| Table of Contents |
|---|
Overview
This page describes the parameters used in the Unified Agent's configuration.
Configuration File Parameters
Organization Vitals
General parameters used for authentication, categorization, and product/project definitions.
NOTE: One of the following is a required field: -project or -projectToken .
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
apiKey
...
(Mandatory) A unique identifier of your organization. Used to identify the organization in plugins.
...
N/A
...
N/A
...
No default
...
-apiKey
...
userKey
...
Unique identifier of the user that can be generated from the Profile page in your WhiteSource account.
NOTE: Required only if Enforce user level access is selected in the Integrate page.
...
N/A
...
N/A
...
No default
...
-userKey
...
requesterEmail
...
The provided email will be matched with an existing WhiteSource account. Requests for new libraries will be created with the matched account as the requester email.
user@provider.com
...
N/A
...
N/A
...
No default
...
No
...
projectName
...
The name of the project to update (mandatory).
NOTE: If not defined, then projectToken must be defined instead.
...
N/A
...
N/A
...
No default
...
-project
...
projectVersion
...
The project's version.
NOTE: Added to the name if Use version in project names is selected in the Integrate page.
...
N/A
...
N/A
No default
...
-projectVersion
...
projectToken
...
Unique identifier of the project to update; found on the Integrate page.
NOTE: If not defined, then projectName must be defined instead.
...
N/A
...
N/A
No default
...
-projectToken
...
projectTag
...
Enables setting of project tag only for a newly-created project. Project tag should be defined with key:value
For example: projectTag= myTagKey:myTagValue
NOTE: This parameter is not supported when using the Repo Integrations or the Azure DevOps Services Integration.
...
N/A
...
N/A
...
No default
...
-projectTag
...
productName
...
Name of the product to update
...
N/A
...
N/A
...
MyProduct
...
-product
...
productVersion
...
Version of the product and project to update. It overrides the project version.
...
N/A
...
N/A
No default
...
-productVersion
...
productToken
...
Unique identifier of the product to update; found on the Integrate page.
...
N/A
...
N/A
No default
...
-productToken
...
projectPerFolder
Creates one project per subfolder according to your "-d" parameter. Each subfolder is named according to the folder.
...
A project per folder is created
...
A project per folder is not created
...
False
...
-projectPerFolder
...
projectPerFolderIncludes
...
Comma or space-delimited list of folder names to be included in the scan.
NOTE: Relevant only if projectPerFolder is True.
...
N/A
...
N/A
...
All folders
...
No
...
projectPerFolderExcludes
...
Comma or space-delimited list of folder names to be excluded from the scan.
NOTE: Relevant only if projectPerFolder is True.
...
N/A
...
N/A
...
The default value is ""
...
No
...
wss.connectionTimeoutMinutes
...
Connection timeout in minutes.
...
N/A
...
N/A
...
60
...
wss.url=https://saas.whitesourcesoftware.com/agent
#wss.url=https://app.whitesourcesoftware.com/agent
#wss.url=https://app-eu.whitesourcesoftware.com/agent
...
Enable the relevant URL according to your organization's WS Server URL from your Profile page on the Server URLs panel (additionally, it can be found in the Integrate tab). Then, add the agent path.
...
N/A
...
N/A
...
https://saas.whitesourcesoftware.com/agent
...
-wss.url
Policies
Policies enable organizations to set and enforce open source adoption policies. Parameters related to policy scan settings.
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
checkPolicies
...
Whether to send the check policies request before updating WhiteSource.
If set to True, then forceUpdate must also be set to True.
If set to False, no policy-related data will be generated.
...
In case of policy violation, the scan will end with ERROR exit code POLICY_VIOLATION (-2).
...
The scan will end with SUCCESS. Inventory will be updated regardless of policy violations.
...
False
...
No
...
forceCheckAllDependencies
Force checks all dependencies.
NOTE: Used only if checkPolicies is set to True.
...
Checks all policies for all dependencies introduced to the WhiteSource projects.
...
Checks only the new dependencies introduced to the WhiteSource projects.
...
False
...
No
...
forceUpdate
...
Whether to update organization inventory regardless of policy violations.
NOTE: Used only if checkPolicies is set to True.
...
Updates the project even if the checkPolicies step failed.
App- Update
Exit code- End with SUCCESS
Output- No Error message
...
In case of a policy violation:
App- No update
Exit code- (-2)
Output-end with Error
...
False
...
No
...
forceUpdate.failBuildOnPolicyViolation
...
Determines whether the Unified Agent exit code will be the result of the policy check or the result of the scan.
NOTE: Used only if forceUpdate is set to True.
The Unified Agent exit code will be the result of the policy check, meaning if there is a failure in checkpolicies the exit code is -2.
...
The Unified Agent exit code will be the result of the scan. (success or failure)
...
False
...
No
...
updateInventory
Whether to send an update request.
...
Sends an update request.
...
Sends a check policies request to WhiteSource without sending the update request; meaning the user will perform checkpolicies request without updating its inventory in WhiteSource.
...
True
...
No
General
Miscellaneous parameter settings.
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
offline
...
Whether to create an offline update request instead of sending one to WhiteSource.
...
An offline request file is created in the whitesource folder next to the scanned project.
...
Results are sent directly to the server.
...
False
...
-offline
...
updateType
...
If scanning a previously-scanned project, whether to append or override the results.
APPEND - Add the scanned libraries to the project’s inventory. If only a transitive dependency has been added, it will be added as a direct dependency, so all of the application's mechanisms such as alerts and policies will be applied on it. Use this value only in case of working with multiple build processes that are managed under the same WhiteSource project.
OVERRIDE- Adds the newly-added dependencies (the difference)
...
N/A
...
N/A
...
OVERRIDE
...
-updateType
...
ignoreSourceFiles
Whether to only include package dependencies for all package managers/dependency resolvers.
IMPORTANT: As of version 21.2.2, this parameter is being deprecated and will be replaced by a new parameter, fileSystemScan.
...
Overrides the individual x.ignoreSourceFiles parameter value of each of the package managers and ignores all source files discovered during the dependency resolution.
NOTE: When ignoreSourceFiles is used, then the includes/excludes parameter will be ignored.
...
No override action will occur, and each of the package manager's x.ignoreSourceFiles parameter default values will apply (unless explicitly stated).
...
False
...
No
...
fileSystemScan
...
Performs a file system scan for source files and binaries, in addition to the package manager based dependencies resolution. The files to be scanned can be controlled by the includes and excludes parameters and the resolver-specific ignoreSourceFiles parameters.
IMPORTANT: This parameter is new for version 21.2.2, and overrides the soon-to-be-deprecated ignoreSourceFiles.
...
Performs a file system scan for source files and binaries, in addition to the package manager based dependencies resolution.
...
Only package manager based dependencies resolution is being performed.
...
True
...
No
...
scanComment
...
Adds a comment to a scan. The comment is then displayed in the Project Vitals panel of the Project pages, and the Plugin Request History Report. Supports UTF-8 characters.
...
A comment is added to the scan.
...
No comments will be added to the scan.
...
No default
...
-scanComment
...
faileErrorLevel
...
When set to ALL - the Unified Agent will exit on any major error (such as resolution failed, pre-steps error, etc.)
Otherwise, there is no change in behavior.
Possible values - ALL or DEFAULT (upper-case only)
...
N/A
...
N/A
...
"DEFAULT"
...
No
...
requireKnownSha1
...
Checks for dependencies with known/unknown SHA-1.
...
The Unified Agent will terminate the scan if one or more dependencies with an unknown SHA-1 were found.
...
The scan will continue normally.
...
True
...
-requireKnownSha1
...
generateProjectDetailsJson
...
Whether to generate a JSON file upon scan completion containing the projectTokens and projectNames.
...
The Unified Agent generates a JSON file at the end of the scan named scanProjectDetails.json containing the projectTokens and projectNames.
...
The JSON file report will not be generated.
...
False
...
No
...
generateScanReport
...
(For Organization and Product Administrators only) Whether to create a report in JSON format at the end of the scan, which includes information on vulnerabilities, policy violations, top fixes, and inventory details.
The filename format is '<project_name>-<yyyy-mm-dd>T<HHmmss>+<UTC offset>-scan_report.json'.
For example: 'Demo App-2019-06-04T181226+0300-scan_report.json'
NOTES:
The userKey configuration parameter is mandatory for this report.
To generate this report, the configuration parameter updateInventory must be set to True.
This parameter does not work in offline mode.
...
A report in JSON format is created at the end of the scan, which includes information on vulnerabilities, policy violations, top fixes, and inventory details.
...
The report will not be generated.
...
False
...
-generateScanReport
...
scanReportTimeoutMinutes
...
Time-out (in minutes) for the process of generating the scan report. If the timeout interval has passed then the report will not be generated, but the scan will continue.
...
N/A
...
N/A
...
10
...
No
...
scanReportFilenameFormat
...
Controls the filename format of a generated scan report.
Valid values are:
project_with_timestamp(default) - the format will be: <project_name>-<yyyy-mm-dd>T<HHmmss>+<UTC offset>-scan_report.jsonproject_only- the format will be:<project_name>-scan_report.jsonstatic- the format will be scan_report.json
...
N/A
...
N/A
...
Default value is "project_with_timestamp"
...
No
...
updateEmptyProject
...
Whether to create an empty project in WhiteSource or to update an existing project with empty data.
