Versions Compared

Old Version 51

changes.mady.by.user David Jaffe

Saved on

compared with

New Version 52

changes.mady.by.user David Jaffe

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Supported vulnerabilities are listed here.

How WhiteSource Cure Works

...

  • IDE plugin - Remediation suggestions are presented in the IDE for developers to review and accept. See here.
    NOTE: Currently only JetBrains is supported. Future versions will support additional IDEs.

  • Web-based application - Displays all remediation suggestions per specific repository. See here.

Supported Technologies

  • Languages: Java

  • Supported IDEs: JetBrains IntelliJ IDEA

  • SAST tools detection formats: Semmle and LGTM.com (SARIF format)

...

  1. In Repository URL, enter the URL of the GitHub repository. NOTE: Only Java projects are supported.

  2. In SARIF File, upload the detection result file (see here) or leave it empty. If left empty, WhiteSource Cure will automatically request a SARIF file from lgtm.com.

  3. Click Fix it!. In the Confirmation popup, ensure that you agree to the terms of service, and click Agree.

...

  1. Ensure that the main screen is open to the Remediation tab.

  2. Drill down to the vulnerability to which you want remediation suggestions, and double-click it. The remediation report is displayed in the Remediation screen, containing the original code plus a suggestion on how to fix the vulnerability.

  3. The fix suggestion can be viewed in side-by-side mode (default) or unified mode. Use the toolbar buttons on the top right to toggle between them.

  4. If you agree with the proposed fix, copy the URL and add it to a ticket. Alternatively, use the IDE plugin.

Detection Screen

The Detection screen displays details of the actual “trace”, that is, the flow of the vulnerability and its attack vector as it propagates through the code.

...

Once installed, the IDE is ready to be used. Do as follows:

  1. Do all steps in Accessing Cure and Generating Remediation Suggestions.

  2. In the IDE, open the project for which you created a remediation suggestion (report).

  3. Click on the “earth” icon located in the plugin’s left pane. The Upload Remediation Report popup is displayed.

  4. Copy the URL of the report you generated in Step 1 and paste it here. After a few seconds, the plugin will display a list of available remediation suggestions:

...