Versions Compared

Old Version 23

changes.mady.by.user Vital Batyr

Saved on

compared with

New Version 24

changes.mady.by.user Vital Batyr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

  • A Windows machine is being used (Linux and Mac are not supported)

  • A license key for WhiteSource Advise for IDE, available via one of the following options:

    • If you do not have direct access to the WhiteSource Application, obtain the license key from your WhiteSource Administrator.

    • If you have access to the WhiteSource Application, do as follows:

      1. Go to the WhiteSource Application.

      2. Open the Profile page.

      3. In the WhiteSource Advise - IDE Integration section at the bottom, select your organization.

      4. Copy your personal license key to be used later in Activating WhiteSource Advise.

  • Visual Studio 2019 (any edition) is installed and you are familiar with its basic functionality

  • NuGet Package Manager must be installed

...

  1. Start Visual Studio.

  2. From the menu bar, select Extensions → Manage Extensions. The Manage Extensions screen is displayed.

  3. In the Manage Extensions screen, open the Online section from the sidebar and click Visual Studio Marketplace.

  4. In the Search area on the right, enter whitesource and press Enter.

  5. Select the WhiteSource Advise extension, and click Download.  

  6. Click Close and restart Visual Studio so that the extension can be installed.

Activating WhiteSource Advise

...

  • Project - The scanned project where a vulnerability was found

  • Component - The scanned component reported to have a vulnerability

  • Version - The version of the scanned component reported to contain a vulnerability

  • Target Framework - The target .NET version of the component

  • Vulnerability - The identifier of the vulnerability. Clicking the identifier (link) opens the WhiteSource Vulnerability Lab providing more information.

  • CVSS - The security vulnerability's Common Vulnerability Scoring System (CVSS) score. If a CVSS 3 score is available, it will be displayed; otherwise, the CVSS 2 score will be displayed.

  • Severity - Reported severity for the vulnerability: High, Medium, Low

  • Dependency - Whether the vulnerable component is a Direct dependency (as defined directly in the pom.xml file) or a Transitive dependency

  • Description - The description of the security vulnerability

  • Top Fix- The top-rated remediation advice that WhiteSource recommends for each vulnerability. A condensed description of the recommended course of action is given

...

  1. From the menu bar, select Extensions → Manage Extensions. The Manage Extensions screen is displayed.

  2. In the Manage Extensions screen, open the Updates section from the sidebar and click Visual Studio Marketplace.

  3. Select the WhiteSource Advise extension, and click Update.  
    NOTE: If the WhiteSource Advise extension is not displayed, a new version is not available.

  4. Click Close and restart Visual Studio so that the extension can be updated.

Uninstalling WhiteSource Advise 

...

  1. From the menu bar, select Extensions → Manage Extensions. The Manage Extensions screen is displayed.

  2. In the Manage Extensions screen, open the Installed section from the sidebar and click Visual Studio Marketplace.

  3. In the Search area on the right, enter whitesource and press Enter.

  4. Select the WhiteSource Advise extension, and click Uninstall.

  5. In the popup, click Yes.

  6. Click Close and restart Visual Studio so that the extension can be uninstalled.