NOTE: This parameter affects all resolvers/package managers.
...
Updates/creates a project even if there are no dependencies.
...
Will not create/ update the empty project.
...
True
...
No
...
log.files.level
...
For storing logs by default, this determines the log's level:
Trace
Debug (default)
Info
Warn
Error
Off - Deactivates the feature.
NOTES:
The location of the logs is determined by the log.files.path parameter.
In the Unified Agent, each successive scan of the same library generates its own folder. The structure is:
wss-scan-<date>-<time>
...
N/A
...
N/A
...
Debug
...
-log.files.level
...
log.files.maxFileSize
...
For storing logs by default, this is the maximum size in MB. If exceeding this size, the file will be overridden.
NOTE: This reflects one run (cycle) of the Unified Agent. The files accumulate after each run.
...
N/A
...
N/A
...
10 MB
...
No
...
log.files.maxFilesCount
...
For storing logs by default, this is the maximal count of log files. If exceeding this size, the oldest files will be overridden with new files.
NOTE: This reflects one run (cycle) of the Unified Agent. The files accumulate after each run.
...
N/A
...
N/A
...
3
...
No
...
log.files.path
...
Location of the created log file.
NOTE: In Windows, do not put "\ " at the end of the value.
...
N/A
...
N/A
...
The default location of the logs is in the 'whitesource' folder (determined by the whiteSourceFolderPath parameter)
...
No
...
sendLogsToWss
...
Whether to send logs to WhiteSource.
...
Sends logs to WhiteSource.
...
Will not send logs to WhiteSource.
...
False
...
No
...
case.sensitive.glob
...
Whether the file system should be case sensitive.
...
The file system will be case sensitive.
...
The file system will not be case sensitive.
...
False
...
No
...
showProgressBar
...
Whether to display a progress bar inside logs.
NOTE: This parameter is valid for the Unified Agent only (not Prioritize).
...
Progress bars will be displayed inside logs.
...
Progress bars will not be displayed inside logs.
...
True
...
No
Package Manager Dependency Resolvers
Parameters related to package manager scan configurations.
NOTE: All Package Manager Dependency resolvers are set to True by default.
General
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
resolveAllDependencies
...
Whether to enable or disable by default all dependency resolvers for a scan.
For example, when the following parameters are set, only npm dependencies will be resolved in this case:
resolveAllDependencies=false
npm.resolveDependencies=true
#maven.resolveDependencies=false
...
When set to True, the default for all package managers' resolveDependencies parameter is set to True, unless explicitly set to False.
...
When set to False, the default for all package managers' resolveDependencies the parameter is set to False, unless explicitly set to True.
...
True
...
-resolveAllDependencies
...
excludeDependenciesFromNodes=.*commons-io.*,.*maven-model
...
Comma-delimited list of regular expressions.
Specify an artifact id or multiple artifact ids (comma-delimited) to exclude the provided tree nodes and their sub-nodes from the scan.
NOTE: These will not be added to your project inventory.
...
N/A
...
N/A
...
No default
...
No
Java
Maven
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
maven.ignoredScopes
...
Define which exact scope names to ignore.
By default, the Unified Agent ignores direct dependencies with scope 'test' and 'provided'.
This value can be overridden to ignore specific scopes.
...
N/A
...
N/A
...
"provided" and "test"
...
-maven.ignoredScopes
...
maven.resolveDependencies
...
Whether to resolve Maven dependencies, requires "pom.xml".
...
In case the project is a Maven project, the resolution will start.
...
The Maven resolution will not start resolution.
...
True
(except for when resolveAllDependencies=false
...
-maven.resolveDependencies
...
maven.ignoreSourceFiles
...
When using the dependency resolver, it will only include pom.xml dependencies, not source files and packages.
NOTE: Only relevant when fileSystemScan is true.
...
Will ignore files from scan, those which have extensions such as:".java", ".class","pom.xml".
...
Will not ignore the mentioned file extensions.
...
False
...
maven.aggregateModules
...
Combines all pom modules into a single WhiteSource project with an aggregated dependency flat list (no hierarchy).
...
Will create a single project for all modules, to be displayed as a flat list.
...
A project will be created for each module and displayed as a hierarchical tree.
...
False
...
-maven.aggregateModules
...
maven.ignorePomModules
...
Whether to ignore dependency resolving of a pom.xml file containing a 'pom' value inside a packaging tag, i.e., '<packaging>pom</packaging>'.
...
The dependency resolver will ignore all dependencies specified inside a pom.xml file that contains a packaging tag with 'pom' value ('<packaging>pom</packaging>')
...
The dependency resolver will not ignore all dependencies specified inside a pom.xml file that contains a packaging tag with 'pom' value ('<packaging>pom</packaging>')
...
True
...
No
...
maven.runPreStep
...
Whether to run "mvn clean install" command on found pom.xml folder
...
Will run the "mvn clean install" command
...
Will not run the "mvn clean install" command
...
False
...
No
...
maven.ignoreMvnTreeErrors
...
If the command `mvn dependency:tree` fails, we try to resolve the partial output (of the command) if it exists and parse all the direct dependencies from the pom.xml file.
...
The scan will end with success and will send a flat list (direct only).
...
The scan will end with errors.
...
False
...
No
...
maven.environmentPath
...
Path to the Maven installation in case it does not match the M2_HOME environment variable
...
N/A
...
N/A
...
No default
...
No
...
maven.m2RepositoryPath
...
Path to .m2 folder, in case it is not available in the default location.
...
N/A
...
N/A
...
No default
...
No
...
maven.downloadMissingDependencies
...
Allows users to disable downloading missing dependencies in Maven.
...
In case there is a missing dependency jar/binary in the repository, the code will try to download the missing dependency.
...
The downloading of missing dependencies will be disabled.
...
True
...
No
...
maven.additionalArguments
...
Provides any parameters starting with '-' or '--', and Unified Agent should add these to the end of the Maven commands.
Example values:
-s=path/to/settings.xml
-s=path/to/settings.xml --threads=2.0C
...
N/A
...
N/A
...
No default
...
No
...
failErrorLevel
...
Returns an error code for the following cases:
resolver.runPrepStep failed
An error occurred in collecting/running dependencies
NOTE: When set to ALL, the Unified Agent returns an error code for all errors in the scan, rather than SUCCESS. This can be useful for customers migrating from the plugins (NPM, MAVEN etc.) to the Unified Agent.
...
N/A
...
N/A
...
DEFAULT
...
No
...
maven.projectNameFromDependencyFile
...
Whether a project name will be taken from the dependency file.
...
The project name will be taken from the pom.xml's 'artifactId' field. Works only when the maven resolver is the only active resolver.
If the Unified Agent identifies any additional resolvers besides Maven that are set to True, an error is generated.
The project name will be taken from the CLI/configuration file.
...
False
...
No
Gradle
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
gradle.ignoredConfigurations
...
Enables you to determine which dependency configurations to ignore in the scan.
The format is according to the following:
Exact configuration names to ignore.
Values must be space-delimited.
For example: gradle.ignoredConfigurations= testCompileOnly testRuntimeOnly
ignores configurations named “testCompileOnly” and “testRuntimeOnly”.
Configurations can use regular expressions.
For example:gradle.ignoredConfigurations=.*test.* ignores all configuration names that contain the string "test".
NOTE: this paramter was previously named gradle.ignoredScopes
...
N/A
...
N/A
...
No default
...
No
...
gradle.resolveDependencies
...
Whether to resolve Gradle dependencies. Requires build.gradle or build.gradle.kts.
...
Resolves Gradle dependencies
...
Will not resolve Gradle dependencies
...
True
(except for when resolveAllDependencies=false
...
-gradle.resolveDependencies
...
gradle.runAssembleCommand
...
In case of a missing dependency, executes the 'gradle assemble' command
NOTE: This command is executed only if `gradle.resolveDependencies` is True.
...
Executes the 'gradle assemble' command
...
Will not execute the 'gradle assemble' command
...
True
...
No
...
gradle.runPreStep
...
The Unified Agent will add additional jars to the customer's global cache.
In most Gradle versions the "gradle dependencies" command we run does this.
...
For each build.gradle file that the Unified Agent finds:
Unified Agent will copy the Gradle project to a temporary system folder.
Inside of each copied project's build.gradle file, the Unified Agent will add a task (named 'copyDependencies') in order to download the missing dependencies
Unified Agent will run 'gradle copyDependencies' - this step will add the missing dependencies to the user's global cache
...
Will depend on Gradle dependencies to fill out missing cache dependencies.
...
False
...
No
...
gradle.ignoreSourceFiles
...
When using the dependency resolver, it will include only package dependencies, not source files.
NOTE: Only relevant when fileSystemScan is true.
...
The scan includes only package dependencies, not source files.
...
When using the dependency resolver, it will include package dependencies, plus source files.
...
False
...
No
...
gradle.aggregateModules
...
Whether to create a single project for all modules.
...
Creates a single project for all modules.
...
A project will be created for each module. The name of the project will be equal to the name of the module (if so, projectName will be ignored).
...
False
...
-gradle.aggregateModules
...
gradle.preferredEnvironment
...
When set to 'wrapper', the Unified Agent will run the 'gradlew' wrapper command. If set to 'gradle', it will use the built-in gradle command.
...
N/A
...
N/A
...
gradle
...
No
...
gradle.localRepositoryPath
...
