Versions Compared

Old Version 56

changes.mady.by.user Tsur Rothfeld

Saved on

compared with

New Version 61

changes.mady.by.user Lena Kleyner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Supported File Extensions

For a complete list of supported file extensions (binary files, source files, and archive files) that the Unified Agent supports, refer here.

Selecting a Plugin for Integration

Info

WhiteSource recommends using the the Unified Agent.

Language

Plugin

Java

Unified AgentMaven, Jenkins, TeamCity

.Net

Unified AgentTFS/VSTSJenkins, TeamCity

Scala

Unified AgentMaven , Jenkins, TeamCity

Clojure

Unified AgentMaven , Jenkins, TeamCity

C#

Unified AgentTFS/VSTS, Jenkins, TeamCity

Ruby

Unified Agent

Python

Unified Agent

NPM

Unified AgentNPM

NuGet

Unified Agent

Bower

Unified AgentNPM

C/C++

Unified Agent

Obj-C

Unified Agent

JavaScript

Unified AgentJenkins

PHP

Unified Agent

Go

Unified Agent

RPM/YUM

Unified Agent

Debian

Unified Agent

Swift

Unified Agent

Alpine Linux

Unified Agent

Groovy

Unified Agent

ActionScript

Unified Agent

Arch Linux

Unified Agent

...

Scanning Archives Files

If you have Java/Ruby/Python archive files and you are willing to open them and extract descriptive information, then you can use this feature by providing values for the following parameters:

  • archiveExtractionDepth 

  • archiveIncludes 

  • archiveExcludes

The drill-down hierarchy is limited to a maximum of 10 and can be modified in the configuration file.
By default, the drill-down hierarchy level is zero - no drill down.
Supported archive types are as follows:

  • .aar

  • .car

  • .ear

  • .egg

  • .gem

  • .hpi

  • .jar

  • .nupkg

  • .rar

  • .rpm

  • .sca

  • .sda

  • .tar

  • .tar.bz2

  • .tar.gz

  • .tar.xz

  • .tgz

  • .war

  • .whl

  • .xz

  • .zip

Info

  • In case of Ruby .gem files, only the data.tar.gz file is extracted, and all the other content files are ignored.

  • In Ruby, one hierarchy level is defined to extract Ruby's .gem and data.tar.gz files.

Providing a Project Name Only in a Unified Agent Scan

Overview and Default Behavior

If a scanned project uses a configuration file that contains only a defined projectName (where projectToken, productName and productToken are left empty), then the Unified Agent adds the results to the first project it finds in the organization that contains the same project name.
If a multi-module project is scanned with the same configuration as described above, and a project with one of the module names already exists, then the Unified Agent adds the module data to this existing project.

Example: Only 'projectName' is defined and 'projectToken’, ‘productName’ and ‘productToken’ are left empty
Code Block
projectName=NewProject
projectToken=
 
productName=
productToken=

Changing the Default Behavior

In order to avoid overriding an existing project with the same name, from the Advanced Settings section of the Integrate page, select the checkbox Add project to default product when only project name is provided.

When this checkbox is selected, the following rules apply to all future scans:

...

(Linux: $?,  PowerShell:  $LASTEXITCODE,  Batch: %ERRORLEVEL%)

Exit Code

Exit Message

Description

0

SUCCESS

Scan completed successfully.

-1

ERROR

General error has occurred.

-2

POLICY_VIOLATION

One or more of the scanned components violates an Organization or Product level policy.
Policy summary reports are created and saved in the newly-created whitesource directory, located under the current working directory ($pwd or %cd%).
Only applicable when configured to checkPolicies=true and forceUpdate=false.

-3

CLIENT_FAILURE

Client-side error has occurred.

-4

CONNECTION_FAILURE

The agent was unable to establish a connection to the WhiteSource application server (e.g., due to a blocked Internet connection).

-5

SERVER_FAILURE

Server-side error has occurred (e.g., a malformed request or a request that cannot be parsed was received).

-6

PRE_STEP_FAILURE

One of the package manager's prerequisite steps (e.g., npm install, bower install, etc.) failed.
Only applicable if the appropriate property is set to true (npm.runPreStep, bower.runPreStep, etc.).

-100

EUA NOTICE

Analysis will commonly display the following EUA code at successful completion: [EUA000] Analysis completed successfully. The Unified Agent returns a [-100] exit code if the analysis reported an exit code other than [EUA000].

Exit Codes in Bash

The exit codes WhiteSource returns in the Bash command language should be treated as 'x' modulo 256: 

...

Info

Example

java -jar /path/to/jar/wss-unified-agent-<x.x.x.>.jar -c "https://raw.githubusercontent.com/whitesource/unified-agent-distribution/master/standAlone/wss-unified-agent.config" -proxy http://hm:hm@192.168.1.233:808/

NOTE: The following protocols are supported: 'file://', 'ftp://', 'http://', 'https://'

...

  1. Download JarSigner (there are multiple sources from where the utility can be downloaded).

  2. From the command line, enter the following command to run JarSigner and view the list of security certificates in the .jar file:

jarsigner -verify -verbose <UA jar>

After running, ensure that the WhiteSource information appears in the list of security certificates.

...

  • If there is an issue with the Java heap size, depending on the machine resources, try to install a 64-bit Java Runtime and use the '–d64' along with the '–Xmx' and '–Xms' switches to increase the Java heap size.

Limitations

  • The minimum file size for scanning is 512 bytes. The maximum file size for scanning is 2 GB. All other files will be skipped and not scanned by the Unified Agent.

  • The Unified Agent supports UTF-8 locales. If other locales are in use, the Unified Agent generates an error when confronting special characters.

  • Requests with more than one million dependencies will fail.

  • The Maven dependencies detection is based on the Apache Maven Dependency Plugin. Maven projects that use version 3.2.0 of the Maven Dependency Plugin are not supported.