...
This topic describes Offline mode for WhiteSource Mend Prioritize, which enables you to analyze a project that is located in an environment not connected to the Internet.
...
An offline client system (not connected to the Internet)
An online client system (connected to the Internet - and WhiteSource Mend Application)
WhiteSource Mend SaaS (connected to the Internet - and WhiteSource Mend Application (SaaS))
The following provides an outline of the process:
Step # | Description |
---|---|
1 | (Offline) Establishing Project Component Dependencies: Leverage the WhiteSource Unified Mend Unified Agent to establish project component dependencies and store them in a dedicated file |
2 | (Online) Obtaining Project Reported Component Vulnerabilities: Request that WhiteSource Mend SaaS return vulnerabilities reported for each of the libraries established in Step 1 |
3 | (Offline) Producing Project Prioritize Results: Leverage the Unified Agent to run WhiteSource Prioritize Mend Prioritize on an offline system using the details obtained in Steps 1 and 2 |
4 | (Online) Uploading Project Prioritize Results: Submit analysis results to the WhiteSource Mend SaaS from an online system to WhiteSource to Mend Saas |
...
Establishing Project Component Dependencies
...
Establish project component dependencies after running WhiteSource Prioritize Mend Prioritize prerequisite checks.
Generate a file with found dependencies.
...
Switch | Description |
---|---|
d | The project folder to be scanned. |
-euaOffline | The Prioritize offline mode. Supported modes include:
In step 1, the following setting is employed: -euaOffline dep (Instructs the agent to run in euaOffline dep mode, and generate a dependency file for later WhiteSource Prioritize Mend Prioritize analysis) |
-euaDep <euaDep_Path> | (Optional) This setting specifies the path and name for the dependency file (default: Unified Agent folder and euaDep.json) |
...
Calculate a unique value of the dependencies listing obtained for the referenced project (based on the specified appPath and d) and verify that the value matches:
The value calculated and captured for the dependencies' JSON file (euaDep.json)
The value captured in the vulnerabilities JSON file (euaVul.json)
Establish project vulnerability effectiveness after running Prioritize.
Generate a file with WhiteSource Prioritize Mend Prioritize results.
Command
|
...