...
Table of Contents |
---|
Overview
Info |
---|
Proxy settings are relevant for requests for WhiteSource servers only. Proxy for remote repositories requests is not supported |
This topic describes how the JFrog Artifactory plugin integrates with WhiteSource. The plugin adds additional information to the Artifactory artifacts and updates WhiteSource. Once invoked, all the artifacts' metadata on your Artifactory will be uploaded to your WhiteSource inventory.
Artifactory instance is mapped to WhiteSource product.
Artifactory repositories will be mapped to WhiteSource projects.
WhiteSource organization will be updated regardless of policy violation.
Policies will be enforced and policy details will be added to the artifacts property tab, WSS-Action (Approve/Reject) and WSS-Policy-Details.
Additional data for each artifact will be added to the property tab: WSS-Licenses, WSS-Description, WSS-Homepage and WSS-Vulnerabilities.
The plugin is licensed under the Apache 2.0 license.
Info |
---|
The plugin updates Artifactory repositories with no more than 10000 artifacts. WhiteSource inventory will be updated only when using cron based job. The plugin updates WhiteSource with repositories with no more than 2000 artifacts. |
Notes
Artifactory editions not supported by the Groovy-based User Plugins are not supported by WhiteSource.
Scanning of Docker repositories is not supported.
Scanning of virtual repositories is not supported.
The recommended integration method for the JFrog Artifactory is using the Unified Agent.
Updates in Artifactory: The plugin updates Artifactory repositories with no more than 10000 artifacts.
Updates in WhiteSource: The plugin updates WhiteSource with repositories with no more than 2000 artifacts.
How the Artifactory Plugin Works
The Artifactory plugin works in two modes:
Cron-based job - when invoked, repositories artifacts will be checked in WhiteSource and additional data will be added to the property tab of each artifact.
Adding new Artifact - when uploaded, new artifact will be checked in WhiteSource. Policies will be checked and additional data will be added to the property tab of the artifact.
Downloading the Plugin
...
Version
...
File
...
Release Notes
...
Release Date
...
MD5
...
21.12.1
...
whitesource-artifactory-plugin-21.12.1.zip
...
...
2021-12-26
...
FD435A4B3C7D2EAC3D07DC5FA6774789
...
21.7.2
...
whitesource-artifactory-plugin-21.7.2.zip
...
Temp folders deletion fix & upgrade dependencies versions
...
2021-08-15
...
1B4B6DE62613AD5F52B8B162F6A7993D
...
20.9.1
...
whitesource-artifactory-plugin-20.9.1.zip
...
Fix typo
...
2020-10-04
...
3A238385348051D7AD24EE166F26F935
...
20.7.3
...
whitesource-artifactory-plugin-20.7.3.zip
...
Support Artifactory 7.x
...
2020-08-16
...
0A26F0B1CA1A7C2C5FA012D9AED3ED4C
...
20.6.2
...
whitesource-artifactory-plugin-20.6.2.zip
...
Bug fixed - Block artifact in before download in case of policy violation.
...
2020-07-07
...
A766DE35D4D39C7C5761E1F7F49501E7
...
20.5.1
...
whitesource-artifactory-plugin-20.5.1.zip
...
Bug fixes
...
2020-05-24
...
0F7A360476D0B870229CF54C500A5AC4
...
19.9.1
...
whitesource-artifactory-plugin-19.9.1.zip
...
Minor bug fix
...
2019-09-22
...
520A2FC631F9D368AE2F2DFC308FAB12
...
19.4.2
...
whitesource-artifactory-plugin-19.4.2.zip
...
Memory leak bug fix
...
2019-05-05
...
E7DC7341CF90A2B37EAC328D5A675743
...
19.3.2
...
whitesource-artifactory-plugin-19.3.2.zip
...
Minor bug fix
...
2019-04-07
...
0D7103F7CE1142ED3D3C9C206E081AA8
...
19.3.1
...
whitesource-artifactory-plugin-19.3.1.zip
...
Add archive extraction depth archiveExtractionDepth
parameter
...
2019-03-24
...
7352FC6C56D61A001756A1CF040A0576
...
19.1.1
...
whitesource-artifactory-plugin-19.1.1.zip
...
Updates Agent version
...
2019-01-27
...
018B2749498BF6BC144B03556EAD034B
...