Paths to the gradle local repository.
For example, in Windows, the path can be defined as the following:
C:\\Users\\JSmith\\.gradle\\caches\\modules-2\\files-2.1
NOTE: From 19.5.3 it can handle a list of paths with comma/space-delimited.
...
N/A
...
N/A
...
No default
...
No
...
gradle.wrapperPath
...
The path to the gradle wrapper.
...
N/A
...
N/A
...
No default
...
No
...
gradle.downloadMissingDependencies
...
Enables the user to disable downloading of missing dependencies in Gradle.
...
Enables the Unified Agent to download missing dependencies.
...
The Unified Agent will not download missing dependencies.
...
True
...
No
...
gradle.additionalArguments
...
Enables users to add additional arguments to the Unified Agent's existing commands. The existing commands are gradle dependencies or gradle wrapper dependencies. This works the following way:
Users can provide any parameters starting with '-' or '--', and Unified Agent will add these at the end
For example:
-Pbranch=dev -PbuildWithSources=false--no-daemon --info-Pbranch=dev -PbuildWithSources=false --no-daemon --info
...
N/A
...
N/A
...
No default
...
No
...
gradle.includedConfigurations
...
Enables you to determine which dependency configurations to include in the scan.
The format is according to the following:
Exact configuration names to include.
Values should be space-delimited.
For example:
gradle.includedConfigurations= compileOnly testCompileOnly
Includes configurations named “compileOnly” and “testCompileOnly”.
Configurations can include regular expressions.
For example:
gradle.includedConfigurations=.*Only.*
Includes all configuration names that contain the string "Only"
NOTE: this parameter was previously named gradle.includedScopes
...
N/A
...
N/A
...
No default
...
No
...
gradle.excludeModules
...
Enables excluding specific modules in the Gradle scan.
The format is according to the following:
Exact modules to exclude. Values should be space delimited. For example: gradle.excludeModules= Dev Prod - exclude scopes named 'Dev' and 'Prod'.
Regular expressions. For example: gradle.excludeModules=.*Dev.* includes all module names that contain (anywhere in their name) the string "Dev".
...
N/A
...
N/A
...
No default
...
No
...
gradle.includeModules
...
Enables including specific modules in the Gradle scan.
The format is according to the following:
Exact modules to include. Values must be space delimited. For example: gradle.includeModules= Dev Prod - include modules named 'Dev' and 'Prod'.
Regular expressions. For example: gradle.includeModules=.*Dev.* includes all module names that contains these characters.
...
N/A
...
N/A
...
No default
...
No
...
gradle.innerModulesAsDependencies
...
When set to false, this parameter ignores and excludes all the modules dependencies from the resolution scan.
...
Includes all the modules dependencies from the resolution scan."
...
Ignores and excludes all the modules dependencies from the resolution scan.
...
True
...
No
Ant
For more information regarding Apache Ant integration, refer here.
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
ant.resolveDependencies
...
Whether to scan Apache Ant-based projects.
In cases where the 'ant.pathIdIncludes' parameter is not provided, the Unified Agent will look for the following extensions in your project: jar, war, ear, par, rar, dll, exe, ko, so, msi, zip, tar, tar.gz, swc, swf.
...
Scans Apache Ant-based projects.
...
Will not scan Apache Ant-based projects.
...
True
(except for when resolveAllDependencies=false
...
No
...
ant.pathIdIncludes
...
Regular expression or comma/space-delimited list of path ids (specified in the build.xml file) to include in the scan.
NOTE: In order for this parameter's value to have an impact on the scan, the parameter 'ant.resolveDependencies' must be set to True.
...
N/A
...
N/A
...
The default value is ".*"
...
No
...
ant.external.parameters
...
List of key=value (separated by comma), these values are equal to the ANT <property> XML tag.
...
N/A
...
N/A
...
No default
...
No
...
ant.ivy.resolveDependencies
...
Whether to scan Ivy-based projects.
...
Scans Ivy-based projects.
...
Will not scan Ivy-based projects.
...
False
...
No
...
ant.ivy.ignoredConfigurations
...
Enables you to determine which dependency configurations to ignore in the scan.
The format is according to the following:
Exact configuration names to ignore.
Values must be space-delimited.Configurations can use regular expressions.
...
N/A
...
N/A
...
None (all configurations are included)
...
No
Bazel
Refer here for Bazel.
JavaScript
NPM + Yarn
For more information regarding NPM integration, refer here.
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
npm.ignoreDirectoryPatterns
...
A string parameter that defines the list of directory patterns which will be ignored when searching for the package.json dependency file during the npm resolution. The list of directories is a comma/semi-colon delimited list.
...
N/A
...
N/A
...
example,examples,test,.ws_bower
...
No
...
npm.resolveDependencies
...
Whether to resolve npm dependencies.
NOTE: 'package.json' dependency files defined within directories defined by the npm.ignoreDirectoryPatterns are not scanned, and therefore dependencies declared in these files are ignored. For example, the default set of directories to ignore will not include the following dependency files:
*/examples/*package.json
*/example/*package.json
*/.ws_bower/*package.json
*/test/*package.json
...
Resolves NPM/yarn dependencies.
If a yarn.lock file is identified, then yarn resolution is performed.
If package-lock.lock file is identified, then NPM resolution is performed.
If both lock files are found or missing, the npm.yarnProject
parameter will be used to determine which resolution to perform.
...
Will not resolve NPM/yarn dependencies.
...
True
(except for when resolveAllDependencies=false
...
-npm.resolveDependencies
...
npm.ignoreSourceFiles
...
When using the npm resolver, ignore or include the js files outside the node_modules folder.
NOTE: Only relevant when fileSystemScan is true.
...
Ignores the js files outside the node_modules folder.
...
Includes the js files outside the node_modules folder.
...
True
...
No
...
npm.includeDevDependencies
...
Whether to include dev dependencies.
...
Adds devDependencies to the scan
...
Only the prod dependencies will be scanned.
...
False
...
-npm.includeDevDependencies
...
npm.runPreStep
...
Whether to run npm install or yarn install on found package.json file.
...
Installs the NPM/yarn project.
If a yarn.lock file is identified, then
yarn installis executed.If package-lock.lock file is identified, then
npm installis executed.If both lock files are found or missing, the npm.yarnProject
parameter will be used to determine which installation command to perform.
...
Will not Install the NPM/yarn project.
...
False
...
No
...
npm.ignoreNpmLsErrors
...
Whether to ignore errors of the 'npm list' command.
...
The scan will end with SUCCESS status + hierarchy tree.
...
The scan will end with SUCCESS status + flat list.
...
False
...
No
...
npm.ignoreScripts
...
Whether to ignore the scripts in your project's package.json file.
NOTES:
Used only if npm.runPreStep = True.
Since 20.4.2 the flag is also supported for Yarn.
...
The Unified Agent executes npm install --ignore-scripts, and the scripts in your project's package.json file will not be run.
...
The npm install command will run and the scripts in your project's package.json file will be run.
...
False
...
No
...
npm.yarnProject
...
Whether this is a yarn project (or not).
...
Resolves yarn projects
...
Will not resolve yarn projects
...
False
...
No
...
npm.accessToken
...
The access token value provided by the relevant environment (Microsoft Visual Studio or Artifactory) to fetch required data from the NPM registry.
...
N/A
...
N/A
...
Empty
...
No
...
npm.identifyByNameAndVersion
...
Defines whether to fetch package data from npm registry (either private or public).
...
The Unified Agent will use only the name and the version of the package.
...
Fetches package data from npm registry (either private or public).
...
False
...
No
...
npm.yarn.frozenLockfile
...
Enables running the pre-step with the --frozen.lockfile yarn parameter.
NOTE: If enabled, then the following parameters also need to be set to True: npm.runPreStep
and npm.yarnProject.
...
Runs the pre-step with the --frozen.lockfile yarn parameter.
...
Will not run the pre-step with the --frozen.lockfile yarn parameter.
...
False
...
No
...
npm.resolveMainPackageJsonOnly
...
In npm projects, more than one package.json file can exist. Therefore, you can decide to resolve only the main package.json file (the one in the root directory) or all package.json files.
...
The Unified Agent checks if there is a package.json file in the folder passed as the -d parameter. If no such file exists, the scan will fail; otherwise, the Unified Agent will scan only this package.json.
...
The Unified Agent resolves all package.json files
...
False
...
No
...
npm.removeDuplicateDependencies
...
Whether to remove duplicate dependencies during npm dependency resolution.
...
Removes duplicate dependencies during npm dependency resolution.
...
Includes duplicate dependencies during npm dependency resolution.
...
True
...
No
...
npm.resolveAdditionalDependencies
...
Whether to resolve global dependencies and require modules.
NOTE: Require is the equivalent to import in other languages.
...
Resolves global dependencies and require modules.
...
Resolves only the dependencies that are declared in the package.json.
...
False
...
No
...
npm.resolveLockFile
...
Whether the Unified Agent will rely on the manifest (package.json) and lock file (package-lock.json) for the resolution and not rely on NPM commands. If the lock file is missing, the detection will be based on the node_modules folder.
...
The Unified Agent uses the package.json and package-lock.json to get the hierarchy tree. If the package-lock.json is missing, the detection is based on the node_modules folder.
...
The Unified Agent runs npm commands to get the hierarchy tree.
...
True
...
