...
These release notes are for the WhiteSource cloud solution, and do not apply to the on-premises solution that has its own release notes.
...
Click here to view known issues.
...
Release notes are subject to change until the actual release date. Note that WhiteSource reserves the right to postpone the release of this page for up to and including 48 hours after the version’s actual release.
This
...
page
...
| Info |
|---|
Release Notes & Announcements Subscription Service You can subscribe to the Customer Community Portal Announcements section in order to receive immediate email notifications on important announcements and product release notes. |
Version 22.4.2 (15-May-2022)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos
A configuration error occurs if the user fails to specify the hostType or matchHost parameters when setting hostRules for private registry.
...
WhiteSource for GitHub.com
...
Enabled a SAST scanning: Static Application Security Testing, solution for performing deep and extensive security analysis of application source code.
...
WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server
...
Scanning of .NET 6 projects is now supported.
...
WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server
...
Dev dependencies in the NPM and Yarn projects will not be scanned by default.
Resolved Issues
...
Product
...
Description
...
WhiteSource for Azure Repos
...
When onboarding a whitesource-config repo, an exception would occur when converting the Azure API response for getting repositories.
...
WhiteSource for Github.com
WhiteSource for Azure Repos
...
In some cases, a 500 internal server error would occur when sending update requests from the SCM scanner. A retry sends the update request successfully.
...
WhiteSource Advise for Visual Studio Code
...
In some cases, scanning of the project would lead to no findings and crashing of Visual Studio Code.
...
WhiteSource Advise for IntelliJ IDEA
WhiteSource Advise for PyCharm
WhiteSource Advise for WebStorm
...
Version 2022.1 of JetBrains IDEs was not supported by Advise plugin.
Version 22.4.1 (1-May-2022)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitLab
...
Added the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a WhiteSource IaC Check was introduced which runs in parallel to the existing WhiteSource Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues.
...
WhiteSource for Github.com
WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos
...
Added a new tag commitId to the WhiteSource application Projects that will contain the latest scanned commit ID.
...
WhiteSource for Azure Repos
...
The issueType setting was added to the issueSettings parameter of the WhiteSource configuration file. This setting defines the type of issues that will be enabled in the repository - one for each vulnerability or one for each dependency with all vulnerabilities grouped within.
...
WhiteSource for Github.com
WhiteSource for Azure Repos
...
Python version 3.8 is now supported when performing a scan with the SCM scanner. Note that Python version 3.7.12 is still the supported default version.
...
WhiteSource for Github.com
WhiteSource for Azure Repos
...
The scanning of Dotnet 6 projects is now supported.
...
WhiteSource for Github.com
WhiteSource for Azure Repos
...
Dev dependencies in the NPM and Yarn projects will not be scanned by default.
...
WhiteSource for Github.com
WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos
...
Enabled SmartFix for Java projects.
Version 22.3.3 (17-April-2022)
New Features and Updates
...
Product
...
Description
...
WhiteSource for Bitbucket Server
...
Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (JavaScript only).
NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period.
...
WhiteSource for GitHub.com
WhiteSource for GitHub Enterprise
...
is
...
WhiteSource for GitLab
...
The issueType setting was added to the issueSettings parameter of the WhiteSource configuration file. This setting defines the type of issues that will be enabled in the repository - one for each vulnerability or one for each dependency with all vulnerabilities grouped within.
...
WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server
...
Python versions 3.8 and 3.9 are now supported when performing a scan with the SCM scanner.
Version 22.3.2 (3-April-2022)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitHub.com
WhiteSource for Azure Repos
...
Python version 3.9 is now supported when performing a scan with the SCM scanner.
...
WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos
...
It is now possible to define a scope for migration to the Global Configuration - for all organizations or for all repositories of a specific organization.
...
WhiteSource for GitLab
...
Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependencies (JavaScript only).
NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period.
...
WhiteSource for Azure Repos
...
Work Items will now be created and updated for all of the Processes: Basic, Agile, Scrum, and CMMI. Previously, only Basic was supported.
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
...
Issues would not be created in the Issue Repo when the Issues tab was not enabled in the origin repo.
...
WhiteSource for Bitbucket Server and Data Center
...
Improved exception handling and logging when handling PR Webhooks.
Version 22.3.1 (20-March-2022)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos
A new parameter overrideConfigAllowList was added to the repo-config.json file. This parameter regulates the ability of repositories that inherit their configuration from the whitesource-config repository to override the parameters locally.
...
WhiteSource for GitHub Enterprise
...
Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependencies (JavaScript only).
NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period.
...
WhiteSource for GitHub.com
...
Repeated restarts no longer occur when performing a scan with the SCM scanner.
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub.com
...
In some cases, when there were many Diff check runs of the Controller, the result would be a null link to the base branch run.
...
WhiteSource for GitHub.com
...
During a WhiteSource IaC Check, the Controller would fail to parse the resulting json file due to an inconsistent attribute type.
Version 22.2.2.1 (9-March-2022)
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
WhiteSource for Bitbucket Server
WhiteSource for GitLab
...
The Python resolution was fixed by reducing the total number of duplicate dependencies.
Version 22.2.2 (6-March-2022)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
...
A scan is now triggered when changes are made to the gradle.properties or gradle.lockfile file.
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Azure Repos
A new parameter customLabels was added to issueSettings in the .whitesource configuration file, enabling you to define labels that will be added to the issues created following a scan.
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
...
A new parameter assignees was added to issueSettings in the .whitesource configuration file that specifies the users that will be assigned to issues that are created following a scan.
...
WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server
The new caching mechanism is now enabled by default.
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos
The scanning of NPM projects with lockfileVersion: 2 is supported.
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos
Ruby bundler projects are now supported by Remediate.
Version 22.2.2 (6-March-2022)
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos
...
Ignored vulnerability alerts in the WhiteSource application dashboard would appear in diff check runs of the Controller.
...
WhiteSource for GitLab
...
When onboarding a whitesource-config repo, if the repo had the same name as its subgroup, the onboarding would not complete.
...
WhiteSource for GitHub Enterprise
...
The scanning would fail when the commit tag was equal to the default branch name.
Version 22.2.1 (20-February-2022)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos
...
A scan will now be triggered when changes are made to a pipfile.lock file.
WhiteSource for GitHub.com
...
Enabled defining a caching mechanism by setting the WS_CACHE_TYPE environmental variable in the Controller. You can choose local Redis caching instead of the previous default memory-based caching.
