Info |
---|
These release notes are for the WhiteSource cloud solution, and do not apply to the on-premises solution that has its own release notes.
|
...
Product | Description |
---|---|
WhiteSource for GitLab | Added the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a WhiteSource IaC Check was introduced which runs in parallel to the existing WhiteSource Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues. |
WhiteSource for Github.com | Added a new tag commitId to the WhiteSource application Projects that will contain the latest scanned commit ID. |
WhiteSource for Azure Repos | The |
WhiteSource for Github.com | Python version 3.8 is now supported when performing a scan with the SCM scanner. Note that Python version 3.7.12 is still the supported default version. |
WhiteSource for Github.com | The scanning of Dotnet 6 projects is now supported. |
WhiteSource for Github.com | Dev dependencies in the NPM and Yarn projects will not be scanned by default. |
WhiteSource for Github.com | Enabled SmartFix for Java project. |
Version 22.3.3 (17-April-2022)
...
Product | Description |
---|---|
WhiteSource for Bitbucket Server | Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (NPM and MavenJavaScript only). NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period. |
WhiteSource for GitHub.com | An option is now available to allow users to control Whitesource IaC check runs in the |
WhiteSource for GitLab | The |
WhiteSource for GitHub Enterprise | Python versions 3.8 and 3.9 are now supported when performing a scan with the SCM scanner. |
...
Product | Description |
---|---|
WhiteSource for GitHub.com | Python version 3.9 is now supported when performing a scan with the SCM scanner. |
WhiteSource for GitHub Enterprise | It is now possible to define a scope for migration to the Global Configuration - for all organizations or for all repositories of a specific organization. |
WhiteSource for GitLab | Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependencies (NPM JavaScript only). NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period. |
WhiteSource for Azure Repos | Work Items will now be created and updated for all of the Processes: Basic, Agile, Scrum, and CMMI. Previously, only Basic was supported. |
...
Product | Description |
---|---|
WhiteSource for GitHub Enterprise | A new parameter |
WhiteSource for GitHub Enterprise | Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependencies (NPM JavaScript only). NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period. |
WhiteSource for GitHub.com | Repeated restarts no longer occur when performing a scan with the SCM scanner. |
...
Product | Description |
---|---|
WhiteSource for Azure Repos | Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (NPM JavaScript only). |
WhiteSource for GitHub.com WhiteSource for Azure Repos | Default archive extraction depth is set to 0 for the scanner. To change this value, look for the configModeparameter in the |
WhiteSource for GitHub.com WhiteSource for Azure Repos | The scanning of private Ruby registries is now supported. |
...
Product | Description |
---|---|
WhiteSource for GitHub.com WhiteSource for Azure Repos | The scanning of private Yarn 2 and Yarn 3 registries is now supported. |
WhiteSource for GitHub Enterprise WhiteSource for Bitbucket Server WhiteSource for GitLab | The scanning of private Nuget registries is now supported. |
WhiteSource for GitHub Enterprise WhiteSource for Bitbucket Server WhiteSource for GitLab | Gradle 7 projects are now supported. |
WhiteSource for GitHub Enterprise WhiteSource for GitHub.com | For NPM projects, when |
WhiteSource Advise for WebStorm WhiteSource for GitHub.com | Smart Fix: Fixrecommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (NPM JavaScript only). |
Version 21.11.2 (12-December-2021)
...
Product | Description |
---|---|
WhiteSource for GitHub.com | WhiteSource has launched the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a WhiteSource IaC Check was introduced which runs in parallel to the existing WhiteSource Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues. |
WhiteSource for Bitbucket Server, | Previously, the only way to provide the integration's activation key to the Remediate container was by using a prop.json file. |
WhiteSource Advise for IntelliJ, | Beginning in this version, you can configure the plugin/extension to alert only on detected vulnerabilities satisfying a given minimum severity level (as opposed to always showing Low, Medium and High severity vulnerabilities). |
WhiteSource Advise for WebStorm | Beginning in this version, WhiteSource Advise will not scan the node_modules folder of a selected project. |
...