No
...
npm.projectNameFromDependencyFile
...
Whether the project name will be taken from the dependency file. This is a standalone parameter for the NPM resolver only, taking effect only when the npm resolver is the only active resolver.
If the Unified Agent identifies any additional resolvers besides npm that are set to True, an error is generated.
NOTE: If a productVersion was specified, it will override the project version and be part of the project's name.
...
The project name will be taken from the package.json file.
...
The project name will be taken from the CLI/configuration file.
...
False
...
No
...
npm.failOnNpmLsErrors
...
Whether to fail and exit the scan in case of npm ls errors.
...
In case an error occurs while running npm ls, the following log will be printed and the scan will stop: Errors found in 'npm ls' command, while flag npm.failOnNpmLsErrors is true program will exit.
...
In case of an error in npm ls the Unified Agent will continue to run and get as much dependencies information as possible.
...
NULL (meaning False - the scan will not fail on npm ls errors)
...
No
...
npm.resolveGlobalPackages
...
When scanning Docker images, and npm is not available, in order to extract global dependencies, this parameter eliminates the need to rely on NPM being installed and available; as the Unified Agent identifies all the global npm packages installed on the Docker image. When true - the Unified Agent will scan every package.json file inside node_modules directory. This parameter is mostly relevant when scanning Docker images.
...
Resolves all package.json files under the node_modules folder.
...
Will not scan package.json files under the node_modules folder.
...
False
...
No
Bower
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
bower.resolveDependencies
...
Whether to resolve Bower project folders.
...
Resolves Bower project folders
...
Will not resolve Bower project folders
...
True
(except for when resolveAllDependencies=false
...
No
...
bower.ignoreSourceFiles
...
When using the dependency resolver, whether to include package dependencies or package dependencies + source files.
NOTE: Only relevant when fileSystemScan is true.
...
Includes only package dependencies
...
Include package dependencies and source files
...
False
...
No
...
bower.runPreStep
...
Whether to install your Bower project.
...
Installs your Bower project
...
Does not install your Bower project
...
False
...
No
C#
NuGet
For more information regarding NuGet integration, refer here.
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
nuget.resolveDependencies
...
Whether to resolve NuGet packages.config and .csproj files.
...
Resolves NuGet packages.config and .csproj files.
...
Will not resolve NuGet packages.config and .csproj files.
...
True
(except for when resolveAllDependencies=false
...
No
...
nuget.resolvePackagesConfigFiles
...
Whether to resolve packages.config file at the project's root.
NOTE: In order for this parameter's value to impact the scan, the parameter nuget.resolveDependencies must be set to True.
...
Resolves packages.config files.
...
Will not resolve packages.config files
...
True
...
No
...
nuget.resolveCsProjFiles
...
Whether to resolve *.csproj file at the project's root.
NOTE: In order for this parameter's value to impact the scan, the parameter nuget.resolveDependencies must be set to True.
...
Resolves *.csproj file at the project's root.
...
Will not resolve *.csproj file at the project's root.
...
True
...
No
...
nuget.preferredEnvironment
...
Defines the preferred NuGet restore command. Available values are nuget and dotnet.
NOTE: This parameter will be used only if the nuget.runPreStep parameter is set to True.
...
N/A
...
N/A
...
No default
...
No
...
nuget.packagesDirectory
...
Provides a path to the directory where WhiteSource temporary files will be created (and removed at the end of a scan).
NOTE: Provide a short directory, in order to avoid errors related to the path size during the restore command.
...
N/A
...
N/A
...
No default
...
No
...
nuget.ignoreSourceFiles
...
When using the dependency resolver, whether to include package dependencies or package dependencies + source files.
NOTE: Only relevant when fileSystemScan is true.
...
Includes only package dependencies
...
Includes package dependencies and source files
...
True
...
No
...
nuget.runPreStep
...
Whether to run nuget restore on found packages.config files and dotnet restore on found csprojfiles in order to download the project's dependencies.
...
Runs dotnet restore on csproj files and nuget restore on found packages.config files in order to download all dependencies to a temporary folder, scans this folder and deletes it after fetching the dependencies.
...
Will not run dotnet restore and nuget restore on found packages.config and csproj files.
...
False
...
No
...
nuget.resolveNuspecFiles
...
Indicates whether to resolve *.nuspec file at the project's root.
NOTE: In order for this parameter's value to impact the scan, the parameter nuget.resolveDependencies must be set to True.
...
Resolves *.nuspec file at the project's root.
...
Will not resolve *.nuspec file at the project's root.
...
True
...
No
...
nuget.resolveAssetsFiles
...
Resolves obj/project.assets.json file for new .NET dependency management structure.
...
N/A
...
N/A
...
True
...
No
Paket
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
paket.resolveDependencies
...
Whether to resolve .NET dependencies using the Paket dependency manager.
...
Paket projects are resolved.
...
Paket projects will not be resolved.
...
True
(except for when resolveAllDependencies=false
...
No
...
paket.ignoredGroups
...
Which Paket scopes to ignore.
Values are comma/semi-colon/space delimited. GLOB patterns are supported, in addition to exact names.
...
N/A
...
N/A
...
No default (empty)
...
No
...
paket.ignoreSourceFiles
...
When using the Paket resolver, defines whether to ignore the .NET Paket files outside the packages folder.
NOTE: Only relevant when fileSystemScan is true.
...
Will ignore files from scan, those which have extensions such as: .nupkg, .dll, .exe, .cs, .js
...
Will not ignore the mentioned file extensions.
...
True
...
No
...
paket.runPreStep
...
Runs "paket install" on found Paket folder.
...
Will run the "paket install" command
...
Will not run the command.
...
False
...
No
...
paket.exePath
...
The path to the paket.exe file used to run "paket install".
...
N/A
...
N/A
...
No default (empty)
...
No
Python
Note the following:
Make sure that the project directory contains at least one Python extension file (it can be located in any directory, not only in the root directory).
The Unified Agent runs the command 'pip download -r requirements.txt' for every 'requirements.txt' file that it finds within the project directories (the file can reside either in the root or in a nested directory).
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
python.resolveDependencies
...
Whether to resolve python dependencies.
"requirements.txt" or "pipfile" are required.
...
Resolves python dependencies
...
Will not resolve python dependencies.
...
True
(except for when resolveAllDependencies=false
...
No
...
python.ignoreSourceFiles
...
When using the dependency resolver, it will only include package dependencies, not source files.
NOTE: Only relevant when fileSystemScan is true.
...
Ignores *.py files in scan.
...
Will not ignore files which have ".py" extension.
...
True
...
No
...
python.ignorePipInstallErrors
...
Whether to ignore errors of 'pip download -r requirements.txt' command.
...
Ignores download errors, and try to download packages one by one
...
Will consider such errors and react accordingly
...
False
...
No
...
python.installVirtualenv
...
Whether to install the pip 'virtualenv' on --user.
...
Installs a virtual environment by running "python -m pip install --user virtualenv"
...
Will not run the command
...
False
...
No
...
python.resolveHierarchyTree
...
Whether to resolve the hierarchy tree or a flat list of dependencies, requires "requirements.txt" like files.
...
Will install pipdeptree and use it to resolve and find the dependency hierarchy tree
...
Will resolve a flat list only
...
True
...
No
...
python.requirementsFileIncludes
...
Space-delimited list of dependency filenames specifying which files to be scanned for dependencies, instead of "requirements.txt", when using pip package manager.
...
N/A
...
N/A
...
requirements.txt
...
No
...
python.resolveSetupPyFiles
...
Whether to resolve python dependencies in setup.py files, and if so, it executes the setup.py script in order to install and resolve dependencies.
...
Executes setup.py in order to install and resolve dependencies
...
Will ignore setup.py files
...
False
...
No
...
python.runPipenvPreStep
...
Whether to run pipenv install command. If so, it requires "pipfile".
...
Runs the 'pipenv install' command.
...
Will not run the command
...
False
...
No
...
python.pipenvDevDependencies
...
Whether or not to install "dev" dependencies, if so it requires "python.runPipenvPreStep=true"
...
Adds --dev to the command, resulting in: "pipenv install --dev"
...
Will not adds --dev to the command
...
False
...
No
...
python.IgnorePipenvInstallErrors
...
Whether to ignore errors of the 'pipenv run pip download' command.
...
Ignores download errors, and try to download packages one by one
...
Will consider such errors and react accordingly
...
False
...
No
...
python.resolveGlobalPackages
...
Whether to resolve global packages or not. If so, it requires global package folders called site-packages or dist-packages in your scan directory.
...
If set to True and there is a site-packages or dist-packages folder, the resolution will be based on the packages under those folders.
...
Will not resolve global packages
...
False
...
No
...
python.resolvePipEditablePackages
...
The parameter handles requirements.txt files with rows (packages) with the -e flag.
Additionally, it resolves the dev dependencies of the package itself
NOTE: Currently supported only for pip.
...
Resolves the dev dependencies on the first scan.
...
Will not resolve the dev dependencies on the first scan.
...
False
...
No
...
python.path
...
Points to the python executable path.
If the executable path is already set in the environment variables, then just the executable name can be defined, e.g. in Linux "python2.7".
NOTE: This parameter replaces "python" executable with the value defined.
...
N/A
...
N/A
...
python
...
No
...
python.pipPath
...
Enables you to use different versions of pip. If set to pip3, will run "pip3" and "python -m pip3" instead of "pip" and "python -m pip".