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos
...
Ignored vulnerability alerts in the WhiteSource application dashboard would appear in diff check runs of the Controller.
...
WhiteSource for GitLab
...
When onboarding a whitesource-config repo, if the repo had the same name as its subgroup, the onboarding would not complete.
...
WhiteSource for GitHub Enterprise
...
The scanning would fail when the commit tag was equal to the default branch name.
Version 22.1.2 (6-February-2022)
...
Product
...
Description
...
WhiteSource for GitHub.com
...
The issueType setting was added to the issueSettings parameter of the WhiteSource configuration file. This setting defines the type of issues that will be enabled in the repository - one for each vulnerability or one for each dependency with all vulnerabilities grouped within.
...
WhiteSource for GitHub.com
WhiteSource for Azure Repos
...
The scanning of projects using Java 11 is now supported.
...
WhiteSource for Bitbucket Server
WhiteSource for GitLab
...
The scanning of private Ruby registries is now supported.
Version 22.1.1.2 (24-January-2022)
...
Product
...
Description
...
WhiteSource for GitHub Enterprise,
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitLab,
...
Version 22.1.1 (23-January-2022)
New Features and Updates
...
Product
...
Description
...
WhiteSource for Azure Repos
...
Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (JavaScript only).
...
WhiteSource for GitHub.com
WhiteSource for Azure Repos
...
WhiteSource for GitHub.com
WhiteSource for Azure Repos
...
The scanning of private Ruby registries is now supported.
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub.com
...
After running a scan, the Controller container would find issues that were previously closed with an additional “autoclosed” suffix appended to their title.
Version 21.12.2 (9-January-2022)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
...
For Go, Python or Maven projects, when the manifest file (go.mod, Pipfile or pom.xml) is changed, the scan will be triggered only if the dependencies section is changed.
...
WhiteSource for GitHub.com,
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab,
WhiteSource for Azure Repos
...
Check runs can be disabled from ever being created during the scan.
...
WhiteSource for GitHub.com,
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab,
WhiteSource for Azure Repos
...
A new parameter workflowRules was added to remediateSettings in the .whitesource file that specifies the rules which regulate when to open remediation pull requests.
...
WhiteSource Advise for VS Code
...
Yarn 1, 2, and 3 are supported.
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
...
When onboarding a whitesource-config repo, if the repo is empty, the onboarding would not complete.
Version 21.12.1.1 (29-December-2021)
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
...
Some newly onboarded repositories did not inherit the configuration from the whitesource-config organization.
Version 21.12.1 (26-December-2021)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitHub.com
WhiteSource for Azure Repos
...
The scanning of private Yarn 2 and Yarn 3 registries is now supported.
...
WhiteSource for GitHub Enterprise
WhiteSource for Bitbucket Server
WhiteSource for GitLab
The scanning of private Nuget registries is now supported.
...
WhiteSource for GitHub Enterprise
WhiteSource for Bitbucket Server
WhiteSource for GitLab
Gradle 7 projects are now supported.
...
WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
...
For NPM projects, when package.json is changed, the scan will be triggered only if the dependencies section is changed.
...
WhiteSource Advise for WebStorm
WhiteSource for GitHub.com
...
Version 21.11.2 (12-December-2021)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
WhiteSource for Bitbucket Server
WhiteSource for Bitbucket Data Center
WhiteSource for GitLab
...
The scanning of private Go and Yarn (Yarn 1) registries is now supported.
...
WhiteSource for GitHub Enterprise
WhiteSource for Bitbucket Server
WhiteSource for Bitbucket Data Center
WhiteSource for GitLab
...
Yarn 2 and Yarn 3 projects are now supported.
...
WhiteSource for GitHub Enterprise
...
The scanning of private Gradle registries is now supported.
...
WhiteSource for GitHub Enterprise
...
The scanning of private Python PIP registries is now supported.
...
WhiteSource for GitHub.com
WhiteSource for Azure Repos
The scanning of private Nuget registries is now supported.
...
WhiteSource for GitHub.com
WhiteSource for Azure Repos
...
Gradle 7 projects are now supported.
...
WhiteSource for GitHub.com
WhiteSource for GitHub Enterprise
WhiteSource for Azure Repos
...
Check run will ignore IaC issues that were manually closed by the user.
...
WhiteSource Advise for Visual Studio Code
...
Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (NPM only).
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub.com
WhiteSource for GitHub Enterprise
...
Sometimes, less dependencies were found in the Maven projects than expected.
...
WhiteSource for GitHub Enterprise
...
Some new projects and products in the WhiteSource application were created with the "_1" prefix even if no duplicates were present.
Version 21.11.1 (28-November-2021)
New Features and Updates
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA
WhiteSource Advise for PyCharm
WhiteSource Advise for WebStorm
Additional user notifications are provided regarding vulnerability alerts when in Focus mode, for the IntelliJ, PyCharm, and WebStorm integrations.
...
WhiteSource for GitHub.com
...
The scanning of Yarn 2 and Yarn 3 projects is now supported.
...
WhiteSource for GitHub.com
...
The scanning of private Go and Yarn (Yarn 1) registries is now supported.
...
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Bitbucket Data Center
...
The scanning of private Gradle and Python PIP registries is now supported.
...
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Bitbucket Data Center
...
Two tags will be added to the project in the WhiteSource application when the respective repository is scanned for the first time:
repoFullName: Contains the repo context in the following mapping:
{ownerName}/{repoName}@{branchName}repoId: Contains the unique SCM repository ID.
...
WhiteSource for Azure Repos
...
Launch of the WhiteSource for Azure Repos: open beta stage.
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitLab
...
Fixed automatic naming for products in the WhiteSource application connected to subgroups in the repositories.
...
WhiteSource Advise for Visual Studio
...
Visual Studio would sometimes crash when using WhiteSource Advise 21.10.1.
Version 21.10.2 (14-November-2021)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitHub.com
...
The scanning of private Gradle registries is now supported.
...
WhiteSource for GitHub.com
...
The scanning of private Python PIP registries are now supported.
...
WhiteSource Advise for Visual Studio
...
Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured scanned base branch.
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub.com,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
The WhiteSource application would delete issue labels that were manually created by users.
...
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab,
WhiteSource for Bitbucket Server
...
Enabled cloning project files through Git shell commands.