Product | Description |
---|---|
WhiteSource Advise for IntelliJ, | Better handling when the developers' environment is disconnected from the internet or has no access to the WhiteSource servers. |
WhiteSource Advise for Visual Studio | In some cases, scanning a C# project resulted in an exception, and in addition, no vulnerabilities were displayed. |
WhiteSource for GitHub.com | When adding an empty whitesource-config repository from a default "main" branch to the integration, it was not initialized with WhiteSource configuration files. |
WhiteSource for GitLab | When using the security dashboard, issues were published but the commit comment was not updated with scan results and remained with a "scan in progress" indication. |
Version 21.3.1 (4-April-2021)
...
Product | Description |
---|---|
WhiteSource Advise for IntelliJ IDEA, | An improved notification message is now displayed when no vulnerabilities are found in a scanned project. |
WhiteSource Advise for IntelliJ IDEA | Added support for the "apply from" script plugin in Gradle projects, which can reference a dependency file contained within the scanned project or outside of it. |
WhiteSource Advise for Eclipse, | Beginning in this version, you can configure the plugin to alert only on direct dependency vulnerabilities (as opposed to both direct and transitive vulnerabilities). |
WhiteSource for Bitbucket Server, | For NPM projects only - Added support for remediation of transitive npm packages when a package-lock.json is present. |
WhiteSource for Bitbucket Server, | Beginning in this version, a new WhiteSource Security/License Check summary will be displayed in case a scan results in an empty inventory (as opposed to when one or more Security/License issues are detected). |
WhiteSource Remediate | Remediate sometimes, and Renovate often, needs to query github.com for tags and releases (e.g. for release notes fetching). |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.2.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.3.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
...
Product | Description |
---|---|
WhiteSource Advise for PyCharm, | WhiteSource has launched WhiteSource Advise for PyCharm and WhiteSource Advise for WebStorm plugins, empowering JetBrains developers with important, valuable information on security vulnerabilities concerning open-source components employed in their development projects. |
WhiteSource Advise for IntelliJ IDEA |
|
WhiteSource for Bitbucket Server, | From this version onwards, the Administration > WhiteSource Integration page enables the Bitbucket administrator to select Projects to integrate with WhiteSource, instead of Repositories. Once a project is selected by the Bitbucket administrator, the project administrator will be able to access the WhiteSource Integration page from the Project > Project settings page and decide which repositories within that project to integrate with WhiteSource. NOTE: Customers upgrading from an older version of the integration will be automatically migrated to the new WhiteSource Integration model. This means that for each already integrated repository, the repository will be automatically selected inside the Project > Project settings page. |
...
Product | Description |
---|---|
WhiteSource Advise for IntelliJ IDEA | Scanning a Gradle project following file changes would sometimes not show markers for detected vulnerabilities. |
WhiteSource for Bitbucket Server, | In an integrated repository page, the Critical severity metric inside the WhiteSource Security widget was modified to High in order to align with the WhiteSource UI severity metrics. |
...
Product | Description |
---|---|
WhiteSource for GitHub Enterprise, | Added ability to define a whitelist of GitHub Organizations and/or GitHub repository owners who can integrate with the WhiteSource integration. |
WhiteSource for Bitbucket Server, | Global Repo Configuration:
|
WhiteSource Advise for Visual Studio Code |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.11.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.11.1 of the Bitbucket Add-on.
...
Product | Description |
---|---|
WhiteSource Advise for IntelliJ IDEA | The No proxy HTTP setting was ignored by the plugin. |
WhiteSource for Bitbucket Server, | The scanner container did not clean up between container restarts, resulting in a potentially large growth in the container’s disk size. |
Version 20.11.2 (6-December-2020)
...
Resolved Issues
Product | Description |
---|---|
WhiteSource for GitHub Enterprise | Renovate config presets were not being resolved. |
WhiteSource for Bitbucket Server, | In the WhiteSource Security Report (Code Insights), the table listing each vulnerability was not displayed correctly. |
Version 20.11.1 (22-November-2020)
...