...
N/A
...
N/A
...
pip
...
No
...
python.runPoetryPreStep
...
Whether to run "poetry install" command.
...
Will run the "poetry install" command
...
Will not run the "poetry install" command
...
False
...
No
...
python.includePoetryDevDependencies
...
Whether to scan Poetry project dev dependencies.
...
Scans Poetry project dev dependencies
...
Will ignore dev dependencies
...
False
...
No
...
python.localPackagePathsToInstall
...
A space-delimited list of local package paths that will be installed during the pre-step, if is required.
...
N/A
...
N/A
...
Empty
...
No
...
python.indexUrl
...
The local Pypi repository url, besides the official Pypi repository. Use if you have dependencies downloaded from a different source than the default pypi.
...
N/A
...
N/A
...
...
No
...
python.includePipenvDevDependencies
...
Enables you to include or exclude dev dependencies.
...
Include dev dependencies in the resolution.
...
Exclude dev dependencies in the resolution.
...
True
...
No
Go
For more information regarding Go integration, refer here.
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
go.resolveDependencies
...
Whether to resolve Go dependencies.
...
Will resolve Go projects.
...
Will not resolve Go projects.
...
True
(except for when resolveAllDependencies=false
...
No
...
go.collectDependenciesAtRuntime
...
Whether to collect Go dependencies at runtime (similar to the 'runPreStep' parameter for the other languages).
When set to True, refer here for an explanation.
...
Will run the command relevant to the select dependency manager.
...
Will not run the command
...
False
...
No
...
go.dependencyManager
...
Determines the Go dependency manager for use when scanning a Go project. Valid values are:
dep
godep
vndr
gogradle
govendor
gopm
glide
vgo
modules
If left empty, the Unified Agent will first try to resolve the dependencies using the first package manager from this list. If it fails, it continues and tries the next one until it succeeds.
...
N/A
...
N/A
...
No default (empty)
...
No
...
go.ignoreSourceFiles
...
When using the dependency resolver, it will only include package dependencies, not source files.
NOTE: Only relevant when fileSystemScan is true.
...
Will ignore .go. files from scan.
...
Will not ignore .go. files from the scan.
...
False
...
No
...
go.glide.ignoreTestPackages
...
When using the Glide resolver, whether to ignore test packages defined in the 'testImport' section of the 'glide.yaml' file.
...
Ignore test packages from the scan.
...
Does not ignore the mentioned test packages from the scan.
...
True
...
No
...
go.gogradle.enableTaskAlias
...
Enables/disables task aliasing for gogradle.
Set to True when using gogradle dependency manager and the gradle argument (in 'gradle.properties') includes 'gograld.alias=true'.
...
Enables task aliasing for gogradle.
...
Disables task aliasing for gogradle.
...
False
...
No
Modules
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
go.modules.resolveDependencies
...
Whether to resolve Go Modules dependencies.
NOTE: To enable this, you must also set go.resolveDependencies to false.
...
Resolves Go Modules dependencies.
...
Will not resolve Go Modules dependencies.
...
False
...
No
...
go.modules.ignoreSourceFiles
...
Will perform package manager based dependencies resolution only or include source files as well.
NOTE: Only relevant when fileSystemScan is true.
...
Will ignore Go source files during the scan.
...
Will not ignore Go source file.
...
True
...
No
...
go.modules.removeDuplicateDependencies
...
Whether to remove duplicate dependencies during Go Modules dependency resolution.
...
Removes duplicate dependencies during Go Modules dependency resolution.
...
Includes duplicate dependencies during Go Modules dependency resolution.
...
True
...
No
...
go.modules.includeTestDependencies
...
Whether to scan Go Modules project test dependencies.
...
Scans Go Modules project test dependencies.
...
Will not scan Go Modules project test dependencies.
...
False
...
No
Bazel
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
bazel.resolveDependencies
...
Whether to resolve Bazel dependencies
...
Resolves Bazel dependencies
...
Will not resolve Bazel dependencies
...
True
...
No
...
bazel.runPreStep
...
Indicates whether to perform a pre-step - install dependencies in case they are not installed.
...
Prior to scanning, the Unified Agent will run the Bazel build and Bazel sync.
...
Prior to scanning, the Unified Agent will not run the Bazel build and Bazel sync.
...
False
...
No
Scala
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
sbt.resolveDependencies
...
Whether to resolve Scala dependencies (using sbt).
...
Will resolve Scala dependencies.
...
The Scala dependencies will not be resolved.
...
True
(except for when resolveAllDependencies=false)
...
No
...
sbt.ignoreSourceFiles
...
When using the dependency resolver, it will include only package dependencies, not source files (file extensions .scala and .sbt).
NOTE: Only relevant when fileSystemScan is true.
...
Will ignore such source files in the scan.
...
Will scan such source files.
...
True
...
No
...
sbt.aggregateModules
...
Whether to create a single project for all modules.
...
Will gather all Scala modules' scanned dependencies into one project in the WhiteSource application.
...
A project will be created individually for each module. The name of the project will be equal to the name of the module (projectName will be ignored in this case).
...
False
...
No
...
sbt.runPreStep
...
Whether to run "sbt compile" on found in the Scala project folder.
...
Will run the "sbt compile" command.
...
Will not run the command.
...
False
...
No
...
sbt.includedScopes
...
Describes which scopes should be scanned in the Scala resolver. Users can define additional scopes.
...
N/A
...
N/A
...
The default values are "compile" and "runtime"
...
No
R
WhiteSource supports integration with R via the Packrat package manager, but can also be used by customers not using Packrat. The configuration parameters that are specifically related to the R programming language include the following:
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
r.resolveDependencies
...
Whether to resolve R dependencies defined in the DESCRIPTION file.
...
Resolves R dependencies.
...
Will not resolve R dependencies
...
True
(except for when resolveAllDependencies=false
...
No
...
r.runPreStep
...
Whether to run the Rscript command.
...
Runs the Rscript command
...
Will not run the Rscript command
...
False
...
No
...
r.ignoreSourceFiles
...
When using the dependency resolver, it will include only package dependencies, not source files.
NOTE: Only relevant when fileSystemScan is true.
...
Includes only package dependencies.
...
The scan will include package dependencies + source files.
...
True
...
No
...
r.cranMirrorUrl
...
The repository for downloading the R packages while running the pre-step.
NOTE: Required when r.runPreStep is True.
...
N/A
...
N/A
...
No default
...
No
...
r.packageManager
Describes which type of R package manager the UA should use. The default value is packrat. Setting the value to 'None' will scan R dependencies without using any package manager - it will only use basic R commands e.g. Rscript -e "installed.packages()".
...
N/A
...
N/A
...
'packrat'
...
No
PHP
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
php.resolveDependencies
...
Whether to resolve PHP dependencies (using Composer).
...
Resolves PHP dependencies
...
Will not resolve PHP dependencies
...
True
(except for when resolveAllDependencies=false
...
No
...
php.runPreStep
...
Whether to run 'composer install' on the folder.
...
Runs 'composer install' on the project folder.
...
Will not run 'composer install' on the project folder.
...
False
...
No
...
php.includeDevDependencies
...
Whether to scan PHP project dev dependencies.
...
Scans PHP project dev dependencies.
...
Will not scan PHP project dev dependencies.
...
False
...
No
...
php.removeDuplicateDependencies
...
Whether to remove duplicate dependencies during PHP dependency resolution.
...
Removes duplicate dependencies during PHP dependency resolution.
...
Includes duplicate dependencies during PHP dependency resolution.
...
False
...
No
...
php.ignoreSourceFiles
...
When using the dependency resolver, it will only include package dependencies, not source files.
NOTE: Only relevant when fileSystemScan is true.
...
The scan includes only package dependencies, not source files.
...
When using the dependency resolver, it will include package dependencies, plus source files.
...
True
...
No
Ruby
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
ruby.resolveDependencies
...
Whether to resolve Ruby dependencies.
...
Will resolve Ruby dependencies.
...
Will not resolve Ruby dependencies.
...
True
(except for when resolveAllDependencies=false
...
No
...
ruby.ignoreSourceFiles
...
When using the dependency resolver, it will include only package dependencies, not source files (file extension .rb).
NOTE: Only relevant when fileSystemScan is true.
...
Will include only such package dependencies.
...
Will scan such source files.
...
True
...
No
...
ruby.installMissingGems
...
Whether to install missing Ruby dependencies gem files.
...
Installs missing Ruby dependencies gem files.
...
Will not install missing Ruby dependencies gem files.
...
False
...
No
...
ruby.runBundleInstall
...
Whether to run bundle install on the Ruby project folder.
...
Runs bundle install on the Ruby project file folder.
...
Will not run bundle install.
...
False
...
No
...
ruby.overwriteGemFile
...
(relevant only if you enabled ruby.runBundleInstall)
Whether to overwrite Gemfile.lock or gems.locked after running Bundle Install.
...
Overwrites Gemfile.lock or gems.locked after running Bundle Install.
...
Will not overwrite Gemfile.lock or gems.locked after running Bundle Install.
...
False
...
No
HTML
For more information regarding HTML integration, refer here.
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
html.resolveDependencies
...
Whether to resolve JavaScript dependencies from HTML files.
...
Resolve JavaScript dependencies from HTML files.
...
Will not resolve JavaScript dependencies from HTML files.
