Versions Compared

Old Version 32

changes.mady.by.user Michelle Friedman

Saved on

compared with

New Version 33

changes.mady.by.user Alex Ragen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Overview

...

WhiteSource Advise supports JavaScript projects using npm (package.json dependency files) that include a package-lock.json file.

NOTE: Yarn projects are not supported.

Prerequisites

Ensure the following:

...

The plugin supports the following WebStorm versions:

Supported Versions

2021.1

2020.3

2020.2

2020.1

2019.3

2019.2

2019.1

Installing WhiteSource Advise

...

  1. Start WebStorm.

  2. From the menu bar, select File > Settings. The Settings screen is displayed.

  3. From the left sidebar, click Plugins.

  4. In the Search box, enter whitesource and then press Enter from your keyboard. The WhiteSource Advise plugin information is displayed.

  5. Click Install and then click Restart IDE.

  6. In the pop-up dialog box, click Restart.

Activating WhiteSource Advise

...

  • To quickly locate the component referenced by a reported vulnerability in the project’s package.json view, double-click the component in the WhiteSource security check tab. The referenced component description in the package.json file will be displayed and highlighted in the main code view.

  • To quickly locate vulnerability analysis results for a component in the package.json view, click the WhiteSource Advise severity icon displayed to the left of that component reference in the package.json file. Note that the icon denotes the severity of the vulnerability (yellow: low severity; orange: medium severity; red: high severity). A tooltip featuring relevant analysis details including a dependency path from the proprietary code to the open-source component will be displayed. Vulnerability details are also displayed as part of the tooltip and include the vulnerability identifier (e.g., CVE), severity, and a fix suggestion if available. For transitive dependencies there is also a direct fix - a condensed description of the recommended course of action over the direct dependency is given. A Details link is displayed which leads to the WhiteSource Vulnerability Database, providing more information on the specific vulnerability.

  • To quickly display an analysis summary for a component in the package.json view, hover the mouse pointer over the code for the component in that view; a tooltip will be displayed, featuring a list of all vulnerabilities found within the particular component.

...