Versions Compared

Old Version 25

changes.mady.by.user Tsur Rothfeld

Saved on

compared with

New Version 26

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • A Windows or macOS machine is being used (Linux is not supported)

  • A valid license for WhiteSource for Developers

  • A license key for WhiteSource Advise for IDE, available via one of the following options:

    • If you do not have direct access to the WhiteSource Application, obtain the license key from your WhiteSource Administrator.

    • If you have access to the WhiteSource Application, do as follows (NOTE: This option is only available when using version 20.11.1 or later of WhiteSource Advise):

      1. Go to the WhiteSource Application.

      2. Open the Profile page.

      3. In the WhiteSource Advise - IDE Integration section at the bottom, select your organization.

      4. Copy your personal license key to be used later in Activating WhiteSource Advise.

  • (For installing the extension on Visual Studio Code only) Visual Studio Code version 1.47.3 or above is installed and you are familiar with its basic functionality

  • NPM and/or NuGet Package Manager must be installed for .NET projects

  • A package-lock.json must be present for JavaScript projects

Installing WhiteSource Advise 

...

  1. From the sidebar on the left, select Extensions. The Extensions panel is displayed.

  2. In the search bar on top, enter whitesource and press Enter. The WhiteSource Advise “widget” is displayed in the panel.

  3. Click the Manage icon.

    Image RemovedImage Added

  4. In the popup that opens, click Extension Settings.

  5. In the WhiteSource screen, review the options and modify if necessary. See here for a list of all options.

Options Table

Option

Description

Default Setting

Enable automatic scanning in Workspace

When enabled, WhiteSource Advise will automatically scan after activating the extension or after changes are applied to any of your Workspace folders.

Selected (checked)

Include dev dependencies

When enabled, WhiteSource Advise will include dev dependencies in a scan.

Unselected (not checked)

Only show issues for direct dependencies

When enabled, WhiteSource Advise will only return vulnerabilities for direct dependencies defined in your dependency file.

Unselected (not checked)

Minimum vulnerability severity level

Alert only on detected vulnerabilities satisfying a Low/Medium/High minimum severity level.

  • Low - Vulnerability alerts for all severities (Low, Medium, High) are displayed.

  • Medium- Vulnerability alerts only for Medium or High severities are displayed.

  • High - Vulnerability alerts only for High severities are displayed.

Low

Scanning for Security Vulnerabilities

...