Table of Contents |
---|
Supported File Extensions
...
Info |
---|
WhiteSource recommends using the Unified Agent. |
Language | Plugin |
---|---|
Java | |
.Net | |
Scala | |
Clojure | |
C# | |
Ruby | |
Python | |
NPM | |
NuGet | |
Bower | |
C/C++ | |
Obj-C | |
JavaScript | |
PHP | |
Go | |
RPM/YUM | |
Debian | |
Swift | |
Alpine Linux | |
Groovy | |
ActionScript | |
Arch Linux |
...
Overview and Default Behavior
If a scanned project uses a configuration file that contains only a defined projectName (where projectToken, productName and productToken are left empty), then the Unified Agent adds the results to the first project it finds in the organization that contains the same project name.
If a multi-module project is scanned with the same configuration as described above, and a project with one of the module names already exists, then the Unified Agent adds the module data to this existing project.
Example: Only 'projectName' is defined and 'projectToken’, ‘productName’ and ‘productToken’ are left empty
...
Changing the Default Behavior
In order to avoid overriding an existing project with the same name, from the Advanced Settings section of the Integrate page, select the checkbox Add project to default product when only project name is provided.
When this checkbox is selected, the following rules apply to all future scans:
...
Verifying the Integrity of the Unified Agent
This procedure enables you It is recommended to verify the integrity of the downloaded Unified Agent’s JAR file per each release. The following two options are available:
Checksum verification
Calculate the SHA-256 checksum of the Unified Agent’s JAR file and compare it to the published checksum file (in GitHub or S3).Signature verification
Use the JarSigner tool to verify the signature of the Unified Agent's
...
JAR file
...
and ensure that it originated from WhiteSource.
...
Do as follows:
Download
JarSigner (there are multiple sources from where the utility can be downloaded).
From the command line, enter the following command to run JarSigner and view the list of security certificates in the
JAR file:
Code Block jarsigner -verify -verbose <UA jar>
After running, ensure that the WhiteSource information appears in the list of security certificates.
Scanning Remote Repositories
...