Versions Compared

Old Version 69

changes.mady.by.user Nabeel Saabna

Saved on

compared with

New Version 70

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents

Overview

Info

Proxy settings are relevant for requests for WhiteSource servers only. Proxy for remote repositories requests is not supported

This topic describes how the JFrog Artifactory plugin integrates with WhiteSource. The plugin adds additional information to the Artifactory artifacts and updates WhiteSource.  Once invoked, all the artifacts' metadata on your Artifactory will be uploaded to your WhiteSource inventory.

  • Artifactory instance is mapped to WhiteSource product. 

  • Artifactory repositories will be mapped to WhiteSource projects.

  • WhiteSource organization will be updated regardless of policy violation.

  • Policies will be enforced and policy details will be added to the artifacts property tab, WSS-Action (Approve/Reject) and WSS-Policy-Details.

  • Additional data for each artifact will be added to the property tab: WSS-Licenses, WSS-Description, WSS-Homepage and WSS-Vulnerabilities.

The plugin is licensed under the Apache 2.0 license.

Info

The plugin updates Artifactory repositories with no more than 10000 artifacts. WhiteSource inventory will be updated only when using cron based job. The plugin updates WhiteSource with repositories with no more than 2000 artifacts.

Notes

  • Artifactory editions not supported by the Groovy-based User Plugins are not supported by WhiteSource.

  • Scanning of Docker repositories is not supported.

  • Scanning of virtual repositories is not supported.

  • The recommended integration method for the JFrog Artifactory is using the Unified Agent.

  • Updates in Artifactory: The plugin updates Artifactory repositories with no more than 10000 artifacts.

  • Updates in WhiteSource: The plugin updates WhiteSource with repositories with no more than 2000 artifacts.

How the Artifactory Plugin Works

The Artifactory plugin works in two modes:

  1. Cron-based job - when invoked, repositories artifacts will be checked in WhiteSource and additional data will be added to the property tab of each artifact.

  2. Adding new Artifact - when uploaded, new artifact will be checked in WhiteSource. Policies will be checked and additional data will be added to the property tab of the artifact.

Downloading the Plugin

...

Version

...

File

...

Release Notes

...

Release Date

...

MD5

...

21.12.1

...

whitesource-artifactory-plugin-21.12.1.zip

...

Release Notes 21.12.1

...

2021-12-26

...

FD435A4B3C7D2EAC3D07DC5FA6774789

...

21.7.2

...

whitesource-artifactory-plugin-21.7.2.zip

...

Temp folders deletion fix & upgrade dependencies versions

...

2021-08-15

...

1B4B6DE62613AD5F52B8B162F6A7993D

...

20.9.1

...

whitesource-artifactory-plugin-20.9.1.zip

...

Fix typo

...

2020-10-04

...

3A238385348051D7AD24EE166F26F935

...

20.7.3

...

whitesource-artifactory-plugin-20.7.3.zip

...

Support Artifactory 7.x 

...

2020-08-16

...

0A26F0B1CA1A7C2C5FA012D9AED3ED4C

...

20.6.2

...

whitesource-artifactory-plugin-20.6.2.zip

...

Bug fixed - Block artifact in before download in case of policy violation.

...

2020-07-07

...

A766DE35D4D39C7C5761E1F7F49501E7

...

20.5.1

...

whitesource-artifactory-plugin-20.5.1.zip

...

Bug fixes

...

2020-05-24

...

0F7A360476D0B870229CF54C500A5AC4

...

19.9.1

...

whitesource-artifactory-plugin-19.9.1.zip

...

Minor bug fix

...

2019-09-22

...

520A2FC631F9D368AE2F2DFC308FAB12

...

19.4.2

...

whitesource-artifactory-plugin-19.4.2.zip

...

Memory leak bug fix

...

2019-05-05

...

E7DC7341CF90A2B37EAC328D5A675743

...

19.3.2

...

whitesource-artifactory-plugin-19.3.2.zip

...

Minor bug fix

...

2019-04-07

...

0D7103F7CE1142ED3D3C9C206E081AA8

...

19.3.1

...

whitesource-artifactory-plugin-19.3.1.zip

...

Add archive extraction depth archiveExtractionDepth parameter

...

2019-03-24

...

7352FC6C56D61A001756A1CF040A0576

...

19.1.1

...

whitesource-artifactory-plugin-19.1.1.zip

...

Updates Agent version

...

2019-01-27

...

018B2749498BF6BC144B03556EAD034B

...

18.10.3

...

whitesource-artifactory-plugin-18.10.3.zip

...

Bug Fixes

Added triggerAfterCreate & triggerBeforeDownload parameters.

...

2018-11-18

...

E86760C59E0A3262591707BA7C02C3B7

...