...
WhiteSource Advise for Visual Studio
...
The Diff operation is now enabled by default when the WhiteSource Advise plugin is active.
...
WhiteSource Advise for Visual Studio Code
...
Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured scanned base branch.
Version 21.9.1.1 (25-October-2021)
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub.com
...
Scans found zero non-private dependencies when the Go project included any private dependencies
...
New Features and Updates
...
Product
...
Description
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Support for NPM private registries by providing an asymmetric encryption solution to support scoped secrets/credentials in Repository Integrations.
...
WhiteSource for GitHub.com,
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Support for Maven private registries.
...
WhiteSource for GitHub Enterprise
...
Expanded support for WhiteSource IaC Check. Configuration files Terraform, CloudFormation, Kubernetes, ARM Templates, Serverless, and Helm, are now supported.
Resolved Issues
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA
WhiteSource Advise for PyCharm
WhiteSource Advise for WebStorm
...
After installing the WhiteSource plugin, the exception “Do not request resource from classloader using path with leading slash“ would occur on Windows, Mac or Linux with the IntelliJ, PyCharm, and WebStorm integrations.
...
All Repo Integrations
...
Building the Repo integration scanner Dockerfile would fail when trying to install Cocoapods for managing the library dependencies.
Version 21.8.2 (3-October-2021)
New Features and Updates
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA
WhiteSource Advise for PyCharm
WhiteSource Advise for WebStorm
WhiteSource Advise for Visual Studio Code
The Focus Mode allows developers to see only new vulnerability alerts in their feature branches compared to a predefined base branch.
This feature is now enabled by default.
...
WhiteSource Advise for PyCharm
WhiteSource Advise for WebStorm
...
Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured base branch.
...
WhiteSource for GitHub.com
...
(BETA) Support for NPM private registries by providing an asymmetric encryption solution to support scoped secrets/credentials Repository Integrations.
...
WhiteSource for GitHub.com
...
Expanded support for WhiteSource IaC Check: Configuration files Terraform, CloudFormation, Kubernetes, ARM Templates, Serverless, and Helm, are now supported.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Regular account repo-settings.json or global-settings.json files are now automatically populated with the settings from the whitesource-config account’s global-settings.json file.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Added a feature to save scan logs to a zip file after manual scanning from the Global Repo.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Python Conda projects are now supported in all Repo integrations.
Version 21.8.1 (29-August-2021)
New Features and Updates
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA
...
An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IntelliJ. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured base branch.
...
WhiteSource for Bitbucket Server
...
Added parse validation and error notification via issues and commit status for configuration files.
Added inheritance configuration validation and error notification via issues and commit status.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Regular account repo-settings.json or global-settings.json files can now inherit settings from the “whitesource-config” account’s global-settings.json file.
Version 21.7.2 (15-August-2021)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitLab
...
Added parse validation and error notification via issues and commit status for configuration files ( .whitesource/repo-config.json/global-config.json).
Added inheritance configuration validation and error notification via issues and commit status.
...
WhiteSource for GitHub.com
WhiteSource for GitHub Enterprise
...
Users can now manually trigger scans for specific repositories.
...
WhiteSource Advise for Visual Studio
...
WhiteSource added developer focus mode for Visual Studio.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Added Remediate Worker Horizontal Scalability. This feature is used to scale Remediate to allow it to utilize additional containers, in order to process multiple repositories concurrently.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.7.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.7.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.7.1 (1-August-2021)
New Features and Updates
...
Product
...
Description
...
WhiteSource for GitHub.com
WhiteSource for GitHub Enterprise
...
Added inheritence configuration validation and error notification via issues and check runs.
...
WhiteSource Advise for WebStorm
...
WhiteSource added developer focus mode for WebStorm.
...
WhiteSource Advise for Visual Studio Code
...
WhiteSource added developer focus mode for Visual Studio Code.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.6.3 of the Unified Agent. The GitHub.com integration in this version supports version 21.7.1.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.6.3 (18-July-2021)
New Features and Updates
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA
...
WhiteSource added developer focus mode for IntelliJ IDEA
Added aggregated fix suggestion for direct dependencies
Added support for custom build.gradle filenames
...
WhiteSource Advise for PyCharm
...
Added aggregated fix suggestion for direct dependencies
...
WhiteSource for GitHub.com
WhiteSource for GitHub Enterprise
...
Added parse validation and error notification via issues and check runs for configuration files ( .whitesource/repo-config.json/global-config.json)
...
WhiteSource for GitHub Enterprise
...
Added a new parameter, branchProtectionRule, that automatically creates branch protection rules for newly onboarded repositories
Provided a way to globally ignore all user accounts when installing the GitHub application. If a user account does install the application, it will automatically be uninstalled. There is a way to include specific user accounts even if they are globally ignored by using the exact names attribute.
...
WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server
...
Added environment variables to improve UA log consumption inside the scanner container.
Resolved Issues
...
Product
...
Description
...
All Repo Integrations
...
In cases of update requests that originated from the SCM scanner, the plugin request report in the app displayed the org's default approver instead of the service user that created the scan.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.6.2.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.6.3 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.6.2 (4-July-2021)
...
Product
...
Description
...
WhiteSource for GitHub.com
WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server
...
Beginning in this version, the "whitesource\remediate" branches will be scanned.
An indication has been added on inventory count in Check Run when the scan completes.
...
WhiteSource Advise for PyCharm
...
WhiteSource now supports diff functionality for PyCharm.
WhiteSource added developer focus mode for PyCharm.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.5.2 of the Unified Agent. The http://GitHub.com integration in this version supports version 21.6.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.6.1 (20-June-2021)
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.5.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.6.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.5.2 (6-June-2021)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com
...
In cases where the integration failed to retrieve either a .whitesource configuration file from a repository, or any of the WhiteSource configuration files included inside the Global Configuration repository, a WhiteSource Configuration check run with a failed status will be created.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
The wss-app Dockerfile now supports both Ubuntu 18.04 and Ubuntu 20.04-compatible images.
As part of the existing startup check mechanism inside the app container, a new validation was added which ensures connectivity between the Remediate container and the wss-app container.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.5.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.5.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.5.1 (23-May-2021)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for IntelliJ,
WhiteSource Advise for WebStorm
...
Added support for IDE version 2021.1.
...
WhiteSource Advise for IntelliJ,
WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm
...