18.10.3
...
whitesource-artifactory-plugin-18.10.3.zip
...
Bug Fixes
Added triggerAfterCreate
& triggerBeforeDownload
parameters.
...
2018-11-18
...
E86760C59E0A3262591707BA7C02C3B7
...
18.8.2
...
whitesource-artifactory-plugin-18.8.2.zip
...
Minor Bug fixes
...
2018-09-02
...
BB473552069155C24CDD8021C38B9029
...
18.6.3
...
whitesource-artifactory-plugin-18.6.3.zip
...
Minor Bug fixes
...
2018-07-08
...
480A308C2359BC75EBED9717A032D1B7
...
18.5.1
...
whitesource-artifactory-plugin-18.5.1.zip
...
Add user key - unique identifier of user, can be generate from the profile page in your whitesource account
...
2018-05-27
...
EA4F045B6A00136342FF7B9F01FFAFBA
...
17.12.1
...
whitesource-artifactory-plugin-17.12.1.zip
...
Bug fix - Archive extraction
...
2017-12-17
...
80DC1701AAB7B471EF58E6E3A1CC5D82
...
1.0.9
...
whitesource-artifactory-plugin-1.0.9.zip
...
Add support for 'before download' method from a local repository according to a policy in WhiteSource
Resolved issues WSA-308
...
2017-10-08
...
0FFCEF0BC0777C06898A031E6F2679F6
...
1.0.8
...
whitesource-artifactory-plugin-1.0.8.zip
...
Add CVSS score
Add before download method - prevent artifacts download from a remote repository according to a policy in WhiteSource
Resolved issues WSA-242, WSA-177.
...
2017-09-27
...
E8643C70DEEF4C75EF45AC18B3F9EBF0
...
1.0.7
...
whitesource-artifactory-plugin-1.0.7.zip
...
Add option for creating a project in WhiteSource for each repository.
...
2017-09-11
...
D0C22C6E4D265BBF2FBC3A799848838
...
1.0.6
...
whitesource-artifactory-plugin-1.0.6.zip
...
Add parameter for updating WhiteSource.
...
2017-08-08
...
48D7AED7EB8D005F5F6F45E210EEC33B
...
1.0.5
...
whitesource-artifactory-plugin-1.0.5.zip
...
Minor bug fixes.
...
2017-07-18
...
F18B154FC8B0CEF0D96DD08848B3FFB7
...
1.0.4
...
whitesource-artifactory-plugin-1.0.4.zip
...
Adjust plugin version to agents-api & whitesource-fs-agent versions.
...
2017-07-16
...
675032D04CE06BDC28EC70FAEBA4D2AF
...
1.0.3
...
whitesource-artifactory-plugin-1.0.3.zip
...
Enabliing update WSS scan Artifactory repositories.
...
2017-05-07
...
37568D088633E3EF877C364A1F901221
...
1.0.2.2
...
whitesource-artifactory-plugin-1.0.2.2.zip
...
Minor Bug fixes
...
2017-02-01
...
C1A62DE5C257874E0C5DF82869DC2892
...
Table of Contents |
---|
Overview
Info |
---|
Proxy settings are relevant for requests for WhiteSource servers only. Proxy for remote repository requests is not supported. |
This topic describes how the JFrog Artifactory plugin integrates with WhiteSource. The plugin adds additional information to the Artifactory artifacts and updates WhiteSource. Once invoked, all the artifacts' metadata on the Artifactory will be uploaded to the WhiteSource inventory.
Artifactory instance is mapped to WhiteSource product.
Artifactory repositories will be mapped to WhiteSource projects.
Policies will be enforced and policy details will be added to the artifacts property tab: WSS-Action (Approve/Reject) and WSS-Policy-Details.
Additional data for each artifact will be added to the property tab: WSS-Licenses, WSS-Description, WSS-Homepage and WSS-Vulnerabilities.
The plugin is licensed under the Apache 2.0 license.
NOTES
The WhiteSource inventory will be updated only when using a cron-based job, if the
updateWss
property is set to true.Artifactory editions not supported by the Groovy-based User Plugins are not supported by WhiteSource.
Scanning of Docker repositories is not supported.
Scanning of virtual repositories is not supported.
The recommended integration method for the JFrog Artifactory is using the Unified Agent.
