Versions Compared

Old Version 95

changes.mady.by.user Shimi Eshkenazi

Saved on

compared with

New Version 96

changes.mady.by.user Alex Ragen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Microsoft Windows (Windows Server 2016; or Windows 10) 

  • Linux Ubuntu

  • Red Hat Enterprise Linux (with an installation of java-11-openjdk-devel)

Supported Languages

Language

Supported Environments

Notes

Java (including Scala and Kotlin)

Oracle JDK (8 or 11)
OpenJDK (8 or 11)
Zulu JDK (8 or 11)
Amazon Corretto (8 or 11) 

  • If the scanned project is in JDK8, it is possible to use either Java 8 or Java 11 for the Prioritize scan. If the scanned project is in JDK11, the Prioritize scan must also run with Java 11.0.2 or above in JDK11 (LTS versions only).

  • Project profiles: Maven, Gradle, POJO (Project without Package Manager)

  • Supported analysis targets: .jar, .war, .ear 

JavaScript (Node.JS server-side only)

Node.JS (npm & yarn package managers)

  • Supported analysis target: package.json

  • NodeJS project should have a main entry specified by an existing index.js file or defined in package.json

Python

Projects with pip dependency manager, written and running in Python 3.5-3.8, or Python 2.7

Analysis is supported for Python projects with either a single requirements.txt file (pip format, with explicit references to PyPI) or a setup.py file.

  • Prior to analysis, all project and dependency .py files should be parsed without syntax errors.

  • Analysis is currently not supported for multi-module projects, or for frameworks

  • Analysis is supported for Python as a single-language project

  • Analysis is supported only for dependencies containing code in py files (dummy packages that only reference to other dependencies are not supported, binary python file like .so are not supported as well).

  • For analysis, the pip version (python.pipPath as specified in the Unified Agent configuration file) should be compliant with the Python version (python.path as specified in the Unified Agent configuration file) deployed on the relevant machine (i.e., the output of the following commands must be the same: [1] python -m pip –version [2] pip –version)

  • For analysis, any Python virtual environment (i.e., folder) must not be located under the folder that is being examined by EUA (i.e., referenced via the -d parameter)

C#

.NET Core 3.0 or 3.1 (LTS)

  • Scanned C# project: Any LTS version of .NET Core or .NET Framework (single module & single language C# projects).

  • Prioritize supports NuGet projects (csproj-based and packages.config)

    • NuGet project with packages.config will be supported only when Nuget version 5.4 and above is used.

  • Prioritize requires that the csproj uses "PackageReference", "ProjectReference" or "Reference" dependencies.

    • The Unified Agent will ignore the "Condition" in "ItemGroup" and will bring the dependencies under that "ItemGroup" (whether or not the "Condition" holds)

    • The Unified Agent will ignore "IncludeAssets", "ExcludeAssets" and "PrivateAssets" and will bring the corresponding "PackageReference" and its dependencies

Configuring WhiteSource Prioritize Parameters

The following parameters must be set in the Unified Agent configuration file (wss-unified-agent.config). Refer here for additional documentation regarding the Unified Agent configuration parameters.

Parameter

Usage

Description

wss.url

wss.url=https://saas.whitesourcesoftware.com/agent

enableImpactAnalysis

enableImpactAnalysis=True

Activate the analysis module within the Unified Agent scan.

apiKey

apiKey=organizationToken

productName

productName=YourSelectedProductName

resolveAllDependencies

resolveAllDependencies=False

Edit the resolveAllDependencies parameter to specify that all resolvers should be disabled, and only the specific resolver should be enabled. By default it is set to True, whereas for WhiteSource Prioritize scans it must be False.

Parameters for Java-based Projects

The following parameters must be set according to project’s package manager:

Package Manager

Parameters

Maven

  • fileSystemScan=False

  • maven.resolveDependencies=True

  • maven.aggregateModules=True (False by default)

  • maven.downloadMissingDependencies=False (True by default)

    • It is recommended to download all the dependencies to the local repository before a Prioritize scan.

    • In case the local Maven cache folder is different than its default, it should also be set in the following parameter

    • maven.m2RepositoryPath

    Gradle

    • fileSystemScan=False

    • gradle.resolveDependencies=True

    • gradle.aggregateModules=True (False by default)

    gradle.downloadMissingDependencies=False (True by default)

    It is recommended to download all the dependencies to the local repository before Prioritize scan.

    In case the local Gradle cache folder is different than its default it should be set in the following parameter as well:

    • gradle.localRepositoryPath

    POJO (without Package Manager)

    • fileSystemScan=true (default value)

    • includes=**/*.jar

    In case of scanning Java project without a package manager the /wiki/spaces/WD/pages/1525383269 -iaLanguage should be set to Java

    Parameters for JavaScript-based Projects

    ...

    The following parameters must be set according to a project’s dependencies reference:

    Dependencies Reference Method

    Parameters

    PackageReference (csproj based with assets.json)

    • nuget.resolveAssetsFiles=True

    • nuget.resolvePackagesConfigFiles=False

    packages.config based (csproj and packages.config)

    • nuget.resolveAssetsFiles=False

    • nuget.resolvePackagesConfigFiles=True

    Combined (default)

    • nuget.resolveAssetsFiles=True

    • nuget.resolvePackagesConfigFiles=True

    Preparing the Project Package

    ...