18.8.2

...

whitesource-artifactory-plugin-18.8.2.zip

...

Minor Bug fixes

...

2018-09-02

...

BB473552069155C24CDD8021C38B9029

...

18.6.3

...

whitesource-artifactory-plugin-18.6.3.zip

...

Minor Bug fixes

...

2018-07-08

...

480A308C2359BC75EBED9717A032D1B7

...

18.5.1

...

whitesource-artifactory-plugin-18.5.1.zip

...

Add user key - unique identifier of user, can be generate from the profile page in your whitesource account

...

2018-05-27

...

EA4F045B6A00136342FF7B9F01FFAFBA

...

17.12.1

...

whitesource-artifactory-plugin-17.12.1.zip

...

Bug fix - Archive extraction

...

2017-12-17

...

80DC1701AAB7B471EF58E6E3A1CC5D82

...

1.0.9

...

whitesource-artifactory-plugin-1.0.9.zip

...

Add support for 'before download' method from a local repository according to a policy in WhiteSource

Resolved issues WSA-308

...

2017-10-08

...

0FFCEF0BC0777C06898A031E6F2679F6

...

1.0.8

...

whitesource-artifactory-plugin-1.0.8.zip

...

  1. Add CVSS score

  2. Add before download method - prevent artifacts download from a remote repository according to a policy in WhiteSource

Resolved issues WSA-242, WSA-177.

...

2017-09-27

...

E8643C70DEEF4C75EF45AC18B3F9EBF0

...

1.0.7

...

whitesource-artifactory-plugin-1.0.7.zip

...

Add option for creating a project in WhiteSource for each repository.

...

2017-09-11

...

D0C22C6E4D265BBF2FBC3A799848838

...

1.0.6

...

whitesource-artifactory-plugin-1.0.6.zip

...

Add parameter for updating WhiteSource.

...

2017-08-08

...

48D7AED7EB8D005F5F6F45E210EEC33B

...

1.0.5

...

whitesource-artifactory-plugin-1.0.5.zip

...

Minor bug fixes.

...

2017-07-18

...

F18B154FC8B0CEF0D96DD08848B3FFB7

...

1.0.4

...

whitesource-artifactory-plugin-1.0.4.zip

...

Adjust plugin version to agents-api & whitesource-fs-agent versions.

...

2017-07-16

...

675032D04CE06BDC28EC70FAEBA4D2AF

...

1.0.3

...

whitesource-artifactory-plugin-1.0.3.zip

...

Enabliing update WSS scan Artifactory repositories.

...

2017-05-07

...

37568D088633E3EF877C364A1F901221

...

1.0.2.2

...

whitesource-artifactory-plugin-1.0.2.2.zip

...

Minor Bug fixes

...

2017-02-01

...

C1A62DE5C257874E0C5DF82869DC2892

...

Table of Contents

Overview

Info

Proxy settings are relevant for requests for WhiteSource servers only. Proxy for remote repository requests is not supported.

This topic describes how the JFrog Artifactory plugin integrates with WhiteSource. The plugin adds additional information to the Artifactory artifacts and updates WhiteSource.  Once invoked, all the artifacts' metadata on the Artifactory will be uploaded to the WhiteSource inventory.

  • Artifactory instance is mapped to WhiteSource product. 

  • Artifactory repositories will be mapped to WhiteSource projects.

  • Policies will be enforced and policy details will be added to the artifacts property tab: WSS-Action (Approve/Reject) and WSS-Policy-Details.

  • Additional data for each artifact will be added to the property tab: WSS-Licenses, WSS-Description, WSS-Homepage and WSS-Vulnerabilities.

The plugin is licensed under the Apache 2.0 license.

NOTES

  • The WhiteSource inventory will be updated only when using a cron-based job, if the updateWss property is set to true.

  • Artifactory editions not supported by the Groovy-based User Plugins are not supported by WhiteSource.

  • Scanning of Docker repositories is not supported.

  • Scanning of virtual repositories is not supported.

  • The recommended integration method for the JFrog Artifactory is using the Unified Agent.

  • Updates in Artifactory: The plugin updates Artifactory repositories with no more than 10,000 artifacts.

  • Updates in WhiteSource: The plugin updates WhiteSource with repositories with no more than 2,000 artifacts.

How the Artifactory Plugin Works

The Artifactory plugin works in the following modes:

  1. Cron-based job: When invoked, repository artifacts will be updated in WhiteSource and additional data will be added to the property tab of each artifact.

  2. After create: In this mode, when a new artifact is uploaded to Artifactory, WhiteSource policies are triggered and additional data is added to the property tab of the artifact. This mode is controlled by the triggerAfterCreate property.