Added the ability to copy the content provided inside the Brief Vulnerability Information popup for each detected vulnerability.
Improved text color for highlighting vulnerable components.
...
WhiteSource Advise for Eclipse,
WhiteSource Advise for Visual Studio
...
Added a Clear Results button to the WhiteSource tab, providing users the ability to clear all currently displayed data (from all projects).
...
WhiteSource Advise for Eclipse
...
Improved the display of the hierarchy tree for transitive vulnerabilities.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Added direct TLS 1.2 support inside the WhiteSource "app" container in order to enable SSL for webhooks flowing between the SCM Server and the WhiteSource "app" container. This can be enabled by using newly-introduced environment variables.
The Remediate Dockerfile now supports both Ubuntu 18.04 and Ubuntu 20.04-compatible images.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.4.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.5.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com.
WhiteSource for GitLab
...
When the global-config.json (as part of Global Configuration) contained a noWhitesourceFile parameter, repositories with an unmerged (open/closed) onboarding PR were not scanned.
...
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com
...
In rare cases, the WhiteSource IaC Check returned a Success status instead of a failed status.
...
WhiteSource for GitLab
...
In specific cases, in the Remediate container logs, an SSH public key was leaked.
...
WhiteSource Advise for Eclipse
...
In some cases, when scanning a Java project, a null pointer exception was returned.
In some cases, when scanning a Java project, an Exception while Http call: Invalid request parameters was returned.
Version 21.4.2 (9-May-2021)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub.com
...
Added support for .NET core 5.0 built projects.
...
WhiteSource for GitHub Enterprise
...
WhiteSource has launched the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a WhiteSource IaC Check was introduced which runs in parallel to the existing WhiteSource Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues.
As part of the existing startup check mechanism inside the app container, a new validation was added which ensures that the integrated GitHub App has all the required permissions and event subscriptions in place.
...
WhiteSource Advise for PyCharm,
WhiteSource Advise for Visual Studio
...
Beginning in this version, you can configure the plugin to also alert on dev dependencies. This changes the default scanning behavior of WhiteSource Advise for Visual Studio (before version 21.4.2, alerts for dev dependencies were displayed).
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
Added support for the dependencies.scala dependency file
Beginning in this version, it is possible to rename the .whitesource configuration file via the global configuration. NOTE: This is currently only supported for newly integrated repositories (not existing repositories that already contain a .whitesource file).
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.4.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.4.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub.com
...
Repositories built with Paket could not be scanned successfully.
...
WhiteSource for GitHub.com
...
Elixir-based repositories could not be scanned successfully.
...
WhiteSource Advise for IntelliJ
...
In specific scenarios where a dependency did not contain an explicit version, no vulnerability alerts were raised for it.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com.
WhiteSource for GitLab
...
Modifying the minSeverityLevel parameter value inside the .whitesource configuration file did not lead to the automatic closing of existing non-relevant issues.
...
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com
...
In specific scenarios, a Bad Credentials error was displayed when migrating specific repositories to the global configuration via the migration feature.
Version 21.4.1 (25-April-2021)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub.com
...
WhiteSource has launched the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a WhiteSource IaC Check was introduced which runs in parallel to the existing WhiteSource Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Previously, the only way to provide the integration's activation key to the Remediate container was by using a prop.json file.
Beginning in this version, the activation key is also supported as an environment variable called W4D_BOLT_OP_ACTIVATION_KEY (as an alternative to providing it as a prop.json file).
...
WhiteSource Advise for IntelliJ,
WhiteSource Advise for WebStorm,
WhiteSource Advise for PyCharm,
WhiteSource Advise for Eclipse,
WhiteSource Advise for Visual Studio,
WhiteSource Advise for VS Code
...
Beginning in this version, you can configure the plugin/extension to alert only on detected vulnerabilities satisfying a given minimum severity level (as opposed to always showing Low, Medium and High severity vulnerabilities).
...
WhiteSource Advise for WebStorm
...
Beginning in this version, WhiteSource Advise will not scan the node_modules folder of a selected project.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.3.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.4.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource Advise for VS Code
...
In specific scenarios, when installing the extension on a WhiteSource Dedicated Instance-related environment, scanning resulted in connection issues.
Version 21.3.2 (11-April-2021)
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.3.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.3.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource Advise for IntelliJ,
WhiteSource Advise for WebStorm,
WhiteSource Advise for PyCharm,
...
Better handling when the developers' environment is disconnected from the internet or has no access to the WhiteSource servers.
...
WhiteSource Advise for Visual Studio
...
In some cases, scanning a C# project resulted in an exception, and in addition, no vulnerabilities were displayed.
...
WhiteSource for GitHub.com
...
When adding an empty whitesource-config repository from a default "main" branch to the integration, it was not initialized with WhiteSource configuration files.
...
WhiteSource for GitLab
...
When using the security dashboard, issues were published but the commit comment was not updated with scan results and remained with a "scan in progress" indication.
Version 21.3.1 (4-April-2021)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA,
WhiteSource Advise for WebStorm
...
An improved notification message is now displayed when no vulnerabilities are found in a scanned project.
...
WhiteSource Advise for IntelliJ IDEA
...
Added support for the "apply from" script plugin in Gradle projects, which can reference a dependency file contained within the scanned project or outside of it.
NOTE: Remote script location is not supported.
...
WhiteSource Advise for Eclipse,
WhiteSource Advise for Visual Studio
...
Beginning in this version, you can configure the plugin to alert only on direct dependency vulnerabilities (as opposed to both direct and transitive vulnerabilities).
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab,
WhiteSource for GitHub.com
...
For NPM projects only - Added support for remediation of transitive npm packages when a package-lock.json is present.
NOTE: This functionality is disabled by default.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab,
WhiteSource for GitHub.com
...
Beginning in this version, a new WhiteSource Security/License Check summary will be displayed in case a scan results in an empty inventory (as opposed to when one or more Security/License issues are detected).
...
WhiteSource Remediate
...
Remediate sometimes, and Renovate often, needs to query github.com for tags and releases (e.g. for release notes fetching).
Customers using Renovate especially will get rate limited by github.com quickly if they don't provide authentication with every request. Guidelines on how to do that are provided here.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.2.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.3.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource Advise for IntelliJ
...
When scanning a large Gradle project (~20 modules), the plugin would run for an excessive amount of time, which resulted in the IDE being frozen.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Improved rotation of the application container logs by modifying the maximum log size from 10GB to 2GB, and the maximum history days from 600 to 60 days.
