...
Table of Contents |
---|
Note |
---|
IMPORTANT: The Jenkins plugin will reach its End Of Life starting August 1, 2022. After this date, WhiteSource Mend will no longer provide standard support, including updates and fixes, for the deprecated plugin. Extended Support, which is limited to configuration and Support troubleshooting, will continue until February 1, 2023. Following this date, the Jenkins plugin will no longer be supported by WhiteSourceMend. Please make sure to migrate to the Unified Agent before the end of standard support on August 1, 2022 to maintain full support of your product. |
...
Once set up, all usage of open-source software in the organization will be continuously and automatically synchronized with WhiteSourceMend:
New projects will be created
Existing projects will be updated
Policies will be enforced on every action, failing the build if necessary.
...
Once the build is finished, the plugin will determine which open source is currently used by your project and send it to WhiteSourceMend.
Note |
---|
No source code is scanned. Only descriptive information is sent to WhiteSourceMend. |
Normal Flow
WhiteSource Mend uses the collected information to create new projects or update existing ones.
...
$JENKINS_HOME\jobs\<job name>\\builds\<build YYYY-MM-DD_HH-mm-ss>\whitesourceMend
...
Installing The Plugin
Go to Manage Jenkins > Manage Plugins > Available.
Search for WhiteSourceMend, select the checkbox, and click Install.
...
Start by configuring the global settings. These settings will apply across all jobs on this Jenkins master. Then setup the jobs which should interact with WhiteSourceMend.
Global
...
Mend Configuration
Once the plugin is installed, go to Manage Jenkins > Configure System.
Go to the WhiteSource Mend section.
Selecting the Fail on error checkbox instructs to fail the build on a general error (e.g., network error) or a policy violation.
Clearing this checkbox indicates that the plugin fails the build only for policy violations.Connection timeout is measured in minutes. Default value is 60 minutes.
...
A unique identifier of the organization. You can receive an API token in the administration section of your WhiteSource Mend account.
Service url
URL to where the request is sent.
Use the WhiteSource Mend Server URL which can be retrieved from your Profile page on the Server URLs panel. For example: "https://saas.whitesourcesoftwareMendsoftware.com".
Check policy compliance
...
Check only new libraries - Check that the newly introduced open source libraries conform with organization policies.
Force check all libraries - Check that all introduced open-source libraries conform with organization policies.
Disable - Disable policies check when updating WhiteSourceMend.
Info |
---|
Proxy settings The plugin uses the same proxy configuration used by Jenkins to send information to WhiteSourceMend. |
Job Specific Settings
For each job you want to use the plugin for, you need to add a post-build action. In job configuration
...
Parameter | Description | Environment variable support |
---|---|---|
Product name or Token | Name or token to uniquely identify the product to update. | Yes |
Product version | Version of the product to update. | Yes |
Check only new libraries | Optionally override this property from global configuration. | Yes |
Force check all libraries | Optionally override this property from global configuration. | No |
Force update | Updates organization inventory regardless of policy violations. | No |
Override API token | Optionally override this property from Global WhiteSource Mend Configuration. | Yes |
Override userKey | Unique identifier of user, can be generate from the profile page in your whitesource Mend account. | Yes |
Project token | Unique identifier of the White Source project to update. If omitted, default naming convention will apply. | Yes |
Requester email | Email of the WhiteSource Mend user that requests to update WhiteSourceMend. | Yes |
Connection Retries | Connection retries when unable to connect to WhiteSource Mend service. | Yes |
Connection RetriesInterval | Wait time between connection retries. | Yes |
* Environment variable support from version 1.8.1
...
Parameter | Description |
---|---|
Module tokens | Map of module artifactId to WhiteSource Mend project token. |
Modules to include | Only modules with an artifactId matching one of these patterns will be processed by the plugin. |
Modules to exclude | Modules with an artifactId matching any of these patterns will not be processed by the plugin. |
Ignore pom modules | Set to true to ignore this maven modules of type pom. |
Connection Retries | Connection retries when unable to connect to WhiteSource Mend service (default value is 1). |
Connection Retries Interval | Connection interval in seconds between two connection retries to WhiteSource Mend service (default value is: 3 seconds). |
...
Pipeline Support
In order to use the WhiteSource Mend Jenkins plugin, the following is required:
Jenkins version 2.x or later.
Pipeline plugin installed.
WhiteSource Mend plugin version 1.8.x or later.
The Pipeline support also consists of Global WhiteSource Mend Configuration:
...
And the job configuration, which is available when selecting the WhiteSource Mend plugin inside the snippet generator:
...
Code Block | ||
---|---|---|
| ||
node { stage ('Build') { withMaven( maven: 'maven', mavenSettingsFilePath: 'path-to/settings.xml', mavenLocalRepo:'~/.m2/repository') { whitesourceMend jobApiToken: 'api-token', jobUserKey:'user-key', libIncludes: '**/*.jar **/*.js', libExcludes: '', product: 'FT', productVersion: '', projectToken: '', requesterEmail: '' } } } |
Link to known versions of
...
Mend Jenkins plugin
https://updates.jenkins.io/download/plugins/whitesourceMend/
Change Log
Version | Features | Release Date |
---|---|---|
20.8.1 |
| |
19.1.1 |
|
|
18.10.2 |
| |
18.10.1 |
| |
18.8.2 |
| |
18.6.3 |
| |
18.6.2 |
| |
18.5.2 |
| |
18.5.1 |
|
|
18.1.3 | Add support for Jenkins 2.102 |
|
18.1.1 | Bug fix - Freestyle job runinng |
|
17.12.1 | Add support for maven pipeline job |
|
17.11.4 | Minor fixes |
|
1.8.2 | Bug fix - NPE exception on enviroment variables |
|
1.8.1 | Add support for enviroment variables |
|
1.8.0 | Minor fixes - remove jelly importing |
|
1.7.9 | Add support for generic pipeline job |
|
1.7.8 | Enable build failure on policy violation (even when force update is enabled) |
|
1.7.7 | Bug fix - ignore for pom modules field |
|
1.7.6 | Add force update option |
|
1.7.5 | Bug fix - save proxy port |
|
1.7.4 | Bug fix - fixing possible NPEs |
|
1.7.3 | Minor fixes |
|
1.7.2 | Move to JDK 1.7 |
|
1.7.1 | Bug fix - includes/excludes parameter in generic job |
|
1.7 | Add check policies for all libraries |
|
1.5.2 | Add fail on error param to global config |
|
1.5.1 | Update latest version of maven-release-plugin |
|
1.4 | Fix for proxy configuration |
|
1.3 |
|
|
1.2 | Shelved version. Disregard |
|
1.1 | Minor changes:
|
|
1.0 | First release of the plugin |
|
...