Versions Compared

Old Version 24

changes.mady.by.user Michael Hollander

Saved on

compared with

New Version 25

changes.mady.by.user Tsur Rothfeld

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. From the sidebar on the left, select Extensions. The Extensions panel is displayed.

  2. In the search bar on top, enter whitesource and press Enter. The WhiteSource Advise “widget” is displayed in the panel.

  3. Click the Manage icon.

    Image RemovedImage Added

  4. In the popup that opens, click Extension Settings.

  5. In the WhiteSource screen, review the options and modify if necessary. See here for a list of all options.

...

  1. Select one or multiple folders from the Explorer pane.

  2. Right-click the folder (or a selection of folders) and from the context menu, click Scan folder(s) with WhiteSource Advise.

Developer Focus Mode

The developer focus mode will allow developers to see only vulnerability alerts that are new in their feature branches compared to a predefined base branch. This will promote the security shift left approach and will empower developers to fix newly introduced vulnerabilities immediately as part of their feature development efforts and prior to merging vulnerable code into production branches.

In order to enable focus mode:

  • In the WhiteSource Advise project-level configuration enable the “Diff operation to be performed on a base branch” checkbox.

  • Choose the base branch to which all other branch scans will be compared to

  • Make sure your base branch is checked out and trigger a WhiteSource Advise scan either manually or by building your project.

In case there was no scan on the predefined base branch after its initial configuration, all branches will show all the scan results, not just the newly created security alerts. 

Info

Every time the base branch configuration changes, a WhiteSource Advise scan must be triggered on that branch prior to seeing new security results.   

Reviewing Scan Results

After a scan is completed, a notification is displayed with informative statistics regarding the scan. These include the number of high, medium, and low severity vulnerabilities. To view more specific information regarding the vulnerability, click Show Problems inside the notification to open the Problems section. In the Problems section, for each vulnerability, the following details are displayed (note that some Problem descriptions are found on the same line):

...