  3. Before download: In this mode, only WhiteSource policy-approved artifacts will be downloaded from remote or local repositories. This mode is controlled by the triggerBeforeDownload (for downloading from local repositories) and triggerBeforeRemoteDownload (for downloading from remote repositories) properties.

Downloading the Plugin

Latest Plugin Version

File

Features

Release Date

MD5

21.12.1

whitesource-artifactory-plugin-

1

21.

0

12.

2.

1.zip

Minor bug fixes

2017-01-29

14DFB6A85A821C01F962886FCC68A62F

1.0

Release Notes 21.12.1

2021-12-26

FD435A4B3C7D2EAC3D07DC5FA6774789

Previous Plugin Versions

Expand

Version

File

Features

Release Date

MD5

21.7.2

whitesource-artifactory-plugin-

...

21.

...

7.2

...

.

...

2017-01-24

...

B7C4E651C1707B1B530BCE871BB7207C

...

zip

Temp folders deletion fix & upgrade dependencies versions

2021-08-15

1B4B6DE62613AD5F52B8B162F6A7993D

20.9.1

whitesource-artifactory-plugin-

...

20.

...

9.1.

...

zip

...

Split vulnerability link and severity into 2 lines.

...

2016-07-17

...

FA1BE663ED9A0526237ED1B03D97ADCC

...

Fix typo

2020-10-04

3A238385348051D7AD24EE166F26F935

20.7.3

whitesource-artifactory-plugin-

...

20.

...

7.

...

3.

...

zip

...

Bug fixes. rename properties file.

...

2016-05-03

...

272692C2CD8C04DA0BE3E9858248A717

Support Artifactory 7.x 

2020-08-16

0A26F0B1CA1A7C2C5FA012D9AED3ED4C

20.6.2

whitesource-artifactory-plugin-

...

20.

...

6.

...

2.zip

...

Add setup.groovy file to automatically install dependencies.

...

2016-04-27

...

D2BA5AC9B45EEEA144BA324924BB1C85

Bug fixed - Block artifact in before download in case of policy violation.

2020-07-07

A766DE35D4D39C7C5761E1F7F49501E7

20.5.1

whitesource-artifactory-plugin-

...

20.

...

5.

...

1.zip

...

Check Policies and Add Additional Data to the Artifact property tab.

...

2016-04-07

...

e2654abeb61162044495e49e6845eb2e

Bug fixes

2020-05-24

0F7A360476D0B870229CF54C500A5AC4

Installing the Plugin

NOTE: For details on how to migrate from a previous version of the Artifactory Plugin earlier than 21.12.1, see Migrating the Artifactory Plugin.

Artifactory Version <= 6.x

  1. Download the zip file and extract it.

  2. Replace the whitesource-artifactory-plugin.properties and whitesource-artifactory-plugin.groovy files under ${ARTIFACTORY_HOME}/etc/plugins.

  3. Create a new lib folder under:  ${ARTIFACTORY_HOME}/etc/plugins.

  4. Place the new whitesource-artifactory-plugin-VERSION.jar file in the plugins/lib directory.

  5. Update the whitesource-artifactory-plugin.properties file with the appropriate parameters (see Cron Scheduling Example and General Parameters).

  6. Schedule the cron job in the whitesource-artifactory-plugin.groovy file (see Cron Scheduling Example).

  7. Restart Artifactory.

Artifactory Version >= 7.x

  1. Download the zip file and extract it.

  2. Replace the whitesource-artifactory-plugin.properties and whitesource-artifactory-plugin.groovy files under ${ARTIFACTORY_HOME}/var/etc/artifactory/plugins

  3. Create a new lib folder under ${ARTIFACTORY_HOME}/var/etc/artifactory/plugins.

  4. Place the new whitesource-artifactory-plugin-VERSION.jar file in the plugins/lib directory.

  5. Update the whitesource-artifactory-plugin.properties file with the appropriate parameters (see Cron Scheduling Example and General Parameters).

  6. Schedule the cron job in the whitesource-artifactory-plugin.groovy file (see Cron Scheduling Example).

  7. Restart Artifactory.

Configuring the Plugin

Properties File Example

Code Block
languagebash
// whitesource-artifactory-plugin properties file

wssUrl=""
// wssUrl="http://localhost:8080/agent"

// Organization Token:
apiKey="<your WSS api key>"

// UserKey Token: Unique identifier of user, can be generated from the profile page in your whitesource account.
//userKey="<your WSS user key>"

// Product Name - represents Artifactory instance, Artifactory repository represents project
// In order to map repository to a product in WhiteSource mark this field as comment
productName="<your Artifactory representing name>"

// Check Policices. will check only delta between WSS and current files
checkPolicies=false

// check all files all the time. if true that checkpolicies must also be true
forceCheckAllDependencies=false

