A valid license for WhiteSource for Developers
A license key for WhiteSource Advise for IDE, available via one of the following options:
If you do not have direct access to the WhiteSource Application, obtain the license key from your WhiteSource Administrator.
If you have access to the WhiteSource Application, do as follows (NOTE: This option is only available when using version 20.11.1 or later of WhiteSource Advise):
Go to the WhiteSource Application.
Open the Profile page.
In the WhiteSource Advise - IDE Integration section at the bottom, select your organization.
Copy your personal license key to be used later in Activating WhiteSource Advise.
Java JDK 1.8 and up (see here for instructions) or OpenJDK 1.8 and up is installed
Depending on whether scanning Maven or Gradle applications, note the following guidelines:
Apache Maven application is installed and the Maven path and all environment variables are set up (see here for instructions).
Gradle application is installed and the Gradle path and all environment variables are set up. NOTE: Gradle version 4.8 or above must be installed.
IntelliJ IDEA is installed and you are familiar with its basic functionality
The plugin supports the following IntelliJ IDEA versions:
Limitation - Gradle support for the following IntelliJ IDEA versions are notsupported on macOS:
Installing WhiteSource Advise
Start IntelliJ IDEA, specifying the preferred project.
From the sidebar on the right, click WhiteSource (if you do not see the sidebar, select View >Tool Windows > WhiteSource). The Welcome screen is displayed.
In Email, enter your organizational email (the email domain must be licensed to use Advise).
In License Key, enter your license key (See here for more information on how to obtain a license key).
Only show issues for direct dependencies
When enabled, WhiteSource Advise will only return vulnerabilities for direct dependencies defined in your dependency file.
Unselected (not checked)
Minimum vulnerability severity level
Alert only on detected vulnerabilities satisfying a Low/Medium/High minimum severity level.
Scanning a Project for Security Vulnerabilities