Versions Compared

Old Version 17

changes.mady.by.user Michael Hollander

Saved on

compared with

New Version 23

changes.mady.by.user Tsur Rothfeld

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This integration does not support Azure DevOps Server (TFS) installations.

Info

Major improvements to the Azure DevOps integration will be introduced in July 2021. The underlying scanning mechanism will be modified to allow a direct WhiteSource scan from within the Azure DevOps pipeline. As part of this change, the following updates will be introduced:

  • The extension activation procedure will be moved to the Organization settings section by navigating to Organization settings > Extensions > WhiteSource page.

  • The WhiteSource tab under Project > Pipelines will be deprecated.

  • The WhiteSource Open Source Risk Report will be available at the Azure DevOps build level only, deprecating the project level aggregated report.

  • The direct WhiteSource scan from within the Azure DevOps pipeline will be the only scanning option.

The WhiteSource Bolt extension enables you to do the following:

...

  • Your Azure DevOps organization is connected to an Azure Active Directory via Organization Settings > Azure Active Directory.

  • You do not have any existing WhiteSource extensions installed. If so, these must be uninstalled.

  • An activation key is required for adding this extension to more than one Azure DevOps organization. You can obtain this activation key from the Integrate page within your WhiteSource Essentials trial. This also means that once the Essentials trial is over, you will no longer be able to install Bolt on additional Azure DevOps organizations.

  • If you are using a proxy server or a self-hosted build agent, open communication to the domain "whitesourcesoftware.com" and its subdomains. In case your proxy configuration requires authentication, ensure your build agent is properly configured. For further information, see Deploy an agent on Windows.note that running it behind a web proxy is not currently supported.

Installing the Extension

To install the extension, do as follows:

...

  1. In the pipeline edit page, from the right side, click Show assistant. The Tasks sidebar is displayed.

  2. In the search bar, enter whitesource. The WhiteSource task is displayed.

  3. Click the WhiteSource Bolt task.

  4. From the bottom right corner, click Add. The WhiteSource Bolt task is added to the pipeline.

    Code Block
    - task: WhiteSource@21
  inputs:
    cwd: '$(System.DefaultWorkingDirectory)'

  5. (Optional) To specify the name of the WhiteSource project to be created in WhiteSource Essentials, add the following to the WhiteSource task. In the following example, replace New_Project_Name with the name you want to give your WhiteSource project:
    NOTE: You cannot change the project name after the first build run.

    Code Block
    - task: WhiteSource@21
  inputs:
    cwd: '$(System.DefaultWorkingDirectory)'
    projectName: 'New_Project_Name'

  6. Click Save & queue.

NOTE: The WhiteSource task can be moved to other locations within the steps section, depending on your preferences.

...

The WhiteSource Bolt report is available on a pipeline build level and it comprises 3 tabs: Inventory, Security Vulnerabilities, and License Risks. You can view the WhiteSource report at a build or project level (aggregated report of all your builds). NOTE: There is a current known issue where a fourth tab, Outdated Libraries,is displayed. This issue will be fixed on February 28, 2021.

Viewing the Report

To view the report, do as follows:

...