AVM.application.version)

  • If there are no applications in the AVM platform, they will be created if the avm.application.sync configuration parameter is set to true. See Configuration File & Parameters.

  • On Windows operating systems, the values for AVM.application.name and AVM.application.version do not support the following:

    • Special characters: / : * ? " < > |

    • All non-printable characters such as NULL, TAB, ESC, etc.

  • It is assumed that there is a 1:1 relationship between an application name in the AVM platform and the product/project name in WhiteSource. If the same AVM application name is mapped to multiple projects/products, only one of them will be synchronized to the AVM platform. 

...

Following are the minimal parameters that must be set in the command line: 

Parameter

Description

wss.url

  1. The wss.url parameter must point to the WhiteSource HTTP API URL. 

  2. Retrieve the 'WhiteSource Server URL' which you can copy from the Integrate page on the Server URLs panel.

  3. Then, add the /api path to the URL. (e.g., url=https://<domain>.whitesourcesoftware.com/api).
    For example: https://saas.whitesourcesoftware.com/api/v1.3. For more information, refer to HTTP API v1.3 .

wss.apiKey

Unique identifier of the organization. It can be retrieved from the Admin page in your WhiteSource account GUI.

wss.userKey

Unique user identifier. It can be generated from the Profile page in your WhiteSource account GUI.

avm.name

Name of the AVM application.

AVM platform connectivity parameters:

avm.url

URL for your Application Vulnerability Management Server.

avm.apikey or
avm.user & avm.pass

api key as defined in the AVM application’s account OR username and password for your Application Vulnerability Management Server.

Command Line Parameters

Parameter

Type

Description

Required

Default

-c (only CLI) 

String

Configuration file name (including file path)

No

whitesource-avm-agent.config

wss.apiKey

String

Unique identifier of the organization. It can be retrieved from the Admin page in your WhiteSource account GUI.

Old name: apiKey

Yes

No default value

wss.url 

String

WhiteSource HTTP API entry point. 

Old name: url

No

No default value

wss.userKey

String

Unique user identifier. It can be generated from the Profile page in your WhiteSource account GUI.

Old name: userKey

No, unless the WhiteSource administrator enabled the Enforce user-level access option.

Yes

No default value

generateOfflineReport

Boolean

Whether to perform the scan in offline mode and generate a zip file for each product/project in your WhiteSource organization.

No


false

force_sync

Boolean

Whether to synchronize all products/projects or only updated products/projects.
When the value is false, synchronize only data in these cases:

  • A new Unified Agent scan on the project/product.

  • A new alert was found on a dependency that exists in the project/product.

  • A new major version was found on a dependency that exists in the project/product.

  • The alert status was changed manually in the application.

 No

true

wss.proxy

String

A proxy that should be used  to connect HTTP platform, overwrites proxy parameter below.

No

No default value

fromDate

String

Fetch vulnerability alerts from WhiteSource from the specified date.

No

No default value

toDate

String

Fetch vulnerability alerts from WhiteSource until the specified date.

No

No default value

wss.connectionTimeout

Integer

WhiteSource connection timeout is measured in milliseconds.

Old name: connectionTimeout

No

Default value is 120,000 milliseconds.

-requestFiles (only CLI) 

String

Provide comma-separated list of absolute paths to generated by offline requests.
This action uploads the offline request file(s) to AVM platform. 

No

No default value

whiteSourceFolderPath

String

Path to the whitesource folder. This folder is created when retrieving the vulnerability alerts report in offline mode. The path can either be absolute or relative.

Only CLI for now

No

Default value is the folder from which the agent is running

synchronizeFrom

String

The direction of alerts status synchronization. 
If the value is set to WS:

  • Alerts (WS) → False Positive Alerts

  • Alerts (WS) → Suppressed Alerts 

If the value is set to AVM:

  • False Positive Alerts → Alerts (WS) 

  • Suppressed Alerts → Alerts (WS)

No

AVM

avm.application.sync

Boolean

If enabled, the specified applications are created in AVM. Includes all the products/projects in WhiteSource that have the tag "AVM.application.name". This will also create the application versions according to the "AVM.application.version" in WhiteSource.

If disabled, no applications will be created on AVM.

No

true

avm.name

String

The AVM application name.

Yes

Fortify

avm.url

String

API base URL for your application vulnerability management server.

For example: "https://threadfix.example.com:8080/threadfix".

No

No default value

avm.apikey

String

api key as defined in the AVM application’s account.

No, if avm.user and avm.pass are set.

No default value.

See https://denimgroup.atlassian.net/wiki/spaces/TDOC/pages/22619214/API+Keys

avm.user

String

Username for your application vulnerability management server

No if avm.apiKey is defined

No default value

avm.pass

String

User's password for your application vulnerability management server

No, if avm.apiKey is defined

No default value

threadfix.team.name

String

Name of team to add applications (ThreadFix only)

No

No default value. If left empty, WS organization name will be  used to create a new team.

avm.proxy

String

A proxy that should be used to connect the AVM platform; overwrites the proxy parameter below. 

No

Format  protocol://<user>:<password>@host\:port/

avm.connectionTimeout

Integer

AVM connection timeout measured in milliseconds.

No

50,000 milliseconds.

avm.pluginName


Engine name at your application vulnerability management server.

No

No

include_avm_applications

String

Enables including AVM applications to be synchronized.

  • Value format should be a comma-delimited regular expression.
    For example:
    include_avm_applications = *Dev.* includes all AVM application names that contains this sub string.
    For example: projectDev, Dev1, …..

  • If the parameter isn’t set or has an empty value, it will include all AVM applications.

No

No default value

exclude_avm_applications

String

Enables excluding AVM applications to be synchronized.

  • Value format should be a comma-delimited regular expression.
    For example:
    exclude_avm_applications = *Dev.* excludes all AVM application names that contains this sub string.
    For example: projectDev, Dev1, …..

  • If the parameter isn’t set or has an empty value, it will not exclude any AVM applications.

  • When both include_avm_applications & exclude_avm_applications are populated, the system will first apply the include REGEX and then the exclude REGEX.

No

No default value

-deleteAlerts (only CLI) 

String

Deletes the Artifact History from AVM for the specified applications.
Enter a comma-separated list of applications as they are displayed in the WhiteSource GUI (case-sensitive).
Entering "*" removes all Artifact History and AVM Issues from AVM for all WhiteSource generated applications.

No

No default value

-deleteApplications (only CLI) 

String

Deletes all specified applications from AVM. Enter a comma-separated list of applications as they appear in WhiteSource (case-sensitive). Entering "*" removes all WhiteSource generated applications from AVM.
Note: Before deleting an AVM application, make sure that all of its issues are deleted.

No

No default value

proxy

String

HTTP Proxy to use by Agent. Could be overwritten by avm.proxy and/or wss.proxy

No

Format  protocol://<user>:<password>@host\:port/

-h  (CLI only) 
or
-help

String

Provides an explanation of all parameters.

No


logLevel

String

Define the debug level for logs. Options are INFO and DEBUG. 

Example: -logLevel DEBUG

Optional values: ALL, DEBUG, INFO, WARN, ERROR, OFF

No

INFO

Note: Almost all command line parameters match configuration file parameters (the exclusions are explicitly listed in the table above). Use "-" + parameter

...