Table of Contents |
---|
Overview
Info |
---|
Major improvements to the Azure DevOps integration will be introduced in July 2021. The underlying scanning mechanism will be modified to allow a direct WhiteSource scan from within the Azure DevOps pipeline. As part of this change, the following updates will be introduced:
|
This integration is not currently supported for customers on a WhiteSource Dedicated Instance or WhiteSource On-Premises instance.
This integration does not support Azure DevOps Server (TFS) installations.
...
Detect and remediate vulnerable open source components
Generate a comprehensive open-source inventory report per project or build
Enforce open source license compliance, including dependencies’ licenses
Identify outdated open-source libraries with recommendations to update
NOTES:
The extension
...
maps an Azure DevOps Project (
...
and all of its pipelines which are integrated with WhiteSource)
...
to a defined WhiteSource Product. The WhiteSource Product is generated by the extension as part of the integration.
To map between an Azure DevOps pipeline build and a WhiteSource Product, it is recommended to use the Unified Agent integration.
Support for Languages and Package Managers
...
To re-activate the extension using a different WhiteSource Organization account (activation key), uninstall the extension and then follow the instructions below.
...
In the pipeline edit page, from the right side, click Show assistant. The Tasks sidebar is displayed.
In the search bar, enter whitesource. The WhiteSource task is displayed.
Click the WhiteSource task.
From the bottom right corner, click Add. The WhiteSource task is added to the pipeline.
Code Block - task: whitesource.WhiteSource-azure-devops-services.bolt.wss.WhiteSource@21
(Optional) To specify the name of the WhiteSource project to be created, add the following to the WhiteSource task. In the following example, replace
New_Project_Name
with the name you want to give your WhiteSource project:
NOTE: When the Overwrite projects with latest build data checkbox from the Organization Settings > Extensions >WhiteSource is selected, you will be unable to change the project name after the first build run.Code Block - task: whitesource.WhiteSource-azure-devops-services.bolt.wss.WhiteSource@21 inputs: cwd: '$(System.DefaultWorkingDirectory)' projectName: 'New_Project_Name'
(Optional) To specify custom Unified Agent Configuration parameters, add all parameters in the WhiteSource Configuration field (ensure each parameter along with its value are provided on a separate line). In the following example, under
configuration
, provide all relevant parameters.
NOTE: The parameters used here overwrite the default configuration parameters. Configuration parameters that were not provided will use the default values as described here.Code Block - task: whitesource.WhiteSource-azure-devops-services.bolt.wss.WhiteSource@21 inputs: cwd: '$(System.DefaultWorkingDirectory)' configuration: | npm.resolveDependencies=true maven.resolveDependencies=true
Click Save & queue.
...
To add a task to the Agent Job, click the plus (“+”) sign next to the agent job section. The Add Tasks section is displayed.
In the search bar, enter whitesource. The WhiteSource task is displayed.
Click the WhiteSource tab, and then click Add. The WhiteSource task is added to the pipeline.
(Optional) To specify the name of the WhiteSource project to be created, enter the name in the Project name field.
NOTE: When the Overwrite projects with latest build data checkbox from Organization Settings > Extensions > WhiteSource is selected, you will be unable to change the project name after the first build run.(Optional) To specify custom Unified Agent Configuration parameters, add all parameters in the WhiteSource Configuration field (ensure each parameter name along with its value are provided on a separate line).
NOTE: The parameters used here overwrite the default configuration parameters. Configuration parameters that were not provided will use the default values as described here.Click Save & queue.
NOTE: The WhiteSource task can be moved to other locations within the steps section, depending on your preferences.
...