Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Selecting a Plugin for Integration

Info

WhiteSource Mend recommends using the Unified Agent.

...

The includes parameter is supported by this feature, enabling WhiteSource Mend to automatically identify the environment that the user wants to scan and create the configuration file automatically.

...

Exit Code

Exit Message

Description

0

SUCCESS

Scan completed successfully.

-1

ERROR

General error has occurred.

-2

POLICY_VIOLATION

One or more of the scanned components violates an Organization or Product level policy.
Policy summary reports are created and saved in the newly-created whitesourceMend directory, located under the current working directory ($pwd or %cd%).
Only applicable when configured to checkPolicies=true and forceUpdate=false.

-3

CLIENT_FAILURE

Client-side error has occurred.

-4

CONNECTION_FAILURE

The agent was unable to establish a connection to the WhiteSource Mend application server (e.g., due to a blocked Internet connection).

-5

SERVER_FAILURE

Server-side error has occurred (e.g., a malformed request or a request that cannot be parsed was received).

-6

PRE_STEP_FAILURE

One of the package manager's prerequisite steps (e.g., npm install, bower install, etc.) failed.
Only applicable if the appropriate property is set to true (npm.runPreStep, bower.runPreStep, etc.).

-100

EUA NOTICE

Analysis will commonly display the following EUA code at successful completion: [EUA000] Analysis completed successfully. The Unified Agent returns a [-100] exit code if the analysis reported an exit code other than [EUA000].

Exit Codes in Bash

The exit codes WhiteSource Mend returns in the Bash command language should be treated as 'x' modulo 256: 

...

Info

Example

java -jar /path/to/jar/wss-unified-agent-<x.x.x.>.jar -c "https://raw.githubusercontent.com/whitesourceMend/unified-agent-distribution/master/standAlone/wss-unified-agent.config" -proxy http://hm:hm@192.168.1.233:808/

...

It is possible to save the output of the scan into a file instead of sending it directly to WhiteSource Mend by HTTPS. This approach is useful in case there is no connectivity (or limited connectivity) while scanning.

By changing the configuration file to offline mode, any execution of the Unified Agent will store the current configuration and metadata in a JSON .txt file named update-request.txt, located in the newly-created 'whitesourceMend' directory. It is located under the current working directory ($pwd or %cd%). This file can later be manually uploaded to WhiteSource Mend from the Admin Console or via the command line.

...

Code Block
languagejava
java -jar <path to wss-unified-agent-*.jar> -wss.url <WhiteSourceInstance<MendInstance/agent> -apiKey <apiKey> -productToken <productToken> -project <newProjectName> -requestFiles <pathToUpdate-request.txt> -noConfig true

...

  1. Checksum verification
    Calculate the SHA-256 checksum of the Unified Agent’s JAR file and compare it to the published checksum file (in GitHub or S3).

  2. Signature verification
    Use the JarSigner tool to verify the signature of the Unified Agent's JAR file and ensure that it originated from WhiteSourceMend. Do as follows:

    1. Download JarSigner (there are multiple sources from where the utility can be downloaded).

    2. From the command line, enter the following command to run JarSigner and view the list of security certificates in the JAR file:

      Code Block
      jarsigner -verify -verbose <UA jar>

After running, ensure that the WhiteSource Mend information appears in the list of security certificates.

...

The scm client must be installed on your machine in order to successfully connect to your repository:

WhiteSource Mend also supports on-premises installations of repositories. 

...

A summary report in JSON format can be automatically generated locally, in the 'whitesourceMend' folder (created in the directory where the Unified Agent ran), at the end of each scan, using the 'generateScanReport' configuration parameter when running the Unified Agent.
This report includes information on vulnerabilities, policy violations, top fixes and inventory details.

...