...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
---|---|---|---|---|---|
offline | Whether to create an offline update request instead of sending one to WhiteSource. | An offline request file is created in the whitesource folder next to the scanned project. | Results are sent directly to the server. | False | -offline |
updateType | If scanning a previously-scanned project, whether to append or override the results.
| N/A | N/A | OVERRIDE | -updateType |
ignoreSourceFiles | Whether to only include package dependencies for all package managers/dependency resolvers. IMPORTANT: As of version 21.2.2, this parameter is being deprecated and will be replaced by a new parameter, fileSystemScan. | Overrides the individual NOTE: When ignoreSourceFiles is used, then the includes/excludes parameter will be ignored. | No override action will occur, and each of the package manager's | False | No |
fileSystemScan | Performs a file system scan for source files and binaries, in addition to the package manager based dependencies resolution. The files to be scanned can be controlled by the includes and excludes parameters and the resolver-specific ignoreSourceFiles parameters. IMPORTANT: This parameter is new for version 21.2.2, and overrides the soon-to-be-deprecated ignoreSourceFiles. | Performs a file system scan for source files and binaries, in addition to the package manager based dependencies resolution. | Only package manager based dependencies resolution is being performed. | True | No |
scanComment | Adds a comment to a scan. The comment is then displayed in the Project Vitals panel of the Project pages, and the Plugin Request History Report. Supports UTF-8 characters. | A comment is added to the scan. | No comments will be added to the scan. | No default | -scanComment |
failErrorLevel | When set to ALL - the Unified Agent will exit on any major error (such as resolution failed, pre-steps error, etc.) Otherwise, there is no change in behavior. Possible values - ALL or DEFAULT. See here for more information about this parameter. (upper-case only) | N/A | N/A | "DEFAULT" | No |
requireKnownSha1 | Checks for dependencies with known/unknown SHA-1. | The Unified Agent will terminate the scan if one or more dependencies with an unknown SHA-1 were found. | The scan will continue normally. | True | -requireKnownSha1 |
generateProjectDetailsJson | Whether to generate a JSON file upon scan completion containing the projectTokens and projectNames. | The Unified Agent generates a JSON file at the end of the scan named scanProjectDetails.json containing the projectTokens and projectNames. | The JSON file report will not be generated. | False | No |
generateScanReport | (For Organization and Product Administrators only) Whether to create a report in JSON format at the end of the scan, which includes information on vulnerabilities, policy violations, top fixes, and inventory details. The filename format is '<project_name>-<yyyy-mm-dd>T<HHmmss>+<UTC offset>-scan_report.json'. NOTES:
| A report in JSON format is created at the end of the scan, which includes information on vulnerabilities, policy violations, top fixes, and inventory details. | The report will not be generated. | False | -generateScanReport |
scanReportTimeoutMinutes | Time-out (in minutes) for the process of generating the scan report. If the timeout interval has passed then the report will not be generated, but the scan will continue. | N/A | N/A | 10 | No |
scanReportFilenameFormat | Controls the filename format of a generated scan report.
| N/A | N/A | Default value is " | No |
updateEmptyProject | Whether to create an empty project in WhiteSource or to update an existing project with empty data. NOTE: This parameter affects all resolvers/package managers. | Updates/creates a project even if there are no dependencies. | Will not create/ update the empty project. | True | No |
log.files.level | For storing logs by default, this determines the log's level:
NOTES:
wss-scan-<date>-<time> | N/A | N/A | Debug | -log.files.level |
log.files.maxFileSize | For storing logs by default, this is the maximum size in MB. If exceeding this size, the file will be overridden. NOTE: This reflects one run (cycle) of the Unified Agent. The files accumulate after each run. | N/A | N/A | 10 MB | No |
log.files.maxFilesCount | For storing logs by default, this is the maximal count of log files. If exceeding this size, the oldest files will be overridden with new files. NOTE: This reflects one run (cycle) of the Unified Agent. The files accumulate after each run. | N/A | N/A | 3 | No |
log.files.path | Location of the created log file. NOTE: In Windows, do not put " | N/A | N/A | The default location of the logs is in the 'whitesource' folder (determined by the whiteSourceFolderPath parameter) | No |
sendLogsToWss | Whether to send logs to WhiteSource. | Sends logs to WhiteSource. | Will not send logs to WhiteSource. | False | No |
case.sensitive.glob | Whether the file system should be case sensitive. | The file system will be case sensitive. | The file system will not be case sensitive. | False | No |
showProgressBar | Whether to display a progress bar inside logs. NOTE: This parameter is valid for the Unified Agent only (not Prioritize). | Progress bars will be displayed inside logs. | Progress bars will not be displayed inside logs. | True | No |
...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
---|---|---|---|---|---|
ant.resolveDependencies | Whether or to scan Apache Ant-based projects. In cases where the 'ant.pathIdIncludes' parameter is not provided, the Unified Agent will look for the following extensions in your project: jar, war, ear, par, rar, dll, exe, ko, so, msi, zip, tar, tar.gz, swc, swf. | Scans Apache Ant-based projects. | Will not scan Apache Ant-based projects. | True | No |
ant.pathIdIncludes | Regular expression or comma/space-delimited list of path ids (specified in the build.xml file) to include in the scan. NOTE: In order for this parameter's value to have an impact on the scan, the parameter 'ant.resolveDependencies' must be set to True. | N/A | N/A | The default value is ".*" | No |
ant.external.parameters | List of key=value (separated by comma), these values are equal to the ANT <property> XML tag. | N/A | N/A | No default | No |
ant.ivy.resolveDependencies | Whether to scan Ivy-based projects. | Scans Ivy-based projects. | Will not scan Ivy-based projects. | False | No |
ant.ivy.ignoredConfigurations | Enables you to determine which dependency configurations to ignore in the scan. The format is according to the following:
| N/A | N/A | None (all configurations are included) | No |
Bazel
Refer here for Bazel.