...
True
...
No
Objective C, Swift
CocoaPods
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
cocoapods.resolveDependencies
...
Whether to resolve CocoaPods dependencies (using CocoaPods).
...
Resolves CocoaPods dependencies
...
Will not resolve CocoaPods dependencies
...
True
(except for when resolveAllDependencies=false
...
No
...
cocoapods.runPreStep
...
Whether to run pod install on the folder.
...
Runs pod install on the folder
...
Will not run the install command
...
False
...
No
...
cocoapods.ignoreSourceFiles
...
When using the dependency resolver, it will only include package dependencies, not source files.
NOTE: Only relevant when fileSystemScan is true.
...
Will only include package dependencies
...
Will only include package dependencies and source files
...
True
...
No
Rust
Cargo
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
cargo.resolveDependencies
...
Whether to resolve cargo dependencies. Cargo.toml should exist in the scanned directory.
...
Resolves cargo dependencies.
...
Will not resolve cargo dependencies.
...
True
(except for when resolveAllDependencies=false
...
No
...
cargo.runPreStep
...
Searches for Cargo.toml and if found, runs "cargo build" on your project's root folder.
...
Runs "cargo build" on your project's root folder.
...
Will not run cargo build" on your project's root folder.
...
False
...
No
...
cargo.ignoreSourceFiles
...
When using the dependency resolver, it will only include package dependencies, not .rs files.
NOTE: Only relevant when fileSystemScan is true.
...
When using the dependency resolver, it will only scan all package dependencies, not .rs files.
...
The Unified Agent will only scan .rs files
...
True
...
No
Elixir, Erlang
Hex
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
hex.resolveDependencies
...
Whether to resolve Elixir or Erlang dependencies.
...
Resolves Elixir or Erlang dependencies
...
Will not resolve Elixir or Erlang dependencies
...
True
(except for when resolveAllDependencies=false
...
No
...
hex.runPreStep
...
Whether to run the mix deps.get command.
...
Runs the mix deps.get command
...
Will not run the mix deps.get command
...
False
...
No
...
hex.ignoreSourceFiles
...
When using the dependency resolver, it will include only package dependencies, not source files.
NOTE: Only relevant when fileSystemScan is true.
...
Only includes package dependencies
...
Will only include package dependencies and source files
...
True
...
No
...
hex.aggregateModules
...
Whether to create a single project for all modules.
...
Creates a single project for all modules, to be displayed as a flat list
...
A project will be created for each module and displayed as a hierarchical tree.
...
False
...
No
Haskell
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
haskell.resolveDependencies
...
Whether to resolve Haskell dependencies using the Cabal package manager.
...
Resolves Haskell Cabal projects
...
Will not resolve Haskell Cabal projects
...
True
(except for when resolveAllDependencies=false
...
No
...
haskell.runPreStep
...
Runs the 'cabal sandbox init' and 'cabal install' commands on each package/project found.
for cabal version 3.* the UA will use the command "cabal new-build" and resolve the file plan.json
...
Runs 'cabal install'
If sandbox is missing it will run 'cabal sandbox init' (before cabal install)
...
The Unified Agent assumes that a sandbox already exists in each package, and will fail otherwise.
...
False
...
No
...
haskell.ignoreSourceFiles
...
When using the dependency resolver, it will only include package dependencies, not source files.
NOTE: Only relevant when fileSystemScan is true.
...
Ignores .hs and .lhs files from scan.
...
Will not ignore .hs and .lhs files from the scan.
...
True
...
No
...
haskell.ignorePreStepErrors
...
Ignores errors from preStep commands and continues trying to resolve dependencies.
...
Behaves according to 'failErrorLevel' flag
...
Will continue the scan, ignoring any errors in the pre-step process.
...
False
...
No
Ocaml
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
ocaml.resolveDependencies
...
Whether to resolve dependencies.
...
Resolves Ocaml projects.
...
Will not resolve Ocaml projects.
...
False
(except for when resolveAllDependencies=false)
...
No
...
ocaml.runPreStep
...
Whether to install required dependencies.
...
Installs required dependencies.
...
Will not install required dependencies.
...
False
...
No
...
ocaml.ignoreSourceFiles
...
When using the dependency resolver, it will only include package dependencies, not source files.
NOTE: Only relevant when fileSystemScan is true.
...
Includes package dependencies, not source files.
...
Will include package dependencies and source files.
...
True
...
No
...
ocaml.switchName
...
switch name used for install current project dependencies
...
N/A
...
N/A
...
The default uses activated switch
...
No
...
ocaml.ignoredScopes
...
Define which exact scope names to ignore. Available values are
with-test
with-doc
none
...
N/A
...
N/A
...
No, default is "with-test with-doc"
...
No
...
ocaml.aggregateModules
...
Whether to aggregate all opam packages/modules.
...
Aggregates all opam packages/modules.
...
Will not aggregate opam packages/modules.
...
False
...
No
Bazel
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
bazel.resolveDependencies
...
Whether to resolve Bazel dependencies
...
Resolves Bazel dependencies
...
Will not resolve Bazel dependencies
...
True
...
No
...
bazel.runPreStep
...
Indicates whether to perform a pre-step - install dependencies in case they are not installed.
...
Prior to scanning, the Unified Agent will run the Bazel build and Bazel sync.
...
Prior to scanning, the Unified Agent will not run the Bazel build and Bazel sync.
...
False
...
No
Includes/Excludes Glob Patterns
Which files to include/exclude in the scan (file extensions, file names. folder names, etc.). These parameters can receive a list of arguments delimited by a comma, semicolon, or space.
Use only one exclude line and one include line.
includes=**/*.c **/*.cc **/*.cp **/*.cpp **/*.cxx **/*.c++ **/*.h **/*.hpp **/*.hxx
#includes=**/*.m **/*.mm **/*.js **/*.php
#includes=**/*.jar
#includes=**/*.gem **/*.rb
#includes=**/*.dll **/*.cs **/*.nupkg
#includes=**/*.tgz **/*.deb **/*.gzip **/*.rpm **/*.tar.bz2
#includes=**/*.zip **/*.tar.gz **/*.egg **/*.whl **/*.py
#Exclude file extensions or specific directories by adding **/*.<extension> or **/<excluded_dir>/**
excludes=**/*sources.jar **/*javadoc.jar
case.sensitive.glob=false
followSymbolicLinks=true
Archive Properties
Properties related to archive file extraction (.rar,.zip, .jar).
The drill-down hierarchy is limited to a maximum of seven and can be modified in the configuration file.
By default, the drill-down hierarchy level is zero - no drill-down.
For a list of supported archive file types, refer here.
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
#archiveExtractionDepth
...
The number of levels to extract from archive files (up to 10)
...
N/A
...
N/A
...
0 (no scan will occur)
...
No
...
#archiveIncludes=**/*.war **/*.ear
...
Comma, space or line-delimited list specifying which archive files to include during the scan
...
N/A
...
N/A
...
The default value is ""
...
No
...
#archiveExcludes=**/*sources.jar
...
Comma, space or line-delimited list specifying which archive files to exclude during the scan
...
N/A
...
N/A
...
The default value is ""
...
No
Scan Modes
Scan mode options (Docker images, Docker containers, etc.).
Docker Images
For more information regarding Docker images, see here.
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
docker.scanImages
...
See here for more information on scanning Docker images.
...
Only the Docker image scan will occur.
...
Docker image scan will not take place.
...
False
...
-docker.scanImages
...
docker.includes
...
Comma, space or line-delimited list specifying which images to include in the scan.
Values provided should come from either of the following:
Repository (image name)
Tag
Image ID
...
N/A
...
N/A
...
The default value is ".*.*"
(All images will be scanned)
...
No
...
docker.excludes
...
Comma, space or line-delimited list specifying which images to exclude in the scan.
Values provided should come from either of the following:
Repository (image name)
Tag
Image ID
...
N/A
...
N/A
...
The default value is ""
(No images will be excluded)
...
No
...
docker.pull.enable
...
Whether to execute "pull" from all from all relevant registries
...
Executes 'pull' from all relevant registries
...
Will not pull anything
...
False
...
No
...
docker.pull.images
...
Pull Docker images that match the specified filter (string).
Can include regular expressions or a list of space-delimited values.
...
N/A
...
N/A
The default value is ""
(all images will be pulled)
...
No
...
docker.pull.maxImages
...
Defines the maximum number of images to be pulled. When this number of pulled images is reached, no more images are pulled.
...
N/A
...
N/A
...
10
...
No
...
docker.pull.tags
...
Pulls Docker images whose tags match the specified filter (string).
Can include regular expressions or a list of space-delimited values.
...
N/A
...
N/A
...
The default value is ""
(all images will be pulled)
...
No
...
docker.pull.digest
...
Pull Docker images whose digests match the specified filter (string).
Can include regular expressions or a list of space-delimited values.
...
N/A
...
N/A
The default value is ""
(all images will be pulled)
...
No
...
docker.delete.force
...
Enables WhiteSource to use Docker to delete images via the 'force' flag. This is required if the user pulled images that are related to other images, so in this case a regular delete may not work.
NOTE: Use this parameter with caution.
...
WhiteSource uses Docker to delete images via the 'force' flag.
...
WhiteSource will not use Docker to delete images via the 'force' flag.
...
False
...
No
...
docker.login.sudo
...
