| Info |
|---|
With the release of the WhiteSource Unified Agent (previously called the File System Agent (FSA)), WhiteSource will no longer provide standard support, including updates and fixes for the Maven plugin after May 4th, 2019. Extended Support (limited to configuration & support/troubleshooting) will be provided until November 1st, 2019. Please migrate to the Unified Agent before this date. This plugin will no longer be supported by WhiteSource on November 2nd, 2019. The WhiteSource Support team is ready to assist with the necessary changes required to use the Unified Agent and can be contacted via the Customer Community. |
...
| Name | Type | Description | -D Parameter |
|---|---|---|---|
timeFormat | String | Set logging datetime format. Default value is [HH:mm:ss] | org.whitesource.timeFormat Since version 17.11.3 |
| checkPolicies | Boolean | Set to true to check policies before update. Default value is: false.e | org.whitesource.checkPolicies Since version 3.1.6 |
| forceCheckAllDependencies | Boolean | Optional. Set to true to force check all policies for all dependencies, used only if checkPolicies is set to true. | org.whitesource.forceCheckAllDependencies Since version 3.1.7 |
| forceUpdate | Boolean | Optional. Updates organization inventory regardless of policy violations. | org.whitesource.forceUpdate Since version 3.2.8 |
| product | String | Product name or token. | org.whitesource.product Since version 3.2.8 |
| productVersion | String | Product version. Use this to override the version in each module. | org.whitesource.productVersion Since version 3.2.8 |
| projectToken | String | Unique identifier of the White Source project to update. If omitted, default naming convention will apply. | |
| moduleTokens | Map | Map of module artifactId to White Source project token. See example | |
| includes | String[] | Only modules with an artifactId matching one of these patterns will be processed by the plugin. Should be used like this: <includes> | |
| excludes | String[] | Modules with an artifactId matching any of these patterns will not be processed by the plugin. Should be used like this: <excludes> | |
| ignore | Boolean | Set to true to ignore this maven project. Overrides any include patterns. Default value is: false. | |
| ignorePomModules | Boolean | Set to true to ignore this maven modules of type pom. Default value is: true. | org.whitesource.ignorePomModules Since version 3.2.8 |
| ignoredScopes | String[] | By default the maven plugin ignores direct dependencies with scope 'test' and 'provided'. | org.whitesource.ignoredScopes Since version 3.3.1 |
| failOnError | Boolean | Indicates whether the build will continue even if there are errors. Default value is: false. | org.whitesource.failOnError Since version 3.2.8 |
| skip | Boolean | Set to true to skip the maven execution. Default value is: false. | |
| reportAsJson | Boolean | Set to true to create the check policies report as a text file in JSON format instead of the regular HTML format report. | |
| aggregateModules | Boolean | Set to true to combine all pom modules into a single WhiteSource project with an aggregated dependency flat list (no hierarchy). Default value is: false. | org.whitesource.aggregateModules Since version 3.2.8 |
| preserveModuleInfo | Boolean | Optional. Works only if the 'aggregateModules' parameter is set to 'true'. It creates a hierarchy tree for modules that appear in the root POM. | org.whitesource.preserveModuleInfo Since version 18.5.2 |
| aggregateProjectName | String | Optional. The project name that will appear in WhiteSource. If omitted and no project token defined, defaults to pom artifactId. Will only apply if aggregateModules is set to true. | org.whitesource.aggregateProjectName Since version 3.2.8 |
| aggregateProjectToken | String | Optional. Unique identifier of the White Source project to update, overrides aggregateProjectName. If omitted, default naming convention will apply. Will only apply if aggregateModules is set to true. | org.whitesource.aggregateProjectToken Since version 3.2.8 |
| requesterEmail | String | Optional. The provided email will be matched with an existing WhiteSource account. Requests for new libraries will be created with the matched account as the requester. | org.whitesource.requesterEmail Since version 3.2.8 |
| autoDetectProxySettings | Boolean | Indicates whether to try to detect proxy configuration in the underlying machine (e.g. in OS proxy settings, in JVM system properties etc.) | org.whitesource.autoDetectProxySettings Since version 3.2.8 |
| connectionTimeoutMinutes | int | Connection timeout in minutes. | wss.connectionTimeoutMinutes Since version 3.2.7 |
| ignoreDependencyResolutionErrors | Boolean | Indicates whether to ignore an error while resolving dependencies for a module, this module will not be included in the scan and will not appear as a project within WhiteSource. | org.whitesource.ignoreDependencyResolutionErrors Since version 3.3.0 |
| failOnConnectionError | Boolean | Fails the build when unable to connect to WhiteSource service | org.whitesource.failOnConnectionError Since version 3.3.1 |
| connectionRetries | int | Connection retries when unable to connect to WhiteSource service. | org.whitesource.connectionRetries Since version 3.3.1 |
| orgTokenFile | String | Optional. Path to file that contains the org token. Use this to override the orgToken parameter in the pom.xml file. | org.whitesource.orgTokenFile Since version 18.2.2 |
| userKey | String | Unique identifier of user, can be generate from the profile page in your whitesource account. Required if WhiteSource administrator has enabled "Enforce user level access" option. | org.whitesource.userKey Since version 18.4.2 |
| userKeyFile | String | Optional. Path to file that contains the userKey . Use this to override the userKey parameter in the pom.xml file. | org.whitesource.userKeyFile Since version 18.4.2 |
| updateEmptyProject | Boolean | Optional. Whether or not to upload/update an empty project | org.whitesource.updateEmptyProject Since version 19.5.1 |
...
| Tip |
|---|
If you didn't find what you need, you can try the plugin documentation or drop a line to our support team. |
Check Policies Report
The generated check policies report is located in project_location\target\site\whitesource, there are two types of report formats:
...
- Minor fixes.
Version 18.5.1
- Upgrade api version.
Version 18.4.2
- Added support for user-level access control in integrations.
Version 18.4.1
- Fixed minor bug (empty projects will not upload).
...
| Code Block | ||
|---|---|---|
| ||
$ mvn whitesource:update -Dorg.whitesource.ignoreDependencyResolutionErrors=true |
Version 3.2.9
Fix incorrect message when skipping an excluded module.
Version 3.2.8
Read the following properties from command line using -D:
- ignorePomModules
- forceUpdate
- product
- productVersion
- requesterEmail
- aggregateModules
- aggregateProjectName
- aggregateProjectToken
- failOnError
- autoDetectProxySettings
- connectionTimeoutMinutes
Version 3.2.7
Add parameter 'connectionTimeoutMinutes'.
...
Bug fix for 'includes' parameter.
Version 3.2.5
Fail the build upon policy violation if 'failOnError' is enabled and 'forceUpdate' is enabled.
Version 3.2.4
...
Add the ability to choose which dependencies (all / new) using will be checked when setting checkPolicies to true, using the forceCheckAllDependencies property.
Version 3.1.6
Define orgToken and checkPolicies as -D parameters (with "org.whitesource." as prefix).
Version 3.1.5
Add and change logs.
...
Support for maven versions 3.0.x, 3.1.x and 3.2.x
Version 2.1.0
Implement client-side dependency resolution.
| Note |
|---|
Should be used with "resolve dependencies" set to false (when creating a new organization). |
Version 2.0.1
Added option to resolve in-house dependencies.
...
| Warning |
|---|
This version is deprecated, please use another version. |
Version 1.1.8
Support for dependency exclusions.
Ignore test scope direct dependencies (don't send them to WhiteSource).
| Warning |
|---|
This version is deprecated, please use another version. |
...