Version 21.2.2 (14-March-2021)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA,
WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm
...
Beginning in this version, you can configure WhiteSource settings (Settings > Tools > WhiteSource) either on a global (affecting all projects) or project level (affecting a single project only).
...
WhiteSource Advise for VS Code,
WhiteSource Advise for GitHub Codespaces
...
Beginning in this version, you can configure the plugin to alert only on direct dependency vulnerabilities (as opposed to both direct and transitive vulnerabilities).
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Beginning in this version, to improve performance, the integration will only clone the specific repository branch instead of cloning all branches before performing a scan.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.2.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.2.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.2.1 (28-February-2021)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA,
WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm
...
Beginning in this version, you can configure the plugin to alert only on direct dependency vulnerabilities (as opposed to both direct and transitive vulnerabilities).
Plugin activation notifications are no longer displayed after restarting the IDE.
...
WhiteSource Advise for WebStorm
...
Scanning a project that does not contain any package-lock.json file now results in a notification asking the user to ensure the project is built before being scanned with WhiteSource Advise.
...
WhiteSource Advise for PyCharm
...
An improved notification message is now displayed when no vulnerabilities are found in the project.
...
WhiteSource for GitHub.com
...
Beginning in this version, to improve performance, the integration will only clone the specific repository branch instead of cloning all branches before performing a scan.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.1.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.2.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
...
In a forked repository with branch protection rules in place, when the last commit in a PR did not trigger a scan (not a valid push), then a neutral check run was created. In such a case, even if new vulnerabilities were introduced as part of the PR, merging the PR was still possible.
...
WhiteSource for GitHub.com
...
In cases where the WhiteSource License Check was enabled, license policy violation data for libraries with an unknown license (Requires Review license type) were not surfaced in the integration.
Version 21.1.2 (14-February-2021)
New Features & Updates
...
Product
...
Description
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
For improved visibility and troubleshooting, a startup check mechanism was added in the app container, which upon startup, provides a clear indication of the connectivity status between itself and the remediate container, the repository platform (SCM) API, and the WhiteSource application server. The startup check also validates the activation key provided in the initial configuration.
See here for more information.
...
WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm
...
Added support for PyCharm 2020.3
Added support for WebStorm 2020.3
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.1.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.1.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub.com,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
When two or more valid push events occurred a few seconds apart from each other within the same repository, new issues (which didn’t exist before) were sometimes created twice. NOTE: In this case, the duplicate issue(s) will be auto-closed.
In version 21.1.1 - in some edge cases, issues were not being created due to an internal exception.
...
WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm
...
When multiple dependency paths were detected as part of a transitive dependency vulnerability, the indication of the number of paths detected inside the Brief Vulnerability Information popup was missing.
Version 21.1.1 (31-January-2021)
New Features & Updates
...
Product
...
Description
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
Added License Policy Violations support for non-base branches, therefore WhiteSource now provides full support for License Policy Violations:
Ability to enable/disable a WhiteSource License Check (which runs in parallel to the existing WhiteSource Security Check).
Ability to enable/disable the display of License Policy Violation Issues.
Ability to define whether the WhiteSource License Check should always result in a success conclusion status.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
With the release of version 20.12.3 of the Unified Agent, the default dependency resolution for npm projects has been optimized by relying on the package-lock.json file (the npm.resolveLockFile Unified Agent configuration parameter default value is now true).
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.12.3 of the Unified Agent. The GitHub.com integration in this version supports version 21.1.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource Advise for PyCharm
...
When vulnerabilities with different severities (high/medium/low) were found on a project, the Problems Tool Window displayed all issues as errors (instead of displaying high severity vulnerabilities as errors, and medium/low severity vulnerabilities as warnings).
In some cases, dependencies declared inside a requirements.txt file were incorrectly identified when declared in a case-sensitive way.
...
WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm
...
In some cases, a wrong transitive vulnerability tree was displayed for vulnerabilities detected under a direct dependency.
Version 20.12.3 (17-January-2021)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub.com
...
With the release of version 20.12.3 of the Unified Agent, the default dependency resolution for npm projects has been optimized by relying on the package-lock.json file (the npm.resolveLockFile Unified Agent configuration parameter default value is now true).
...
WhiteSource Advise for Eclipse,
WhiteSource Advise for IntelliJ IDEA,
WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm,
WhiteSource Advise for VS Code,
WhiteSource Advise for Visual Studio
...
Added enhanced WhiteSource Advise license validation. WhiteSource Advise will periodically validate the activation credentials and delete its data in case the license key has expired.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.12.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.3 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA,
WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm
...
In some cases, when the Remember license key option was enabled during activation, the activation credentials would not be saved upon restarting the IDE.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
A .whitesource file pointing to a custom whitesource-config repo which is not the default one, led to the global repo configuration (global-config.json) being taken from the default whitesource-config repo location.
Version 20.12.2 (3-January-2021)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm
...
WhiteSource has launched WhiteSource Advise for PyCharm and WhiteSource Advise for WebStorm plugins, empowering JetBrains developers with important, valuable information on security vulnerabilities concerning open-source components employed in their development projects.
...
WhiteSource Advise for IntelliJ IDEA
...
Added support for IntelliJ IDEA 2020.2
Added support for IntelliJ IDEA 2020.3
Added support for displaying scan results in the Problems Tool window (in addition to the Inspection Results window).
NOTE: This feature is available in version 2020.2 and above of the IDE.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center
...
From this version onwards, the Administration > WhiteSource Integration page enables the Bitbucket administrator to select Projects to integrate with WhiteSource, instead of Repositories.
Once a project is selected by the Bitbucket administrator, the project administrator will be able to access the WhiteSource Integration page from the Project > Project settings page and decide which repositories within that project to integrate with WhiteSource.
NOTE: Customers upgrading from an older version of the integration will be automatically migrated to the new WhiteSource Integration model. This means that for each already integrated repository, the repository will be automatically selected inside the Project > Project settings page.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.12.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA
...
Scanning a Gradle project following file changes would sometimes not show markers for detected vulnerabilities.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center
...
In an integrated repository page, the Critical severity metric inside the WhiteSource Security widget was modified to High in order to align with the WhiteSource UI severity metrics.
Version 20.12.1 (20-December-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com
...
