Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. From the menu bar, select File > Settings. The Settings screen is displayed.

  2. Select Tools> WhiteSource.

  3. In Scan Results Settings, review the options and modify if necessary. See here for complete options list.

Options Table

Option

Description

Default Setting

Only show issues for direct dependencies

When enabled, WhiteSource Advise will only return vulnerabilities for direct dependencies defined in your dependency file.

Unselected (not checked)

Scanning a Project for Security Vulnerabilities

...

  • From the menu bar, select Tools > WhiteSource Advise

  • From the top toolbar, click the WhiteSource icon

  • Do as follows:

    1. From the sidebar on the right, click WhiteSource.

    2. From the top, click Advise.

    3. Click Run WhiteSource Advise.

...

  1. Click the Inspection Results tab at the bottom (it may be already open).

  2. Ensure that you are in the WhiteSource Security Check tab (it is part of the Inspection Results area). This tab features information on vulnerability issues found inside the current project. For every module, the relevant vulnerabilities are displayed via either a pom.xml (Maven) or build.gradle (Gradle) item. Note the following functionality:

    • Next to each pom.xml or build.gradle item, a total number of errors and warnings are displayed in this format, for example, <pom.xml 20 errors 32 warnings>. High severity security vulnerabilities are represented as errors, and medium/low-security vulnerabilities are represented as warnings

    • Each component within the pom.xml or build.gradle item list consists of the following metadata:

      • Component groupId

      • Component artifactId

      • Component version

      • Vulnerability unique identifier

      • Indication of transitive or direct dependency

    • Double-clicking a component will open up the pom.xml or build.gradle file in which it was referenced. It will point to the direct dependency you declared.

...