...
Create a Unified Agent configuration file, with relevant flags to scan the function type you selected (npm, mvn, etc.) and relevant flags for a Serverless scan. Ensure that you do not include:
The serverless.includes flag
If your file is stored publicly, do not include your API token
Install this plugin: npm install serverless-whitesourcemend.
In the .yml file of the scanned serverless function, add the plugin and the path to the configuration file as so:
Code Block plugins: serverless-whitesourcemend custom: whitesource mend: pathToConfig: {path-to-configuration-file} (NOTE: Mandatory parameter) pathToJar: {path-to-jar} (NOTE: Mandatory parameter) # optional parameters, must start with 'wss-' prefix; any valid CLI parameter of the UA can be entered here. for example: wss-logLevel: { log level, for example, debug} (NOTE: Optional parameter) wss-apiKey: {enter API key} (NOTE: Optional parameter)
Deploy the serverless function: serverless deploy. The plugin will update the configuration file with the path to a .txt file containing the names of the functions found in the .yml file and will run the UA with this config file.
...