JavaScript
...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? | |
---|---|---|---|---|---|---|
npm.ignoreDirectoryPatterns | A string parameter that defines the list of directory patterns which will be ignored when searching for the package.json dependency file during the npm resolution. The list of directories is a comma/semi-colon delimited list. | N/A | N/A | example,examples,test,.ws_bower | No | |
npm.resolveDependencies | Whether to resolve npm dependencies. NOTE: 'package.json' dependency files defined within directories defined by the npm.ignoreDirectoryPatterns are not scanned, and therefore dependencies declared in these files are ignored. For example, the default set of directories to ignore will not include the following dependency files: */examples/*package.json */example/*package.json */.ws_bower/*package.json */test/*package.json | Resolves npm dependenciesNPM/yarn dependencies.
| Will not resolve npm dependenciesresolve NPM/yarn dependencies. | True | -npm.resolveDependencies | |
npm.ignoreSourceFiles | When using the npm resolver, ignore or include the js files outside the node_modules folder. NOTE: Only relevant when fileSystemScan is true. | Ignores the js files outside the node_modules folder. | Includes the js files outside the node_modules folder. | True | No | |
npm.includeDevDependencies | Whether to include dev dependencies. | Adds devDependencies to the scan | Only the prod dependencies will be scanned. | False | -npm.includeDevDependencies | |
npm.runPreStep | Whether to run " | Runs "npm install" on found package.json file. | Will not run "npm install" on found package.json file.Installs the NPM/yarn project.
| Will not Install the NPM/yarn project. | False | No |
npm.ignoreNpmLsErrors | Whether to ignore errors of the 'npm list' command. | The scan will end with SUCCESS status + hierarchy tree. | The scan will end with SUCCESS status + flat list. | False | No | |
npm.ignoreScripts | Whether to ignore the scripts in your project's package.json file. NOTES:
| The Unified Agent executes npm executes | The npm install command will run and the scripts in your project's package.json file will be run. | False | No | |
npm.yarnProject | Whether this is a yarn project (or not). | Resolves yarn projects | Will not resolve yarn projects | False | No | |
npm.accessToken | The access token value provided by the relevant environment (Microsoft Visual Studio or Artifactory) to fetch required data from the NPM registry. | N/A | N/A | Empty | No | |
npm.identifyByNameAndVersion | Defines whether to fetch package data from npm registry (either private or public). | The Unified Agent will use only the name and the version of the package. | Fetches package data from npm registry (either private or public). | False | No | |
npm.yarn.frozenLockfile | Enables running the pre-step with the ‘ | Runs the pre-step with the ‘ | Will not run the pre-step with the ‘ | False | No | |
npm.resolveMainPackageJsonOnly | In npm projects, more than one package.json file can exist. Therefore, you can decide to resolve only the main package.json file (the one in the root directory) or all package.json files. | The Unified Agent checks if there is a package.json file in the folder passed as the -d parameter. If no such file exists, the scan will fail; otherwise, the Unified Agent will scan only this package.json. | The Unified Agent resolves all package.json files | False | No | |
npm.removeDuplicateDependencies | Whether to remove duplicate dependencies during npm dependency resolution. | Removes duplicate dependencies during npm dependency resolution. | Includes duplicate dependencies during npm dependency resolution. | True | No | |
npm.resolveAdditionalDependencies | Whether to resolve global dependencies and require modules. NOTE: Require is the equivalent to import in other languages. | Resolves global dependencies and require modules. | Resolves only the dependencies that are declared in the package.json. | False | No | |
npm.resolveLockFile | Whether the Unified Agent will rely on the manifest (package.json) and lock file (package-lock.json) for the resolution and not rely on NPM commands. If the lock file is missing, the detection will be based on the node_modules folder. | The Unified Agent uses the package.json and package-lock.json to get the hierarchy tree. If the package-lock.json is missing, the detection is based on the node_modules folder. | The Unified Agent runs npm commands to get the hierarchy tree. | True | No | |
npm.projectNameFromDependencyFile | Whether the project name will be taken from the dependency file. This is a standalone parameter for the NPM resolver only, taking effect only when the npm resolver is the only active resolver. If the Unified Agent identifies any additional resolvers besides npm that are set to True, an error is generated. NOTE: If a productVersion was specified, it will override the project version and be part of the project's name. | The project name will be taken from the package.json file. | The project name will be taken from the CLI/configuration file. | False | No | |
