Major improvements to the Azure DevOps integration will be introduced in July 2021. The underlying scanning mechanism will be modified to allow a direct WhiteSource scan from within the Azure DevOps pipeline. As part of this change, the following updates will be introduced:
The WhiteSource Bolt extension enables you to do the following:
Your Azure DevOps organization is connected to an Azure Active Directory via Organization Settings > Azure Active Directory.
You do not have any existing WhiteSource extensions installed. If so, these must be uninstalled.
An activation key is required for adding this extension to more than one Azure DevOps organization. You can obtain this activation key from the Integrate page within your WhiteSource Essentials trial. This also means that once the Essentials trial is over, you will no longer be able to install Bolt on additional Azure DevOps organizations.
If you are using a proxy server or a self-hosted build agent, open communication to the domain "whitesourcesoftware.com" and its subdomains. In case your proxy configuration requires authentication, ensure your build agent is properly configured. For further information, see Deploy an agent on Windows.note that running it behind a web proxy is not currently supported.
Installing the Extension
To install the extension, do as follows:
In the pipeline edit page, from the right side, click Show assistant. The Tasks sidebar is displayed.
In the search bar, enter whitesource. The WhiteSource task is displayed.
Click the WhiteSource Bolt task.
From the bottom right corner, click Add. The WhiteSource Bolt task is added to the pipeline.
- task: WhiteSource@21 inputs: cwd: '$(System.DefaultWorkingDirectory)'
(Optional) To specify the name of the WhiteSource project to be created in WhiteSource Essentials, add the following to the WhiteSource task. In the following example, replace
New_Project_Namewith the name you want to give your WhiteSource project:
NOTE: You cannot change the project name after the first build run.
- task: WhiteSource@21 inputs: cwd: '$(System.DefaultWorkingDirectory)' projectName: 'New_Project_Name'
Click Save & queue.
NOTE: The WhiteSource task can be moved to other locations within the steps section, depending on your preferences.
The WhiteSource Bolt report is available on a pipeline build level and it comprises 3 tabs: Inventory, Security Vulnerabilities, and License Risks. You can view the WhiteSource report at a build or project level (aggregated report of all your builds). NOTE: There is a current known issue where a fourth tab, Outdated Libraries,is displayed. This issue will be fixed on February 28, 2021.
Viewing the Report
To view the report, do as follows: