Versions Compared

Old Version 12

changes.mady.by.user David Vaisman

Saved on

compared with

New Version 13

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This topic describes Offline mode for WhiteSource Mend Prioritize, which enables you to analyze a project that is located in an environment not connected to the Internet.

...

  • An offline client system (not connected to the Internet)

  • An online client system (connected to the Internet - and WhiteSource Mend Application)

  • WhiteSource Mend SaaS (connected to the Internet - and WhiteSource Mend Application (SaaS))

The following provides an outline of the process:

Step #

Description

1

(Offline) Establishing Project Component Dependencies: Leverage the WhiteSource Unified Mend Unified Agent to establish project component dependencies and store them in a dedicated file

2

(Online) Obtaining Project Reported Component Vulnerabilities: Request that WhiteSource Mend SaaS return vulnerabilities reported for each of the libraries established in Step 1

3

(Offline) Producing Project Prioritize Results: Leverage the Unified Agent to run WhiteSource Prioritize Mend Prioritize on an offline system using the details obtained in Steps 1 and 2

4

(Online) Uploading Project Prioritize Results: Submit analysis results to the WhiteSource Mend SaaS from an online system to WhiteSource to Mend Saas

...

Establishing Project Component Dependencies

...

  1. Establish project component dependencies after running WhiteSource Prioritize Mend Prioritize prerequisite checks.

  2. Generate a file with found dependencies.

...

Switch

Description

d

The project folder to be scanned.

-euaOffline

The Prioritize offline mode. Supported modes include:

  • dep (dependency) (along with all pertinent Unified Agent details associated with an offline request)

  • vul (vulnerability)

  • res (analysis results)

  • upl (upload)

In step 1, the following setting is employed:

-euaOffline dep (Instructs the agent to run in euaOffline dep mode, and generate a dependency file for later WhiteSource Prioritize Mend Prioritize analysis)

-euaDep <euaDep_Path>

(Optional) This setting specifies the path and name for the dependency file (default: Unified Agent folder and euaDep.json)

...

  1. Calculate a unique value of the dependencies listing obtained for the referenced project (based on the specified appPath and d) and verify that the value matches:

    • The value calculated and captured for the dependencies' JSON file (euaDep.json)

    • The value captured in the vulnerabilities JSON file (euaVul.json)

  2. Establish project vulnerability effectiveness after running Prioritize.

  3. Generate a file with WhiteSource Prioritize Mend Prioritize results.

Command 

Code Block
java -jar <unified_agent.jar> -c <unified_agent_config> -appPath <app_path> -d <d_path> -euaOffline res [-euaDep <euaDep_Path>] [-euaVul <euaVul_Path>] [-euaRes <euaRes_Path>]

...