npm.failOnNpmLsErrors | Whether to fail and exit the scan in case of ' | In case an error occurs while running ' | In case of an error in ' | NULL (meaning False - the scan will not fail on npm ls errors) | No | |
npm.resolveGlobalPackages | When scanning Docker images, and npm is not available, in order to extract global dependencies, this parameter eliminates the need to rely on NPM being installed and available; , as the Unified Agent identifies all the global npm packages installed on the Docker image. When true - the Unified Agent will scan every package.json file inside 'node_modules' directory. This parameter is mostly relevant when scanning Docker images. | Resolves all package.json files under the node_modules folder. | Will not scan package.json files under the node_modules folder. | False | No |
Bower
...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|
nuget.resolveDependencies | Whether to resolve NuGet packages.config and .csproj files. | Resolves NuGet packages.config and .csproj files. | Will not resolve NuGet packages.config and .csproj files. | True | No | ||||||
nuget.resolvePackagesConfigFiles | Whether to resolve NOTE: In order for this parameter's value to impact the scan, the parameter nuget.resolveDependencies must be set to True. | Resolves | Will not resolve | True | No | ||||||
nuget.resolveCsProjFiles | Whether to resolve NOTE: In order for this parameter's value to impact the scan, the parameter nuget.resolveDependencies must be set to True. | Resolves | Will not resolve | True | No | ||||||
nuget.restoreDependencies | Whether to run dotnet restore on found '.csproj' files in order to download the project's dependencies. | Runs dotnet restore on found '.csproj' files | Will not run dotnet restore on found '.csproj' files | False | No | nuget.preferredEnvironment | Defines the preferred NuGet restore command. Available values are nuget and dotnet. NOTE: This parameter will be used only if the nuget.restoreDepenciesrunPreStep parameter is set to True. | N/A | N/A | No default | No |
nuget.packagesDirectory | Provides a path to the directory where WhiteSource temporary files will be created (and removed at the end of a scan). NOTE: Provide a short directory, in order to avoid errors related to the path size during the restore command. | N/A | N/A | No default | No | ||||||
nuget.ignoreSourceFiles | When using the dependency resolver, whether to include package dependencies or package dependencies + source files. NOTE: Only relevant when fileSystemScan is true. | Includes only package dependencies | Includes package dependencies and source files | True | No | ||||||
nuget.runPreStep | Whether to run nuget restore on found 'found | Runs dotnet restore on csproj files and nuget restore on found ' packages.config ' files in order to download all dependencies to a temporary folder, scans this folder and deletes it after fetching the dependencies. | Will not run dotnet restore and nuget restore on found ' packages.config ' and csproj files. | False | No | ||||||
nuget.resolveNuspecFiles | Indicates whether to resolve NOTE: In order for this parameter's value to impact the scan, the parameter nuget.resolveDependencies must be set to True. | Resolves | Will not resolve | True | No | ||||||
nuget.resolveAssetsFiles | Resolves obj/project.assets.json file for new .NET dependency management structure. | N/A | N/A | True | No |
...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
---|---|---|---|---|---|
ruby.resolveDependencies | Whether to resolve | Will resolve | Will not resolve | True | No |
ruby.ignoreSourceFiles | When using the dependency resolver, it will include only package dependencies, not source files (file extension .rb). NOTE: Only relevant when fileSystemScan is true. | Will include only such package dependencies. | Will not scan such source files. | True | No |
ruby.installMissingGems | Whether to install missing Ruby dependencies gem files. | Installs missing Ruby dependencies gem files. | Will not install missing Ruby dependencies gem files. | False | No |
ruby.runBundleInstall | Whether to run bundle install on the Ruby project folder. | Runs bundle install on the Ruby project file folder. | Will not run bundle install. | False | No |
ruby.overwriteGemFile | (relevant only if you enabled ruby.runBundleInstall) Whether to overwrite Gemfile.lock or gems.locked after running Bundle Install. | Overwrites Gemfile.lock or gems.locked after running Bundle Install. | Will not overwrite Gemfile.lock or gems.locked after running Bundle Install. | False | No |
...