| Table of Contents |
|---|
...
Integration with WhiteSource allows customers to automate the scanning of any project using Google Cloud Build, tapping into the continuous integration pipeline. The integration allows customers to automatically fail builds in case of an organizational compliance or security policy violation. The scanning mechanism of WhiteSource automatically handles a large variety of programming languages, dependency managers and package managers.
NOTE: Before you begin, make sure that the relevant package manager is installed. For details, see https://whitesource.atlassian.net/wiki/spaces/WD/pages/1140852201/Getting+Started+with+the+Unified+Agent#Prerequisites .
Configuring the 'cloudbuild.yaml' File
Add the following build steps to your cloudbuild.yaml file:
Download the 'wss_agent.sh' script file:
NOTE: It is advised to use the below curl command only once a week to download the latest version of the Unified Agent for performance reasons and not as part of every build. You can do this using a scheduler task, such as cronCode Block - name: GOOGLE_CONTAINER_REGISTER_PATH args: ['curl', '-s', '-L', '-O', 'https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss_agent.sh']
Run 'curl' to download the Unified Agent configuration file:
Initially, download the latest configuration file from https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss-unified-agent.config
Save the Unified Agent configuration file to your local machine.
Edit the 'includes', 'archiveIncludes', and 'archiveExtractionDepth' sections to support the relevant file or archive extensions. See Unified Agent Configuration File & Parameters.
Store the updated Unified Agent configuration file in an online drive (e.g., Google Drive).
Run the script 'wss_agent.sh'. This script downloads the latest version of WhiteSource Unified Agent Jar file and uses your custom configuration file:
Code Block - name: GOOGLE_CONTAINER_REGISTER_PATH args: ['bash', './wss_agent.sh', '-apiKey', 'YOUR_API_KEY', '-project', 'YOUR_PROJECT_NAME', '-d', 'SCAN_FOLDER_PATH', '-c', './wss-unified-agent.config']
Afterwards, the script runs the Jar with the regular command-line arguments of the Unified Agent. In the configuration file, you must use the organization API key ('apiKey') and determine the name of the WhiteSource project ('project'). See also User Level Access Control in Integrations and APIs.
The following is a sample 'cloudbuild.yaml' file with WhiteSource integration:
Code Block steps: - name: gcr.io/cloud-builders/docker args: - build - "-t" - "GOOGLE_CONTAINER_REGISTER_PATH" - "." - name: GOOGLE_CONTAINER_REGISTER_PATH args: ['curl', '-s', '-L', '-O', 'https://<ConfigFileLocation>/wss-unified-agent.config'] - name: GOOGLE_CONTAINER_REGISTER_PATH args: ['curl', '-s', '-L', '-O', 'https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss_agent.sh'] - name: GOOGLE_CONTAINER_REGISTER_PATH args: ['bash', './wss_agent.sh', '-apiKey', 'YOUR_API_KEY', '-project', 'YOUR_PROJECT_NAME', '-d', 'SCAN_FOLDER_PATH', '-c', './wss-unified-agent.config']
The register path is retrieved from the 'image' page as displayed in the following screenshot.
...
The exit codes WhiteSource returns in the Bash command language should be treated as 'x' modulo 256:
Exit code 0 is equivalent to code 0 (0 mod 256 = 0)
Exit code -1 is equivalent to code 255 (-1 mod 256 = 255)
Exit code -2 is equivalent to code 254 (-2 mod 256 = 254)
Exit code -3 is equivalent to code 253 (-3 mod 256 = 253)
Exit code -4 is equivalent to code 252 (-4 mod 256 = 252)