Product | Description |
---|---|
WhiteSource Advise for IntelliJ, |
|
WhiteSource Advise for IntelliJ |
|
Version 20.10.2.1 (8-November-2020)
...
Product | Description |
---|---|
WhiteSource for GitHub Enterprise | In some cases, two scans were triggered for the same commit. This led the issue publishing process to run twice at the exact same time, causing duplicate issues to be created. |
Version 20.10.1.1 (25-October-2020)
...
Product | Description |
---|---|
WhiteSource Advise for IntelliJ IDEA |
|
WhiteSource for Bitbucket Server, |
|
WhiteSource for Bitbucket Server | In the WhiteSource Integration page:
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.9.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.10.1 of the Unified Agent.
...
Product | Description |
---|---|
WhiteSource for Bitbucket Server |
|
WhiteSource for Bitbucket Server, |
|
Version 20.9.2 (11-October-2020)
...
Product | Description |
---|---|
WhiteSource for Bitbucket Server, |
|
WhiteSource for Bitbucket Server, |
|
WhiteSource Advise for Visual Studio Code |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.8.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.9.1 of the Unified Agent.
...
Product | Description |
---|---|
WhiteSource for Bitbucket Server, |
|
WhiteSource Advise for Visual Studio Code |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.8.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.8.2 of the Unified Agent.
...
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.3 of the Unified Agent.
Resolved Issues
WhiteSource for GitHub.com, WhiteSource for GitHub Enterprise: Migrating specific repositories to the global configuration using the excludeRepos parameter led to incorrect results.
Version 20.7.2 (3-August-2020)
...
Product | Description |
---|---|
WhiteSource Advise for Eclipse, WhiteSource Advise for IntelliJ IDEA |
|
WhiteSource for Bitbucket Server, |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.2 of the Unified Agent.
Resolved Issues
WhiteSource for GitHub.com, WhiteSource for GitHub Enterprise: When the content of a "WhiteSource Security Check" exceeded GitHub's size limit for a Check Run, the check run content was not displayed.
WhiteSource for Bitbucket Server, WhiteSource for GitHub Enterprise, WhiteSource for GitHub.com, WhiteSource for GitLab: As part of the Global Repo Configuration, the whitesource-config repository had to be initialized with a README file in order for the global-config.json and repo-config.json files to be automatically generated by the integration.
Version 20.7.1.1 (23-July-2020)
...
Product | Description |
---|---|
WhiteSource Advise for Visual Studio |
|
WhiteSource for Bitbucket Server, |
|
WhiteSource for Bitbucket Server |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.1 of the Unified Agent.
...
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.6.2 of the Unified Agent.
Resolved Issues
WhiteSource for Bitbucket Server: When uninstalling the add-on, the activation key and list of integrated repositories were not cleared.
Version 20.6.1.1 (23-June-2020)
...
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.5.1 of the Unified Agent.
Resolved Issues
WhiteSource for GitHub Enterprise: When running the wss-ghe-app container, a FileNotFoundException error message appeared in the logs.
Version 20.4.2.2 (17-May-2020)
New Features & Updates
Product | Description |
---|---|
WhiteSource for GitHub Enterprise |
|
WhiteSource for Bitbucket Server, WhiteSource for GitHub Enterprise, and WhiteSource for GitLab |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.4.2.2 of the Unified Agent.
Resolved Issues
WhiteSource for GitHub Enterprise: When performing a scan, the local Maven registry directive was ignored.
Version 20.3.1 (29-March-2020)
New Features & Updates
Product | Description |
---|---|
WhiteSource for GitHub.com | Support for Gradle Kotlin projects |
NOTE: The GitHub.com integration in this version supports version 20.3.1 of the Unified Agent.
...
New Features & Updates
Product | Description |
---|---|
WhiteSource for GitHub.com | Support for Gradle in WhiteSource Remediate |
WhiteSource for Bitbucket Server |
|
...