WhiteSource recommends using the Unified Agent.
Scanning Archives Files
If you have Java/Ruby/Python archive files and you are willing to open them and extract descriptive information, then you can use this feature by providing values for the following parameters:
(Linux: $?, PowerShell: $LASTEXITCODE, Batch: %ERRORLEVEL%)
Scan completed successfully.
General error has occurred.
One or more of the scanned components violates an Organization or Product level policy.
Client-side error has occurred.
The agent was unable to establish a connection to the WhiteSource application server (e.g., due to a blocked Internet connection).
Server-side error has occurred (e.g., a malformed request or a request that cannot be parsed was received).
One of the package manager's prerequisite steps (e.g., npm install, bower install, etc.) failed.
Analysis will commonly display the following EUA code at successful completion: [EUA000] Analysis completed successfully. The Unified Agent returns a [-100] exit code if the analysis reported an exit code other than [EUA000].
Exit Codes in Bash
The exit codes WhiteSource returns in the Bash command language should be treated as 'x' modulo 256:
Download JarSigner (there are multiple sources from where the utility can be downloaded).
From the command line, enter the following command to run JarSigner and view the list of security certificates in the .jar file:
After running, ensure that the WhiteSource information appears in the list of security certificates.
The minimum file size for scanning is 512 bytes. The maximum file size for scanning is 2 GB. All other files will be skipped and not scanned by the Unified Agent.
The Unified Agent supports UTF-8 locales. If other locales are in use, the Unified Agent generates an error when confronting special characters.
Requests with more than one million dependencies will fail.
The Maven dependencies detection is based on the Apache Maven Dependency Plugin. Maven projects that use version 3.2.0 of the Maven Dependency Plugin are not supported.