// update WSS 
updateWss=false

// update WSS regardless of the check policies result
forceUpdate=false

// Names of the repositories in the Artifactory to scan
repoKeys=["repo1","repo2","repo3"]

// Proxy Settings
useProxy=false
//proxyHost="127.0.0.1"
//proxyPort=3128
//proxyUser=""
//proxyPass=""

// The type of files that will be extracted and their content will be checked
archiveIncludes = ["war", "ear", "zip"]
// archiveExtractionDepth=2

// Once the archive was extracted, which files within it should be checked
includesRepositoryContent=["m", "mm", "js", "php", "jar", "zip"]

// Whether to run  beforeDownload/beforeRemoteDownload/afterCreate methodmethods (defaults to true)
//triggerBeforeDownload=false
//triggerAfterCreatetriggerBeforeRemoteDownload=false
//triggerAfterCreate=false

General Parameters

Attribute

Type

Description

Required

Additional InformationInformation

wssUrl

String

URL for sending the request.

Use the 'WhiteSource ‘WhiteSource Server URL' which can be retrieved from your ' Profile ' page on the 'Server URLs' panel. Then, add the '/agent' agent’ path to it. For example: "https://saas.whitesourcesoftware.com/agent".

No.
Defaults to https://saas.whitesourcesoftware.com/agent


apiKey

String

Unique identifier of the organization, . This can be retrieved from the admin Integration page in your WhiteSource account.

Yes


userKey

String

Unique identifier of the user, . This can be generated from the profile Profile page in your WhiteSource account.

Yes

Supported since version 18.5.1

productName

String

Represents the Artifactory instance and product in WhiteSource.

Comment this field to map the repository to the product in WhiteSource (project will also represent the repository as well).

No


checkPolicies

Boolean

Whether or not to send the check policies request to WhiteSource.

No


forceCheckAllDependencies



Boolean

Used only if checkPolicies is set to true.

  • Setting forceCheckAllDependencies to true will force check all policies for all dependencies introduced to the WhiteSource projects.

  • Setting forceCheckAllDependencies to false or not using it at all will check only the new dependencies introduced to the WhiteSource projects.

No

Supported since version 1.0.3

updateWss

Boolean

Whether or not to send an update to WhiteSource.

Yes

Supported since version 1.0.6

forceUpdate

Boolean

Whether or not to update the organization inventory regardless of policy violations.

No. The default value is false.

Supported since version 1.0.3

repoKeys

Array

The list of the repositories to scan.

Yes


useProxy

boolean

Whether or not to use proxy settings.

Yes


proxyHost

String

Proxy host urlURL.

No


proxyPort

Integer

Proxy port.

No 


proxyUser

String

Proxy User user name if existit exists.

No 


proxyPass

String

Proxy password if existit exists.

No 


archiveIncludes

String

Comma separated list specifying the type types of files that will be extracted.

No.
The default list includes the following:
jar, war, ear, egg, zip, whl, sca, sda, gem, tar.gz, tar, tgz, tar.bz2, rpm, rar.

Supported since version 1.0.3

archiveExtractionDepth

String

Drill down hierarchy level in archive files.
Max value is 7.

No, the default value is 2.

Supported since version 19.4.2

includesRepositoryContent

String

Comma separated list . Specifying specifying which files to include in the scan once the archive was is extracted according to the parameters in:

Code Block
archiveIncludes

No

Required since version 1.0.3

triggerBeforeDownload

Boolean

Whether or not to trigger the downloading of components WhiteSource policy-approved artifacts from local repositories.

No, the default value is true.

Supported since version 18.10.3

triggerBeforeRemoteDownload

Boolean

Whether or not to trigger the downloading of components WhiteSource policy-approved artifacts from remote repositories.

No, the default value is true.

Supported since version 21.12.1

triggerAfterCreate

Boolean

Whether or not to trigger 'the afterCreate' method.

When a new artifact is uploaded to Artifactory, WhiteSource policies are triggered and additional data is added to the property tab of the artifact.

No, the default value is true.

Supported since version 18.10.3

Info

The extraction depth of the Artifactory Plugin for archived files is currently set to the first level. The Unified Agent has an extraction depth of up to seven levels.

Cron Scheduling Example

This example demonstrates how to configure a schedule for scanning the Artifactory repositories.

...

  • "0 42 10 * * ?" - Build a trigger that will fire daily at 10:42 am.

  • "0 0/2 8-17 * * ?" - Build a trigger that will fire every other minute, between 8am and 5pm, every day. 

For more details, see Cron expression.

Plugin Log Levels

The default log level for the plugin is "warn". To change the plugin log level, add the following to ${ARTIFACTORY_HOME}/etc/logback.xml:

...