Updates in Artifactory: The plugin updates Artifactory repositories with no more than 10,000 artifacts.
Updates in WhiteSource: The plugin updates WhiteSource with repositories with no more than 2,000 artifacts.
How the Artifactory Plugin Works
The Artifactory plugin works in the following modes:
Cron-based job: When invoked, repository artifacts will be updated in WhiteSource and additional data will be added to the property tab of each artifact.
After create: In this mode, when a new artifact is uploaded to Artifactory, WhiteSource policies are triggered and additional data is added to the property tab of the artifact. This mode is controlled by the
triggerAfterCreate
property.Before download: In this mode, only WhiteSource policy-approved artifacts will be downloaded from remote or local repositories. This mode is controlled by the
triggerBeforeDownload
(for downloading from local repositories) andtriggerBeforeRemoteDownload
(for downloading from remote repositories) properties.
Downloading the Plugin
Latest Plugin Version | File | Features | Release Date | MD5 |
---|---|---|---|---|
21.12.1 |
Minor bug fixes
2017-01-29
14DFB6A85A821C01F962886FCC68A62F
2021-12-26 | FD435A4B3C7D2EAC3D07DC5FA6774789 |
Previous Plugin Versions
Expand | |||||||
---|---|---|---|---|---|---|---|
|
...
...
...
...
2017-01-24
...
B7C4E651C1707B1B530BCE871BB7207C
...
|
...
...
...
...
Split vulnerability link and severity into 2 lines.
...
2016-07-17
...
FA1BE663ED9A0526237ED1B03D97ADCC
...
|
...
...
...
...
...
Bug fixes. rename properties file.
...
2016-05-03
...
272692C2CD8C04DA0BE3E9858248A717
|
...
...
...
...
Add setup.groovy
file to automatically install dependencies.
...
2016-04-27
...
D2BA5AC9B45EEEA144BA324924BB1C85
|
...
...
...
...
Check Policies and Add Additional Data to the Artifact property tab.
...
2016-04-07
...
e2654abeb61162044495e49e6845eb2e
|
Installing the Plugin
NOTE: For details on how to migrate from a previous version of the Artifactory Plugin earlier than 21.12.1, see Migrating the Artifactory Plugin.
Artifactory Version <= 6.x
Download the zip file and extract it.
Replace the
whitesource-artifactory-plugin.properties
andwhitesource-artifactory-plugin.groovy
files under${ARTIFACTORY_HOME}/etc/plugins
.Create a new
lib
folder under:${ARTIFACTORY_HOME}/etc/plugins
.Place the new
whitesource-artifactory-plugin-VERSION.jar
file in theplugins/lib
directory.Update the
whitesource-artifactory-plugin.properties
file with the appropriate parameters (see Cron Scheduling Example and General Parameters).Schedule the cron job in the
whitesource-artifactory-plugin.groovy
file (see Cron Scheduling Example).Restart Artifactory.
Artifactory Version >= 7.x
Download the zip file and extract it.
Replace the
whitesource-artifactory-plugin.properties
andwhitesource-artifactory-plugin.groovy
files under${ARTIFACTORY_HOME}/var/etc/artifactory/plugins
Create a new
lib
folder under${ARTIFACTORY_HOME}/var/etc/artifactory/plugins
.Place the new
whitesource-artifactory-plugin-VERSION.jar
file in theplugins/lib
directory.Update the
whitesource-artifactory-plugin.properties
file with the appropriate parameters (see Cron Scheduling Example and General Parameters).Schedule the cron job in the
whitesource-artifactory-plugin.groovy
file (see Cron Scheduling Example).Restart Artifactory.