Added ability to define a whitelist of GitHub Organizations and/or GitHub repository owners who can integrate with the WhiteSource integration.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
Global Repo Configuration:
Added the ability to migrate existing repositories to the Global Configuration for a specified list of repository owners only.
Added the ability to control whether a migration will trigger a WhiteSource scan.
Added a new migration mode, fixInheritance to update the inheritedFrom parameter values in local .whitesource configuration files to the correct whitesource-config Global Configuration repository.
...
WhiteSource Advise for Visual Studio Code
...
Added support for macOS.
Added a configuration setting allowing to enable/disable scanning of devDependencies. The default is "disabled" mode.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.11.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.11.1 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA
...
The No proxy HTTP setting was ignored by the plugin.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
The scanner container did not clean up between container restarts, resulting in a potentially large growth in the container’s disk size.
Version 20.11.2 (6-December-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for Eclipse
...
Added support for Eclipse 2020.3
Added support for Eclipse 2020.9
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
(BETA) Added License Policy Violations support:
Ability to enable/disable a WhiteSource License Check (which runs in parallel to the existing WhiteSource Security Check).
Ability to enable/disable the display of License Policy Violation Issues.
Ability to define whether the WhiteSource License Check should always result in a success conclusion status.
NOTE: This feature currently supports only base branches (using the baseBranches parameter). A License Check Run (GitHub)/Commit Status (GitLab)/ Build Status (Bitbucket) will not be created on non-base branches when using displayMode=diff as part of the configuration in the .whitesource file.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.11.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.11.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.11.1 of the Bitbucket Add-on.
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
...
Renovate config presets were not being resolved.
...
WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center
...
In the WhiteSource Security Report (Code Insights), the table listing each vulnerability was not displayed correctly.
Version 20.11.1 (22-November-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for IntelliJ,
WhiteSource Advise for Eclipse,
WhiteSource Advise for VS Code,
WhiteSource Advise for Visual Studio
...
Added the ability for WhiteSource administrators to enforce the use of personal (individually-used) license keys to activate WhiteSource Advise. For more information, see Managing User Access for WhiteSource Advise.
NOTE: This feature is only available when using version 20.11.1 or later of WhiteSource Advise.
...
WhiteSource Advise for IntelliJ IDEA
...
Added support for IntelliJ IDEA 2020.1
...
WhiteSource for Bitbucket Server,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
Added a packrat.lock file to the list of Supported Package Manager Configuration Files which triggers a valid WhiteSource scan.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.10.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.11.1 of the Unified Agent.
Resolved Issues
...
Product
...
Description
...
WhiteSource Advise for IntelliJ,
WhiteSource Advise for Eclipse,
WhiteSource Advise for VS Code
...
When CVSS3 data was available for a vulnerability, WhiteSource Advise displayed CVSS2 severity instead of CVSS3 severity information.
...
WhiteSource Advise for IntelliJ
...
When no WhiteSource suggested fix was available for a vulnerability, WhiteSource Advise skipped the display of such vulnerability.
Version 20.10.2.1 (8-November-2020)
Resolved Issues
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
...
In some cases, two scans were triggered for the same commit. This led the issue publishing process to run twice at the exact same time, causing duplicate issues to be created.
Version 20.10.1.1 (25-October-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for IntelliJ IDEA
...
Added support for Gradle
...
WhiteSource for Bitbucket Server,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
The WhiteSource Security Check now displays a summary of the number of total remaining vulnerabilities present on the base branch. NOTE: Both the baseBranches and displayMode configuration parameters need to be used, and the displayMode parameter needs to be set to diff.
...
WhiteSource for Bitbucket Server
...
In the WhiteSource Integration page:
When selecting repositories to integrate with WhiteSource, it is now possible to search for a particular repository name.
A Clear Selection button was added in order to clear selected repositories after having selected multiple repositories via the Selected repositories only option.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.9.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.10.1 of the Unified Agent.
Resolved Issues
...
Product
...
Description
...
WhiteSource for Bitbucket Server
...
The WhiteSource Add-on had a limitation where you could only integrate up to 1,000 repositories.
In the Global Repo Configuration, it was not possible to specify a Project Key when using the ignoredRepos parameter inside the global-config.json file.
...
WhiteSource for Bitbucket Server,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
Remediate - No fix Pull Request/Merge Request was generated for library yaml.v2-v2.2.2.
When Global Repo Configuration was enabled, in some cases, scans were not triggered after a valid push was performed.
Version 20.9.2 (11-October-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource for Bitbucket Server,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
Added a "WhiteSource Configuration Change" Check Run (GitHub.com/GitHub Enterprise)/Commit Status (GitLab)/ Build Status (Bitbucket Server) confirming that any changes made to a repository's .whitesource file are valid and available for its consumers.
Added a package-lock.json file to the list of Supported Package Manager Configuration Files which triggers a valid WhiteSource scan.
...
WhiteSource for GitHub.com
...
Support for a Check Run on a pull request generated from a forked repository.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.9.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.9.2 of the Unified Agent.
Version 20.9.1 (4-October-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource for Bitbucket Server,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
Global Repo Configuration: Ability to exclude specific repositories from the integration. A new parameter ignoredRepos was added to the global-config.json file.
The following features are supported only when using the baseBranches configuration:
When a scan is triggered, any existing Issue content will be updated if a change occurred (for example, when an additional base branch contains the same issue, or if the severity of a vulnerability was modified)
When a scan is triggered, if a previously auto-closed Issue has resurfaced inside a repository, WhiteSource will re-open the closed issue and add a comment to it to specify the reason for re-opening. NOTE: In WhiteSource for Bitbucket Server, a new Issue will be opened in such cases, and no comment will be added.
...
WhiteSource for Bitbucket Server,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab
...
Added a new parameter, controller.url, to the UI configuration tool for when configuring the deployment file (prop.json), which lets you modify the name of the App container (default is wss-ghe-app/wss-gls-app/wss-bb-app).
...
WhiteSource Advise for Visual Studio Code
...
Ability to perform an automatic scan after activating the extension or after changes are applied to any of your workspace folders (for example, a new folder is added, an existing project was re-built). A new parameter Enable Automatic Scanning in Workspace was added to the extension settings (enabled by default).
Added performance enhancements.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.8.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.9.1 of the Unified Agent.
