...
A Windows or macOS machine is being used (Linux is not supported)
A valid license for WhiteSource for Developers
A license key for WhiteSource Advise for IDE, available via one of the following options:
If you do not have direct access to the WhiteSource Application, obtain the license key from your WhiteSource Administrator.
If you have access to the WhiteSource Application, do as follows (NOTE: This option is only available when using version 20.11.1 or later of WhiteSource Advise):
Go to the WhiteSource Application.
Open the Profile page.
In the WhiteSource Advise - IDE Integration section at the bottom, select your organization.
Copy your personal license key to be used later in Activating WhiteSource Advise.
(For installing the extension on Visual Studio Code only) Visual Studio Code version 1.47.3 or above is installed and you are familiar with its basic functionality
NPM and/or NuGet Package Manager must be installed for .NET projects
A package-lock.json must be present for JavaScript projects
Installing WhiteSource Advise
...
From the sidebar on the left, select Extensions. The Extensions panel is displayed.
In the search bar on top, enter whitesource and press Enter. The WhiteSource Advise “widget” is displayed in the panel.
Click the Manage icon.
In the popup that opens, click Extension Settings.
In the WhiteSource screen, review the options and modify if necessary. See here for a list of all options.
Options Table
Option | Description | Default Setting |
---|---|---|
Enable automatic scanning in Workspace | When enabled, WhiteSource Advise will automatically scan after activating the extension or after changes are applied to any of your Workspace folders. | Selected (checked) |
Include dev dependencies | When enabled, WhiteSource Advise will include dev dependencies in a scan. | Unselected (not checked) |
Only show issues for direct dependencies | When enabled, WhiteSource Advise will only return vulnerabilities for direct dependencies defined in your dependency file. | Unselected (not checked) |
Minimum vulnerability severity level | Alert only on detected vulnerabilities satisfying a Low/Medium/High minimum severity level.
| Low |
Scanning for Security Vulnerabilities
...