Whether the Unified Agent will run 'sudo docker login'.
...
The Unified Agent will run 'sudo docker login'.
...
The Unified Agent will not run 'sudo docker login'.
...
True
...
No
...
docker.projectNameFormat
...
Determine's the Docker project's name's format.
If the value is set to default, the project name created in WhiteSource comprises the Docker repository name, tag and ID, in the following format:
| Code Block |
|---|
<Image Name> <Image Tag> <Image ID> |
If the value is set to repositoryNameAndTag, then the project name created in WhiteSource comprises the Docker repository name and tag, in the following format:
| Code Block |
|---|
<Image Name> <Image Tag> |
If the value is set to repositoryName, the project name comprises only the Docker repository name:
| Code Block |
|---|
<Image Name> |
...
N/A
...
N/A
...
"DEFAULT"
...
No
...
docker.aws.enable
...
Enables pulling Docker Images from Amazon Elastic Container Registry (ECR).
NOTE: If set to True, the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True.
...
Pulls Docker Images from Amazon Elastic Container Registry (ECR).
...
Will not pull Docker Images from Amazon Elastic Container Registry (ECR).
...
False
...
No
...
docker.aws.registryIds
...
The Registry IDs list on Amazon Web Services (the AWS 12-digit account IDs that correspond to the Amazon ECR registries). The list must include the following:
Full registry IDs and no GLOB patterns.
At least one registry ID. Values are space-delimited.
NOTE: Required if docker.aws.enable=true.
...
N/A
...
N/A
...
No default
...
No
...
docker.azure.enable
...
Enables pulling Docker Images from Azure Container registry.
NOTE: If set to True, the 'docker.scanImages' and 'docker.pull.enable' parameter values must also be set to True.
...
Pulls Docker Images from Azure Container registry.
...
Will not pull Docker Images from Azure Container registry.
...
False
...
No
...
docker.azure.userName
...
Username for Azure Container registry.
NOTE: Required if docker.azure.enable is True.
...
N/A
...
N/A
...
No default
...
No
...
docker.azure.userPassword
...
Password for Azure Container registry.
NOTE: Required if if docker.azure.enable=true. However, it is not mandatory if you already logged in manually to your Azure account via the Azure Client CLI.
...
N/A
...
N/A
...
No default
...
No
...
docker.azure.registryNames
...
Docker registry names in Azure Container registry, space-delimited.
NOTE: Required if docker.azure.enable=true.
...
N/A
...
N/A
...
No default
...
No
...
docker.azure.authenticationType
...
Whether to use “containerRegistry” or "userAccount" as the authentication type.
Using "userAccount" login method requiere setting should be filled "docker.azure.userName" and "docker.azure.userPassword"
Using "containerRegistry", login method will login to each registry using registry username and password provided in config file in the param docker.azure.registryAuthenticationParameters
...
N/A
...
N/A
...
userAccount
...
No
...
docker.azure.registryAuthenticationParameters
...
Registry authentication parameters should contain username and password for each registry in the following format <registryUsername>:<registryPassword>. If there are more than one registry contain in docker.azure.registryNames param then username and password should be provided separated by space:
<registry1UserName>:<registry1Password> <registry2UserName>:<registry2Password>
...
N/A
...
N/A
...
No default
...
No
...
docker.artifactory.enable
...
Enables pulling Docker Images from the Artifactory Pro Docker registry.
NOTE: Verify that the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True.
...
Pulls Docker Images from the Artifactory Pro Docker registry.
...
Will not pull Docker Images from the Artifactory Pro Docker registry.
...
False
...
No
...
docker.artifactory.url
...
Artifactory URL including http:// or https:// and contextpath (Artifactory default contextPath is “/artifactory" )
NOTE:
Required if if docker.artifactory.enable=true.
Where read-only users are created via docker.artifactory.dockerAccessMethod, this must consist of http/s://<public server name>:<HTTP/S port>/<public context path>.
...
N/A
...
N/A
...
No default
...
No
...
docker.artifactory.pullUrl
...
If ‘docker.artifactory.pullUrl’ is empty, use original behavior of 'docker.artifactory.url'
If ‘docker.artifactory.pullUrl’ is not empty use it as URL to docker [login/pull] commands while ‘docker.artifactory.url’ is used to run REST API command for artifactory.
...
N/A
...
N/A
...
No default
...
No
...
docker.artifactory.userName
...
Username for Artifactory Pro Docker registry
NOTE: Required if docker.artifactory.enable=true.
...
N/A
...
N/A
...
No default
...
No
...
docker.artifactory.userPassword
...
Password for Artifactory Pro Docker registry.
NOTE: Required if docker.artifactory.enable=true.
...
N/A
...
N/A
...
No default
...
No
...
docker.artifactory.repositoriesNames
...
Repository names in Artifactory Pro Docker registry, space-delimited list.
NOTE: Required if docker.artifactory.enable=true.
...
N/A
...
N/A
...
No default
...
No
...
docker.artifactory.dockerAccessMethod
...
Required when the user has read-only access.
Values are: repopath, subdomain, port.
In case customers use port method 'docker.artifactory.dockerAccessMethod=port', 'repository port' must be added to each repository in ‘docker.artifactory.repositoriesNames' in this format: <repositoryName>:<repositoryPort>
...
N/A
...
N/A
...
No default
...
No
...
docker.hub.enabled
...
Enables pulling Docker Images from the Docker Hub registry.
NOTE: Verify that the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True.
...
Pulls Docker Images from the Docker Hub registry.
...
Will not pull Docker Images from the Docker Hub registry.
...
False
...
No
...
docker.hub.userName
...
Username for Docker Hub registry.
NOTE: Required if docker.hub.enable=true
...
N/A
...
N/A
...
No default
...
No
...
docker.hub.userPassword
...
Password required for Password for Azure Container registry.
NOTE: Required if docker.hub.enable=true
...
N/A
...
N/A
...
No default
...
No
...
docker.hub.organizationsNames
...
Space-delimited list of organizations under the user to be scanned.
NOTE: Required if docker.hub.enable=true.
...
N/A
...
N/A
...
No default
...
No
...
docker.scanTarFiles
...
Used when the user supplies the tar file of a Docker image.
...
The Unified Agent will scan the .tar file as a Docker image.
...
The Unified Agent will not scan the .tar file as a Docker image.
...
False
...
No
...
docker.gcr.repositories
...
A list of repositories, comma-delimited.
If empty, the Unified Agent will use the default repository.
Example value:
gcr.io/whitesource-main,gcr.io/whitesource-johnsmith
...
N/A
...
N/A
...
Empty
...
No
...
docker.gcr.enable
...
Enables pulling Docker Images from Google Container Registry with Docker.
NOTE: Verify that the docker.scanImages and docker.pull.enable parameter values are also set to 'true'
...
Pulls Docker Images from Google Container Registry with Docker.
...
Will not pull Docker Images from Google Container Registry with Docker.
...
False
...
No
...
docker.gcr.account
...
Email of Google Container Registry account.
...
N/A
...
N/A
...
Empty
...
No
...
docker.layers
...
Enables users scanning docker images to receive information regarding packages in layer granularity. The layer granularity can be viewed in the interface under the hierarchical display.
...
Provides information packages in layer granularity. The scan will split the result into layers, each layer contains all packages/libraries and files found under the layer (in case a package was added at layer 2 and deleted from 3, it will not appear at all in the result, since its not part of the final result).
...
Will not provide the aforementioned information.
...
False
...
No
Docker Containers
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
docker.scanContainers
...
Scan all or specified containers.
When set to True, only Docker container scan will occur. This will include the detection of Linux packages, and a general scan of the container file system for package managers' based resolution and identification of source files/binaries.
Before starting a container scan, run the command "docker ps -a" to check for listed containers.
See here for more information on scanning Docker images.
...
Only the Docker container scan will occur.
...
Docker container scan will not take place.
...
False
...
No
...
docker.containerIncludes
...
Comma, space or line-delimited list specifying which containers to include in the scan.
Values provided should come from any of the following:
Container ID
Container name
Image name
...
N/A
...
N/A
...
The default value is "*" (all containers will be scanned)
...
No
...
docker.containerExcludes
...
Comma, space or line separated list specifying which containers to exclude in the scan.
Values provided should come from any of the following:
Container ID
Container name
Image name
...
N/A
...
N/A
...
The default value is "" (no container will be excluded)
...
No
Linux Package Manager Settings
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
scanPackageManager
...
Scans Linux packages by their file name and version. Supported package types are Debian, RPM, Alpine, Arch Linux, and DNF.
Depending on the package type, one of the following commands will be run:
Debian: dpkg -l
RPM: rpm -qa
Alpine: apk -vv info
Arch Linux: pacman -Q
DNF/ centOS:8 - no command, image should contain at least journal.log file (installation log) and rpm.dnf.log file (in case of system packages update was executed).
...
The Linux packages mentioned here will be resolved. All other dependency resolvers will be disabled even if the 'resolveDependencies' parameter is set to True.
...
No operating system packages will be scanned.
...
False
...
No
Serverless Settings
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
serverless.provider
...
Provider of serverless functions
...
N/A
...
N/A
...
aws-lambda
...
No
...
serverless.scanFunctions
...
Whether or to run the serverless functions
...
Scans serverless functions
...
Will not scan serverless functions
...
False
...
No
...
serverless.includes
...