Configuring the Plugin
Properties File Example
Code Block | ||
---|---|---|
| ||
// whitesource-artifactory-plugin properties file wssUrl="" // wssUrl="http://localhost:8080/agent" // Organization Token: apiKey="<your WSS api key>" // UserKey Token: Unique identifier of user, can be generated from the profile page in your whitesource account. //userKey="<your WSS user key>" // Product Name - represents Artifactory instance, Artifactory repository represents project // In order to map repository to a product in WhiteSource mark this field as comment productName="<your Artifactory representing name>" // Check Policices. will check only delta between WSS and current files checkPolicies=false // check all files all the time. if true that checkpolicies must also be true forceCheckAllDependencies=false // update WSS updateWss=false // update WSS regardless of the check policies result forceUpdate=false // Names of the repositories in the Artifactory to scan repoKeys=["repo1","repo2","repo3"] // Proxy Settings useProxy=false //proxyHost="127.0.0.1" //proxyPort=3128 //proxyUser="" //proxyPass="" // The type of files that will be extracted and their content will be checked archiveIncludes = ["war", "ear", "zip"] // archiveExtractionDepth=2 // Once the archive was extracted, which files within it should be checked includesRepositoryContent=["m", "mm", "js", "php", "jar", "zip"] // Whether to run beforeDownload/beforeRemoteDownload/afterCreate methodmethods (defaults to true) //triggerBeforeDownload=false //triggerAfterCreatetriggerBeforeRemoteDownload=false //triggerAfterCreate=false |
General Parameters
Attribute | Type | Description | Required | Additional InformationInformation | ||
---|---|---|---|---|---|---|
wssUrl | String | URL for sending the request. Use the 'WhiteSource ‘WhiteSource Server URL' which can be retrieved from your ' Profile ' page on the 'Server URLs' panel. Then, add the '/agent' agent’ path to it. For example: "https://saas.whitesourcesoftware.com/agent". | No. | |||
apiKey | String | Unique identifier of the organization, . This can be retrieved from the admin Integration page in your WhiteSource account. | Yes | |||
userKey | String | Unique identifier of the user, . This can be generated from the profile Profile page in your WhiteSource account. | Yes | Supported since version 18.5.1 | ||
productName | String | Represents the Artifactory instance and product in WhiteSource. Comment this field to map the repository to the product in WhiteSource (project will also represent the repository as well). | No | |||
checkPolicies | Boolean | Whether or not to send the check policies request to WhiteSource. | No | |||
forceCheckAllDependencies | Boolean | Used only if
| No | Supported since version 1.0.3 | ||
updateWss | Boolean | Whether or not to send an update to WhiteSource. | Yes | Supported since version 1.0.6 | ||
forceUpdate | Boolean | Whether or not to update the organization inventory regardless of policy violations. | No. The default value is false. | Supported since version 1.0.3 | ||
repoKeys | Array | The list of the repositories to scan. | Yes | |||
useProxy | boolean | Whether or not to use proxy settings. | Yes | |||
proxyHost | String | Proxy host urlURL. | No | |||
proxyPort | Integer | Proxy port. | No | |||
proxyUser | String | Proxy User user name if existit exists. | No | |||
proxyPass | String | Proxy password if existit exists. | No | |||
archiveIncludes | String | Comma separated list specifying the type types of files that will be extracted. | No. | Supported since version 1.0.3 | ||
archiveExtractionDepth | String | Drill down hierarchy level in archive files. | No, the default value is 2. | Supported since version 19.4.2 | ||
includesRepositoryContent | String | Comma separated list . Specifying specifying which files to include in the scan once the archive was is extracted according to the parameters in:
| No | Required since version 1.0.3 | ||
triggerBeforeDownload | Boolean | Whether or not to trigger the downloading of components WhiteSource policy-approved artifacts from local repositories. | No, the default value is true. | Supported since version 18.10.3 | ||
triggerBeforeRemoteDownload | Boolean | Whether or not to trigger the downloading of components WhiteSource policy-approved artifacts from remote repositories. | No, the default value is true. | Supported since version 21.12.1 | ||
triggerAfterCreate | Boolean | Whether or not to trigger 'the When a new artifact is uploaded to Artifactory, WhiteSource policies are triggered and additional data is added to the property tab of the artifact. | No, the default value is true. | Supported since version 18.10.3 |
Info |
---|
The extraction depth of the Artifactory Plugin for archived files is currently set to the first level. The Unified Agent has an extraction depth of up to seven levels. |
Cron Scheduling Example
This example demonstrates how to configure a schedule for scanning the Artifactory repositories.
...
"0 42 10 * * ?" - Build a trigger that will fire daily at 10:42 am.
"0 0/2 8-17 * * ?" - Build a trigger that will fire every other minute, between 8am and 5pm, every day.
For more details, see Cron expression.
Plugin Log Levels
The default log level for the plugin is "warn". To change the plugin log level, add the following to ${ARTIFACTORY_HOME}/etc/logback.xml
:
...