Versions Compared

Old Version 55

changes.mady.by.user David Vaisman

Saved on

compared with

New Version 56

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
Note

IMPORTANT: The Jenkins plugin will reach its End Of Life starting August 1, 2022.

After this date, WhiteSource Mend will no longer provide standard support, including updates and fixes, for the deprecated plugin. Extended Support, which is limited to configuration and Support troubleshooting, will continue until February 1, 2023. Following this date, the Jenkins plugin will no longer be supported by WhiteSourceMend. Please make sure to migrate to the Unified Agent before the end of standard support on August 1, 2022 to maintain full support of your product.

...

Once set up, all usage of open-source software in the organization will be continuously and automatically synchronized with WhiteSourceMend:

  • New projects will be created

  • Existing projects will be updated

  • Policies will be enforced on every action, failing the build if necessary.

...

Once the build is finished, the plugin will determine which open source is currently used by your project and send it to WhiteSourceMend.

Note

No source code is scanned. Only descriptive information is sent to WhiteSourceMend.

Normal Flow

WhiteSource Mend uses the collected information to create new projects or update existing ones.

...

$JENKINS_HOME\jobs\<job name>\\builds\<build YYYY-MM-DD_HH-mm-ss>\whitesourceMend

...

Installing The Plugin

  1. Go to Manage Jenkins > Manage Plugins > Available.

  2. Search for WhiteSourceMend, select the checkbox, and click Install.

...

Start by configuring the global settings. These settings will apply across all jobs on this Jenkins master. Then setup the jobs which should interact with WhiteSourceMend.

Global

...

Mend Configuration

Once the plugin is installed, go to Manage Jenkins > Configure System.

Go to the WhiteSource Mend section.

  • Selecting the Fail on error checkbox instructs to fail the build on a general error (e.g., network error) or a policy violation.
    Clearing this checkbox indicates that the plugin fails the build only for policy violations.

  • Connection timeout is measured in minutes. Default value is 60 minutes.

...

A unique identifier of the organization. You can receive an API token in the administration section of your WhiteSource Mend account.

Service url

URL to where the request is sent. 

Use the WhiteSource Mend Server URL which can be retrieved from your Profile page on the Server URLs panel. For example: "https://saas.whitesourcesoftwareMendsoftware.com".

Check policy compliance

...

  • Check only new libraries - Check that the newly introduced open source libraries conform with organization policies.

  • Force check all libraries - Check that all introduced open-source libraries conform with organization policies. 

  • Disable - Disable policies check when updating WhiteSourceMend.

Info

Proxy settings

The plugin uses the same proxy configuration used by Jenkins to send information to WhiteSourceMend.

Job Specific Settings

For each job you want to use the plugin for, you need to add a post-build action. In job configuration 

...

Parameter

Description

Environment variable support

Product name or Token

Name or token to uniquely identify the product to update.

Yes

Product version

Version of the product to update.

Yes

Check only new libraries

Optionally override this property from global configuration.

Yes

Force check all libraries

Optionally override this property from global configuration.

No

Force update

Updates organization inventory regardless of policy violations. 

No

Override API token

Optionally override this property from Global WhiteSource Mend Configuration.

Yes

Override userKey

Unique identifier of user, can be generate from the profile page in your whitesource Mend account.

Yes

Project token

Unique identifier of the White Source project to update. If omitted, default naming convention will apply.

Yes

Requester email

Email of the WhiteSource Mend user that requests to update WhiteSourceMend.

Yes

Connection Retries

Connection retries when unable to connect to WhiteSource Mend service.

Yes

Connection RetriesInterval

Wait time between connection retries.

Yes

* Environment variable support from version 1.8.1

...

Parameter

Description

Module tokens

Map of module artifactId to WhiteSource Mend project token.

Modules to include

Only modules with an artifactId matching one of these patterns will be processed by the plugin.

Modules to exclude

Modules with an artifactId matching any of these patterns will not be processed by the plugin.

Ignore pom modules

Set to true to ignore this maven modules of type pom.

Connection Retries

Connection retries when unable to connect to WhiteSource Mend service (default value is 1).

Connection Retries Interval

Connection interval in seconds between two connection retries to WhiteSource Mend service (default value is: 3 seconds).

...

Pipeline Support

In order to use the WhiteSource Mend Jenkins plugin, the following is required:

  • Jenkins version 2.x or later.

  • Pipeline plugin installed.

  • WhiteSource Mend plugin version 1.8.x or later.

The Pipeline support also consists of Global WhiteSource Mend Configuration:

...

And the job configuration, which is available when selecting the WhiteSource Mend plugin inside the snippet generator:

...

Code Block
languagejs
node {
   stage ('Build') {
   withMaven(
       maven: 'maven',
       mavenSettingsFilePath: 'path-to/settings.xml',
       mavenLocalRepo:'~/.m2/repository') {
     whitesourceMend jobApiToken: 'api-token', jobUserKey:'user-key', libIncludes: '**/*.jar **/*.js', libExcludes: '', product: 'FT', productVersion: '', projectToken: '', requesterEmail: ''
   } 
 }
}

Link to known versions of

...

Mend Jenkins plugin 

https://updates.jenkins.io/download/plugins/whitesourceMend/

Change Log

Version

Features

Release Date

20.8.1

19.1.1

  • Update agents version

 

18.10.2

  • Minor bug fixes

18.10.1

  • Minor bug fix - fix text message

  • Support both service URL with and without "/agent"  

18.8.2

  • Minor bug fixes

18.6.3

  • Minor bug fixes

18.6.2

  • Resume Build upon failed communication to server

18.5.2

  • Bug fix - using project token as identifier.

18.5.1

  • Added support for user-level access control in integrations

  • Minor fixes.

 

18.1.3

Add support for Jenkins 2.102

 

18.1.1

Bug fix - Freestyle job runinng

 

17.12.1

Add support  for maven pipeline job

 

17.11.4

Minor fixes

 

1.8.2

Bug fix - NPE exception on enviroment variables

 

1.8.1

Add support for enviroment variables

 

1.8.0

Minor fixes - remove jelly importing

 

1.7.9

Add support for generic pipeline job

 

1.7.8

Enable build failure on policy violation (even when force update is enabled)

 

1.7.7

Bug fix - ignore for pom modules field

 

1.7.6

Add force update option

 

1.7.5

Bug fix - save proxy port

 

1.7.4

Bug fix - fixing possible NPEs

 

1.7.3

Minor fixes

 

1.7.2

Move to JDK 1.7

 

1.7.1

Bug fix - includes/excludes parameter in generic job

 

1.7

Add check policies for all libraries

 

1.5.2

Add fail on error param to global config

 

1.5.1

Update latest version of maven-release-plugin

 

1.4

Fix for proxy configuration

 

1.3

  • Product identification

  • Well known file extensions are now scanned by default in free style jobs

  • Bug fixes

 

1.2

Shelved version. Disregard

 

1.1

Minor changes:

  • Communication with White Source servers is now encrypted using SSL by default

  • Several bug fixes in policy check report

 

1.0

First release of the plugin

 

...