Comma, space or line-delimited list of GLOB patterns specifying which serverless functions to run.
...
N/A
...
N/A
...
Empty string
...
No
...
serverless.excludes
...
Comma, space or line-delimited list of GLOB patterns specifying which serverless functions to exclude.
...
N/A
...
N/A
...
Empty string
...
No
...
serverless.region
...
The provider's region.
...
N/A
...
N/A
...
Empty string
...
No
...
serverless.maxFunctions
...
The maximum number of functions that can be run.
...
N/A
...
N/A
...
10
...
No
Artifactory Settings
For more information regarding Artifactory integration, see here.
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
artifactory.enableScan
...
Whether to run Artifactory repository scanner
...
Runs the Artifactory repository scanner (not the Unified Agent).
...
Will not run the Artifactory repository scanner
...
False
...
No
...
artifactory.url
...
Artifactory host URL.
NOTES
Required when
artifactory.enableScanis True.
...
N/A
...
N/A
...
No default
...
No
...
artifactory.accessToken
...
Artifactory access token.
NOTES:
Required when
artifactory.enableScanis TrueWhen
artifactory.userName&artifactory.userPasswordare available; If all 3 parameters are available - the username/password have priority)
...
N/A
...
N/A
...
No default
...
No
...
artifactory.repoKeys
List of repository names space/comma-delimited.
NOTE: Required when artifactory.enableScan is True.
...
N/A
...
N/A
...
No default
...
No
...
artifactory.userName
...
Artifactory user name
NOTE: Required when artifactory.enableScan is True, unless artifactory.accessToken is available.
...
N/A
...
N/A
...
No default
...
No
...
artifactory.userPassword
...
Artifactory user password
NOTE: Required when artifactory.enableScan is True, unless artifactory.accessToken is available.
...
N/A
...
N/A
...
No default
...
No
...
artifactory.includes
...
Comma, space or line separated list of GLOB patterns specifying which Artifactory repositories/folders/files to scan.
...
N/A
...
N/A
...
Empty
...
No
...
artifactory.excludes
...
Comma, space or line separated list of GLOB patterns specifying which Artifactory repositories/folders/files to exclude.
...
N/A
...
N/A
...
Empty
...
No
Proxy Settings
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
proxy.host
...
Proxy hostname
...
N/A
...
N/A
...
The default value is ""
...
-proxy.host
...
proxy.port
...
Proxy port number
...
N/A
...
N/A
...
The default value is ""
...
-proxy.port
...
proxy.user
...
Proxy username
...
N/A
...
N/A
...
The default value is ""
...
-proxy.user
...
proxy.pass
...
Proxy password
...
N/A
...
N/A
...
The default value is ""
...
-proxy.pass
SCM Settings
For customers using SCM (Git, SVN, Mercurial), define the relevant settings (type, user, password).
...
Configuration File Parameter
...
Description and Expected Behavior
...
If True
...
If False
...
Default
...
Command Line Parameter Available?
...
scm.type
...
A comma-delimited list of all scm types (Git, SVN, mercurial (select one).
NOTE: Required if remote repository connection is requested.
...
N/A
...
N/A
...
The default value is ""
...
No
...
scm.user
...
Username to connect to the remote repository.
NOTE: Required if the repository is private and requires credentials.
...
N/A
...
N/A
...
The default value is ""
...
No
...
scm.pass
...
Password to connect to the remote repository.
NOTES:
When using SSH to fetch a Git repository, set this value to the passphrase of your private key (as specified in scm.ppk). If there is no passphrase, then leave this parameter empty.
Required if the repository is private and requires credentials.
A Personal Access Token (PAT) can be used in place of a password if the scm.url is https.
...
N/A
...
N/A
...
The default value is ""
...
No
...
scm.ppk
...
Path to the private key.
NOTE: Required if the repository requires an SSH connection.
...
N/A
...
N/A
...
The default value is ""
...
No
...
scm.url
...
URL of the remote repository. e.g: https://github.com/XXXX/XXXX.git .
For on-premises repositories, provide the URL of the on-premises instance.
NOTE: Required if the remote repository connection is requested.
...
N/A
...
N/A
...
The default value is ""
...
No
...
scm.branch
...
Name of the branch to scan.
...
N/A
...
N/A
...
The default value is ""
...
No
...
scm.tag
...
Name of the tag to scan.
...
N/A
...
N/A
...
The default value is ""
...
No
...
scm.npmInstall
...
Whether or not to perform 'npm install' when package.json was found
...
Performs 'npm install' when package.json is found
...
Will not perform 'npm install' when package.json is found
...
True
...
No
...
scm.npmInstallTimeoutMinutes
...
npm install timeout in minutes
...
N/A
...
N/A
...
15 minutes
...
No
...
scm.repositoriesFile
...
A URL of JSON file that contains a list of remote repositories.
...
N/A
...
N/A
...
The default value is ""
...
-scm.repositoriesFile
Configuring the Unified Agent by Environment Variables
All the parameters available in the Unified Agent configuration file can be also set using environment variables.
The naming convention for the environment variables:
A parameter name as defined in the configuration file <a link to the config file/parameters table> converted to upper case with each dot (.) replaced by an underscore (_).
WS_ prefix is added to the definition above
For example the maven.runPreStep parameter can be set using the WS_MAVEN_RUNPRESTEP environment variable.
Environment variables can be used in several ways:
Passed to the Unified Agent in the command line, for example:
WS_PROJECTNAME=my-awesome-project java -jar ../wss-unified-agent.jarBe set prior to the run, available for the current shell session only:
Linux and MacOS:export WS_PROJECTNAME=my-awesome-projectjava -jar ../wss-unified-agent.jar
Windows:set WS_PROJECTNAME=my-awesome-projectjava -jar ../wss-unified-agent.jarBe set prior to the run to persist between shell sessions:
For Linux and macOS using a shell startup script
For Windows using
setxcommand
Command Line Parameters
NOTE: This table is not a complete list of command-line parameters. For command-line parameters that have corresponding (standard) configuration file parameters, refer to the Command Line Parameter Available column on the right side of the above tables.
...
Parameter
...
Type
...
Description
...
Required
...
Default
...
-c
...
String
...
Configuration file name (including file path).
...
No
...
The default file name is 'wss-unified-agent.config'
Starting from version 19.1.1, the default file is 'wss-unified-agent.config'.
If this file is not found, then the Unified Agent searches for a 'whitesource-fs-agent.config' file.When using the -detect flag, the generated configuration file is wss-generated-file.config and it should be explicitly stated:
-c wss-generated-file.config
...
-d
...
String
...
Comma-separated list of directories and/or files to scan
...
No
...
N/A
...
-f
...
String
...
File list path
...
No
...
N/A
...
-v
...
String
...
Query the Unified Agent for its version
...
No
...
N/A
...
-archiveFastUnpack
...
Boolean
...
Fast unpacking of archive files
...
No
...
False
...
-requestFiles
...
String
...
Comma-separated list of paths to offline request files.
Regarding the priority of the parameters usage, the Unified Agent searches for the CLI argument, then the configuration file parameter (if not found in the CLI), and then the offline request parameter (if not found in the configuration file).
If multiple request files are provided, then the data from the first offline request is used. Note that the 'projectName', 'projectToken', and 'projectVersion' are fetched from each request file.
If '-d' is explicitly provided when '-requestFiles' is also used, then the Unified Agent does not scan the local folder (which '-d' points to). Instead, it scans only the offline request file(s) provided. '-d' will be ignored in this scenario.
...
No
...
When a single request file is provided and if neither 'productName' or 'productToken' values are set in the CLI, Config and Offline request file, then the default product name is 'My Product'.
...
-whiteSourceFolderPath
...
String
...
A path to the 'whiteSource' directory. The WhiteSource folder is created when checking policies and creating an offline file. Path can be absolute or relative.
...
No
...
The default location of the 'whitesource' folder is the working directory from which the Unified Agent is run.
...
-requirementsFileIncludes
(there is only python)
...
String
...
Comma-separated list of dependency filenames specifying which files to be scanned for dependencies.
...
No
...
requirements.txt
...
-noConfig
...
Boolean
...
When set to True, you can run a scan without using a configuration file. However, in this case, parameters -projectToken or -project
and -apiKey are mandatory.
Unless explicitly provided, the default wss.url parameter value is https://saas.whitesourcesoftware.com/agent
...
No
...
False
...
-detect
...
When this parameter is added, the Unified Agent will analyze the scanned files and will create a new .config file with the relevant configuration parameters. The new configuration file will contain the resolveDependencies parameters according to the discovered package managers. For each manifest file, we will set the relevant parameter to True.
Usage: java -jar unified-agent.jar -detect
For example, if a bower.json file is found in the project folder, bower.resolveDependencies will be set to True in the newly created configuration file.
...
No
...
By default, the detection is based on the current directory where the Unified Agent jar is located. To change this, add the -d parameter.
For example use: java -jar unified-agent.jar -detect -d projectFolder
...
-help or -h
...
Boolean
...
The Unified Agent prints the parameters that can be used from the CLI.
...
No
...
-logLevel
...
String
...
Specifies the minimal log level printed to stdout.
...
No
...
info
...
-proxy
...
String
...
Proxy info in the following format:
scheme://<user>:<password>@host:port/
...
is available at: https://docs.mend.io/bundle/unified_agent/page/unified_agent_configuration_parameters.html