Version 20.8.2.1 (13-September-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource for Bitbucket Server,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
Global Repo Configuration: When adding the whitesource-config repository to the integration, a README file is automatically generated with instructions on how to start.
When removing and then re-adding a repository to the integration, its associated WhiteSource Project will now be re-used instead of creating a new project with a numbered prefix. NOTE: Existing projects containing the numbered prefix will remain with the prefix. To remove this prefix, delete the relevant WhiteSource project and in the next valid push, a new project will be created with the correct naming convention.
The following features are supported only when using the baseBranches configuration:
WhiteSource Security Check summary: Added the ability to only show the diff of detected vulnerabilities between the current commit and its base branch commit, for non-base branches. A new configuration parameter displayMode was added for this purpose, and it contains two options ("baseline" and "diff"). Newly integrated repositories will automatically inherit the "diff" functionality. Refer to the relevant integration's ".whitesource File" section for more information.
Issues generated by the integration that are no longer part of the WhiteSource project inventory (due to alerts being ignored or libraries being removed) will be auto-closed by the integration upon the next valid push. NOTE: In WhiteSource for Bitbucket Server, such issues will be deleted (instead of closed).
The originating branch of a detected security vulnerability is now added to the content of an Issue (inside the Vulnerable Library) section.
...
WhiteSource Advise for Visual Studio Code
...
Added performance enhancements.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.8.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.8.2 of the Unified Agent.
Resolved Issues
WhiteSource Advise for Eclipse: Reinstallation of the WhiteSource Advise plugin caused multiple entries in the Builders view.
Version 20.8.1 (30-August-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for Visual Studio Code
...
WhiteSource has launched the WhiteSource for Visual Studio Code extension, empowering Visual Studio Code developers with important, valuable information on security vulnerabilities concerning open-source components employed in their development projects. For more information, see here.
...
WhiteSource for Bitbucket Server,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
Ability to display the WhiteSource project token inside the WhiteSource security check (as part of a Check Run for GitHub.com/GitHub Enterprise, Commit Status for GitLab, and Build Status for Bitbucket Server).
Added a WhiteSource security check confirming any change made to the Global Configuration Repository is valid and available for its consumers.
When migrating existing repositories to the Global Configuration, the WhiteSource security check provides real-time feedback about the migration status of each repository.
...
WhiteSource for GitHub Enterprise
...
Support for a Check Run on a pull request generated from a forked repository.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.3 of the Unified Agent. The GitHub.com integration in this version supports version 20.8.1 of the Unified Agent.
Resolved Issues
When a vulnerability affected multiple packages, only information on a single package was shown in the WhiteSource security check.
Global Configuration: Adding the migration.json file to a non-default branch generated a failed WhiteSource security check.
Version 20.7.3 (16-August-2020)
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.3 of the Unified Agent.
Resolved Issues
WhiteSource for GitHub.com, WhiteSource for GitHub Enterprise: Migrating specific repositories to the global configuration using the excludeRepos parameter led to incorrect results.
Version 20.7.2 (3-August-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for Eclipse, WhiteSource Advise for IntelliJ IDEA
...
Added minor enhancements.
...
WhiteSource for Bitbucket Server,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
(BETA) Ability to migrate existing repositories to inherit a global configuration.
After a vulnerable source library is introduced on an integrated repository, more details on the specific vulnerable source file(s) are now displayed both inside the generated issue as well as inside the WhiteSource Security Check (as part of a Check Run for GitHub.com/GitHub Enterprise, Commit Status for GitLab, and Build Status for Bitbucket Server).
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.2 of the Unified Agent.
Resolved Issues
WhiteSource for GitHub.com, WhiteSource for GitHub Enterprise: When the content of a "WhiteSource Security Check" exceeded GitHub's size limit for a Check Run, the check run content was not displayed.
WhiteSource for Bitbucket Server, WhiteSource for GitHub Enterprise, WhiteSource for GitHub.com, WhiteSource for GitLab: As part of the Global Repo Configuration, the whitesource-config repository had to be initialized with a README file in order for the global-config.json and repo-config.json files to be automatically generated by the integration.
Version 20.7.1.1 (23-July-2020)
Resolved Issues
All Repo Integrations: In some scenarios, the WhiteSource Security Check summary functionality led to a NullPointer exception where we could not identify the package dependency file path. This led to the Check Run/Commit Status/Build Status being in Pending status for 6 hours, after which a timeout mechanism marked it as Failed.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.1 of the Unified Agent.
Version 20.7.1 (20-July-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for Visual Studio
...
Added support for scanning non SDK-style projects (such as VSIX extensions) which generate an assets file.
Added performance enhancements.
...
WhiteSource for Bitbucket Server,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab
...
Added support for Poetry package manager.
(BETA) Ability to generate a global configuration, to be applied to all newly-selected repositories. This requires the creation of a new repository called whitesource-config which will contain the configuration file template. In addition, it is now possible to define and apply one of the following onboarding options for all your newly-selected repositories:
Create an onboarding PR/MR including the .whitesource configuration file with inherited configuration
A .whitesource configuration file with inherited configuration will immediately be pushed to the default branch of all integrated repositories without creating any onboarding PRs/MRs
Integrated repositories will be scanned without creating a .whitesource file or onboarding PR/MR
This version introduces the ability to specify multiple base branches. A new parameter baseBranches was added to the .whitesource configuration file for this purpose. Specifying one or more base branches in this parameter means that:
For each specified branch, scanning results will be sent to a new WhiteSource Project containing the branch name as a suffix.
An Issue will only be created for the specified branch names.
For existing integrated repositories which do not contain the baseBranches parameter, Issues will be generated for all branches.
After a valid push is performed on an integrated repository, more information such as a dependency hierarchy and a suggested fix is now displayed inside the WhiteSource Security Check (as part of a Check Run for GitHub.com/GitHub Enterprise, Commit Status for GitLab, and Build Status for Bitbucket Server).
...
WhiteSource for Bitbucket Server
...
Users with Write (in addition to Admin) permissions on an integrated repository can now see the WhiteSource Integration tab inside the Bitbucket Server instance.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.1 of the Unified Agent.
Version 20.6.2.2 (7-July-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource Advise for Visual Studio
...
WhiteSource has launched the WhiteSource for Visual Studio extension, giving Visual Studio developers visibility and security alerts on problematic open source components while continuing to develop within their own environment. For more information, see here.
...
