From the menu bar, select File > Settings. The Settings screen is displayed.
Select Tools> WhiteSource.
In Scan Results Settings, review the options and modify if necessary. See here for complete options list.
Only show issues for direct dependencies
When enabled, WhiteSource Advise will only return vulnerabilities for direct dependencies defined in your dependency file.
Unselected (not checked)
Scanning a Project for Security Vulnerabilities
From the menu bar, select Tools > WhiteSource Advise
From the top toolbar, click the WhiteSource icon
Do as follows:
From the sidebar on the right, click WhiteSource.
From the top, click Advise.
Click Run WhiteSource Advise.
Click the Inspection Results tab at the bottom (it may be already open).
Ensure that you are in the WhiteSource Security Check tab (it is part of the Inspection Results area). This tab features information on vulnerability issues found inside the current project. For every module, the relevant vulnerabilities are displayed via either a pom.xml (Maven) or build.gradle (Gradle) item. Note the following functionality:
Next to each pom.xml or build.gradle item, a total number of errors and warnings are displayed in this format, for example, <pom.xml 20 errors 32 warnings>. High severity security vulnerabilities are represented as errors, and medium/low-security vulnerabilities are represented as warnings.
Each component within the pom.xml or build.gradle item list consists of the following metadata:
Vulnerability unique identifier
Indication of transitive or direct dependency
Double-clicking a component will open up the pom.xml or build.gradle file in which it was referenced. It will point to the direct dependency you declared.