...
NOTE: The WhiteSource task can be moved to other locations within the steps section, depending on your preferences.
Overriding the Azure DevOps Services Integration Default Settings
When you need to specify custom settings of the WhiteSource build task in the Azure DevOps Services integration, you can use the Unified Agent Configuration Parameters to override the default settings of the Azure DevOps Services integration, except for the following parameters:
Includes/Excludes Glob Patterns
includes=**/*c **/*cc **/*cp **/*cpp **/*cxx **/*c++ **/*h **/*hh **/*hpp **/*hxx **/*h++ **/*m **/*mm **/*pch **/*c# **/*cs **/*csharp **/*go **/*goc **/*js **/*pl **/*plx **/*pm **/*ph **/*cgi **/*fcgi **/*pod **/*psgi **/*al **/*perl **/*t **/*pl6 **/*p6m **/*p6l **/*pm6 **/*nqp **/*6pl **/*6pm **/*p6 **/*php **/*py **/*rb **/*swift **/*java **/*clj **/*cljx **/*cljs **/*cljc **/*jar **/*egg **/*dll **/*tar.gz **/*tgz **/*zip **/*whl **/*gem **/*apk **/*air **/*dmg **/*exe **/*gem **/*gzip **/*msi **/*nupkg **/*swc **/*swf **/tar.bz2**/pkg.tar.xz **/(u)?deb **/(a)?rpm
excludes=**/*sources.jar **/*javadoc.jar **/tests/**
Archive Properties
archiveExtractionDepth=2
archiveIncludes=**/*war **/*ear **/*zip **/*whl **/*tar.gz **/*tgz **/*tar **/*car
archiveExcludes=**/*sources.jar **/*javadoc.jar **/tests/**
Viewing the WhiteSource Report
...
A summary of detected open source vulnerabilities and the libraries that contain them.
Name | Description |
|---|---|
Vulnerability Risk | The overall risk level for your inventory. Can be High, Medium, Low, No Risk. |
Vulnerable Libraries | Displays the total number of vulnerable libraries. |
Severity Distribution | Provides a breakdown of the vulnerabilities according to their severity level. |
Inventory Tab
An inventory of all open source libraries detected.
Name | Description |
|---|---|
Library | The name of the open-source library linking to the Library Details page in the WhiteSource application. |
Licenses | Lists licenses detected for each library, and links to their license descriptions. |
Outdated Libraries
Libraries that have not been updated to their newest available versions.
Name | Description |
|---|---|
Library | The name of the outdated library, linking to the Library Details page in the WhiteSource application. |
Your version | The version number of the outdated library. |
Newest stable version | The library’s most up-to-date version number. |
Security Vulnerabilities
A table listing all security vulnerabilities.
Name | Description |
|---|---|
Severity | The severity of the vulnerability. Consists of:
|
Vulnerability | The vulnerability identifier linking to the WhiteSource vulnerability lab, containing more information. |
Date | The vulnerability publish date. |
Library | The name of the open-source library containing the vulnerability, linking to the Library Details page in the WhiteSource application. |
Top Fix | The top-rated remediation advice that WhiteSource recommends for each vulnerability. A condensed description of the recommended course of action is given, followed by a link to a broader description. |
License Risks
The License Risk Table displays a summary of open-source components’ license types and their associated risk including the number of occurrences.
Name | Description |
|---|---|
License | The license detected as part of the inventory linking to its license description. |
Risk | The risk associated with the license. Values are H (high), M (medium), L (low). In case of unknown risk, no risk is displayed. |
Occurrences | In how many libraries this license occurs. |
Additionally, the following charts are displayed:
...