WhiteSource for Bitbucket Server, WhiteSource for GitHub Enterprise, and WhiteSource for GitLab
...
This version introduces the ability to deploy the integration using Helm Charts. A wss-deployment folder was added to the integration packaging containing the relevant Helm Charts configuration template.
...
WhiteSource for Bitbucket Server, WhiteSource for GitHub Enterprise, WhiteSource for GitHub.com, and WhiteSource for GitLab
...
This version introduces the creation of a Service User in the WhiteSource Application following integration set-up. In older versions of the integrations, a new user key was added to the user who performed the integration via the Integrate tab in the WhiteSource Application.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.6.2 of the Unified Agent.
Resolved Issues
WhiteSource for Bitbucket Server: When uninstalling the add-on, the activation key and list of integrated repositories were not cleared.
Version 20.6.1.1 (23-June-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource for Bitbucket Server, WhiteSource for GitHub Enterprise, and WhiteSource for GitLab
...
Ability to define a Proxy configuration using environment variables in WhiteSource Remediate. See here for more information.
...
WhiteSource for Bitbucket Server
...
When removing a repository from the WhiteSource plugin, any issues previously created in that repository will be removed.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.5.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.6.1 of the Unified Agent.
Version 20.5.2.1 (10-June-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise, and WhiteSource for GitLab
...
This version introduces the ability to enable WhiteSource Renovate capabilities from within WhiteSource Remediate.
This version introduces the ability to disable the creation of GitHub/GitLab issues while enabling WhiteSource Remediate to generate fix PRs/MRs.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.5.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.5.2 of the Unified Agent.
Version 20.5.1.3 (03-June-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource for Bitbucket Server, WhiteSource for GitHub Enterprise, and WhiteSource for GitLab
...
This version introduces the ability to provide a custom .whitesource configuration file as part of the app container, in order to apply it globally to all of your organization's repositories.
Doing so will apply the file to all onboarding PRs/MRs for newly selected repos.This version introduces the ability to globally disable Issues creation across all of your organization's repositories. A new optional parameter named bolt4scm.create.issues was added for this purpose to the UI configuration tool (prop.json) in a new "Issues" section.
This version introduces the ability to disable check runs (GitHub Enterprise), build statuses (Bitbucket Server), or commit statuses (GitLab) globally across all of your organization's repositories. A new optional parameter named bolt4scm.create.check.runs was added for this purpose to the UI configuration tool (prop.json) in a new "Issues" section.
Root/privileged permissions have been removed from the 'app' and 'scanner' containers.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.5.1 of the Unified Agent.
Resolved Issues
WhiteSource for GitHub Enterprise: When running the wss-ghe-app container, a FileNotFoundException error message appeared in the logs.
Version 20.4.2.2 (17-May-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise
...
From this version onward, the Remediate database image and container (remediate-db) will no longer be required as part of the integration. Instead, Remediate will operate in-memory.
...
WhiteSource for Bitbucket Server, WhiteSource for GitHub Enterprise, and WhiteSource for GitLab
...
Support for Gradle Kotlin projects
Support for Gradle in WhiteSource Remediate
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.4.2.2 of the Unified Agent.
Resolved Issues
WhiteSource for GitHub Enterprise: When performing a scan, the local Maven registry directive was ignored.
Version 20.3.1 (29-March-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub.com
...
Support for Gradle Kotlin projects
NOTE: The GitHub.com integration in this version supports version 20.3.1 of the Unified Agent.
Version 20.2.2 (15-March-2020)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub.com
...
Support for Gradle in WhiteSource Remediate
...
WhiteSource for Bitbucket Server
...
From this version onward, the Remediate database image and container (remediate-db) will no longer be required as part of the integration. Instead, Remediate will operate in-memory.
Improved usability and enhanced control over the WhiteSource scanning. An onboarding Pull Request is now generated on each selected repository upon the WhiteSource add-on configuration. A .whitesource configuration file will be part of the PR. WhiteSource will only start scanning the repository once the PR is merged.
Using the new projectToken configuration parameter in the .whitesource configuration file, it is now possible to map a Bitbucket repository to an existing WhiteSource project. This provides added flexibility in terms of organizing projects in WhiteSource originating from various integrations.
The .whitesource configuration file now includes a parameter configMode, which lets you use an existing Unified Agent configuration file. This can be done by providing either a local Unified Agent configuration file, or fetching the config file from an external location using the configExternalURL parameter.
This version introduces the ability to generate fix PRs on-demand without defining workflow rules in advance.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab Server integrations in this version support version 20.2.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.2.2 of the Unified Agent.
Resolved Issues
WhiteSource Advise for Eclipse - Quick fix did not work when the version was provided as a variable
Version 19.11.2 (8-December-2019)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise, WhiteSource for GitHub.com, and WhiteSource for Bitbucket Server
...
Setting the minSeverityLevel parameter in the .whitesource configuration file now also affects the WhiteSource Security Check summary list.
Version 19.11.1 (24-November-2019)
New Features & Updates
...
Product
...
Description
...
WhiteSource for Bitbucket Server
...
The .whitesource configuration file now includes a parameter minSeverityLevel, enabling you to decide whether to open a new Bitbucket Server Issue only if a certain Security Vulnerability Severity level is available.
...
WhiteSource Advise for Chrome
...
Removed browser permissions for the Chrome extension that were not used by WhiteSource.
Resolved Issues
...
Products
...
Description
...
WhiteSource for GitHub.com, WhiteSource for GitHub Enterprise
...
When executing a scan with either the LOCAL or EXTERNAL values set for the configMode parameter in the .whitesource configuration file, the includes and excludes parameters are ignored.
Version 19.9.2 (27-October-2019)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub.com, WhiteSource for GitHub Enterprise
...
This version introduces the ability to generate fix PRs on-demand without defining workflow rules in advance.
...
WhiteSource for GitHub Enterprise, WhiteSource for Bitbucket Server
...
A Health Check API endpoint was added to the wss-scanner Docker image.
Version 19.9.1 (22-September-2019)
New Features & Updates
...
Product
...
Description
...
WhiteSource for GitHub Enterprise, WhiteSource for GitHub.com, and WhiteSource for BitBucket Server
...
An indicator has been added indicating when automatic remediation is available for the specific vulnerability.
...
WhiteSource for GitLab Core
...
available at https://docs.mend.io/bundle/integrations/page/developer_integrations_release_notes.html