Versions Compared

Old Version 36

changes.mady.by.user Vital Batyr

Saved on

compared with

New Version 37

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

WhiteSource Advise supports JavaScript projects using npm (package.json dependency files) that include a package-lock.json file.

NOTE: Yarn projects are not supported.

Prerequisites

Ensure the following:

...

  1. Start WebStorm.

  2. From the menu bar, select File > Settings. The Settings screen is displayed.

  3. From the left sidebar, click Plugins.

  4. In the Search box, enter whitesource and then press Enter from your keyboard. The WhiteSource Advise plugin information is displayed.

  5. Click Install and then click Restart IDE.

  6. In the pop-up dialog box, click Restart.

Activating WhiteSource Advise

...

  1. Start WebStorm, specifying the preferred project.

  2. From the sidebar on the right, click WhiteSource (if you do not see the sidebar, select View >Tool Windows > WhiteSource). The Welcome screen is displayed.

  3. In Email, enter your organizational email (the email domain must be licensed to use Advise).

  4. In License Key, enter your license key (See here for more information on how to obtain a license key). 

  5. Click Connect.

NOTE: If you check Remember Token, the login credentials will be stored for later use. Once stored, the WhiteSource Advise login credentials will be used for all projects.

...

  • From the menu bar, select Tools > WhiteSource Advise

  • From the top toolbar, click the WhiteSource icon

  • Do as follows:

    1. From the sidebar on the right, click WhiteSource.

    2. From the top, click Advise.

    3. Click Run WhiteSource Advise.

Developer Focus Mode

...

  • To quickly locate the component referenced by a reported vulnerability in the project’s package.json view, double-click the component in the WhiteSource security check tab. The referenced component description in the package.json file will be displayed and highlighted in the main code view.

  • To quickly locate vulnerability analysis results for a component in the package.json view, click the WhiteSource Advise severity icon displayed to the left of that component reference in the package.json file. Note that the icon denotes the severity of the vulnerability (yellow: low severity; orange: medium severity; red: high severity). A tooltip featuring relevant analysis details including a dependency path from the proprietary code to the open-source component will be displayed. Vulnerability details are also displayed as part of the tooltip and include the vulnerability identifier (e.g., CVE), severity, and a fix suggestion if available. For transitive dependencies there is also a direct fix - a condensed description of the recommended course of action over the direct dependency is given. A Details link is displayed which leads to the WhiteSource Vulnerability Database, providing more information on the specific vulnerability.

  • To quickly display an analysis summary for a component in the package.json view, hover the mouse pointer over the code for the component in that view; a tooltip will be displayed, featuring a list of all vulnerabilities found within the particular component.

...

  • From the sidebar on the right, click WhiteSource (if you do not see the sidebar, select View >Tool Windows > WhiteSource). The Welcome screen is displayed.

  • From the Welcome screen, click About. 

The About screen displays information about the Advise plugin's version, general information on your IDE, along with links for Privacy policy and Terms and Conditions.

Upgrading WhiteSource Advise 

...

  1. From the menu bar, select File > Settings > Plugins. Ensure that you are in the Installed tab. A list of installed plugins is displayed.

  2. In the Downloaded section, search for WhiteSource Advise, and on the right-hand side, click Update.
    NOTE: If there is no new version, the Update button will not appear, and there is no need to continue this procedure. 

  3. Select WhiteSource Advise.

  4. If you are prompted to restart, do so.

...

  1. From the menu bar, select File > Settings > Plugins. Ensure that you are in the Installed tab. A list of installed plugins is displayed. 

  2. In the Downloaded section, search for WhiteSource Advise and click it. The WhiteSource Advise plugin page is displayed.

  3. On the right-hand side, click the drop-down box, and then click Uninstall. The Plugin Uninstall dialog box is displayed. 

  4. Click Yes to confirm.

  5. If you are prompted to restart, do so.