Versions Compared

Old Version 51

changes.mady.by.user Anna Rozin

Saved on

compared with

New Version Current

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image Removed

Table of Contents

Overview

This plugin integrates Artifactory Artifacts with WhiteSource.

The Artifactory plugin adds additional information to the Artifactory artifacts and updates WhiteSource.  

Once invoked, all the artifacts' metadata on your Artifactory will be uploaded to your WhiteSource inventory.

  • Artifactory instance is mapped to WhiteSource product. 
  • Artifactory repositories will be mapped to WhiteSource projects.
  • WhiteSource organization will be updated regardless of policy violation.
  • Policies will be enforced and policy details will be added to the artifacts property tab, WSS-Acrion (Approve/Reject) and WSS-Policy-Details.
  • Additional data for each artifact will be added to the property tab: WSS-Licenses, WSS-Description, WSS-Homepage and WSS-Vulnerabilities.

The plugin is licensed under the Apache 2.0 license.

Info

Note: The plugin updates Artifactory repositories with no more than 10000 artifacts.

WhiteSource inventory will be updated only when using cron based job.

The plugin updates WhiteSource with repositories with no more than 2000 artifacts.

Notes

  • Artifactory editions not supported by the Groovy-based User Plugins are not supported by WhiteSource.
  • The recommended integration method for the JFrog Artifactory is using the Unified Agent.
  • Updates in Artifactory: The plugin updates Artifactory repositories with no more than 10000 artifacts.
  • Updates in WhiteSource: The plugin updates WhiteSource with repositories with no more than 2000 artifacts.

How It Works

The Artifactory plugin works in two modes:

  1. Cron based job - when invoked, repositories artifacts will be checked in WhiteSource and additional data will be added to the property tab of each artifact.
  2. Adding new Artifact - when uploaded, new artifact will be checked in WhiteSource. Policies will be checked and additional data will be added to the property tab of the artifact.

Image Removed

Installation

Download

Download the latest version.

...

Bug Fixes

Added 'triggerAfterCreate' & 'triggerBeforeDownload' parameters

...

Add support for 'before download' method from a local repository according to a policy in WhiteSource

Resolved issues WSA-308

...

  1. Add CVSS score
  2. Add before download method - prevent artifacts download from a remote repository according to a policy in WhiteSource

Resolved issues WSA-242, WSA-177.

...

Enabliing update WSS scan Artifactory repositories.

...

GitHub Repository

Installation

Artifactory Version <= 6.x

  1. Download the zip file and extract it
  2. Place the whitesource-artifactory-plugin.properties and whitesource-artifactory-plugin.groovy files under ${ARTIFACTORY_HOME}/etc/plugins
  3. Create a new 'lib' folder under  ${ARTIFACTORY_HOME}/etc/plugins
  4. Place the following jars in the lib folder:
    wss-agent-report-<version>.jar
    wss-agent-api-client-<version>.jar
    wss-agent-api-<version>.jar
    wss-unified-agent-<version>.jar or wss-unified-agent-utils-<version>.jar
  5. Update whitesource-artifactory-plugin.properties file with the appropriate parameters (see example and full reference).
  6. Schedule the cron job in the whitesource-artifactory-plugin.groovy file, under the jobs section (see example).
  7. Restart Artifactory.

Artifactory Version >= 7.x

  1. Download the zip file and extract it
  2. Place the whitesource-artifactory-plugin.properties and whitesource-artifactory-plugin.groovy files under ${ARTIFACTORY_HOME}/var/etc/artifactory/plugins
  3. Create a new 'lib' folder under  ${ARTIFACTORY_HOME}/var/etc/artifactory/plugins
  4. Place the following jars in the lib folder:
    wss-agent-report-<version>.jar
    wss-agent-api-client-<version>.jar
    wss-agent-api-<version>.jar
    wss-unified-agent-utils-<version>.jar
  5. Update whitesource-artifactory-plugin.properties file with the appropriate parameters (see example and full reference).
  6. Schedule the cron job in the whitesource-artifactory-plugin.groovy file, under the jobs section (see example).
  7. Restart Artifactory.

Configuration

Code Block
languagebash
titleProperties File Example
// whitesource-artifactory-plugin properties file

wssUrl=""
// wssUrl="http://localhost:8080/agent"

// Organization Token:
apiKey="<your WSS api key>"

// UserKey Token: Unique identifier of user, can be generate from the profile page in your whitesource account.
//userKey="<your WSS user key>"

// Product Name - represents Artifactory instance, Artifactory repositry represents project
// In order to map repository to a product in WhiteSource mark this field as comment
productName="<your Artifactory representing name>"

// Check Policices. will check only delta between WSS and current files
checkPolicies=false

// check all files all the time. if true that checkpolicies must also be true
forceCheckAllDependencies=false

// update WSS 
updateWss=false

// update WSS regardless of the check policies result
forceUpdate=false

// Names of the repositories in the Artifactory to scan
repoKeys=["repo1","repo2","repo3"]

// Proxy Settings
useProxy=false
//proxyHost="127.0.0.1"
//proxyPort=3128
//proxyUser=""
//proxyPass=""

// The type of files that will be extracted and their content will be checked
archiveIncludes = ["war", "ear", "zip"]
// archiveExtractionDepth=2

// Once the archive was extracted, which files within it should be checked
includesRepositoryContent=["m", "mm", "js", "php", "jar", "zip"]

// Whether to run  beforeDownload/afterCreate method (defaults to true)
//triggerBeforeDownload=false
//triggerAfterCreate=false/triggerAfterCreate=false

General Parameters

...

wssUrl

...

URL for sending the request.

Use the 'WhiteSource Server URL' which can be retrieved from your 'Profile' page on the 'Server URLs' panel. Then, add the '/agent' path to it. For example: "https://saas.whitesourcesoftware.com/agent".

...

apiKey

...

Represents Artifactory instance and product in WhiteSource.

Comment this field to map repository to product in WhiteSource (project will represent repository as well)

...

checkPolicies

...

forceCheckAllDependencies

...

Used only if 'checkPolicies' is set to true.

Setting 'forceCheckAllDependencies' to true will force check all policies for all dependencies introduced to the WhiteSource projects.

Setting 'forceCheckAllDependencies' to false or not using it at all will check only the new dependencies introduced to the WhiteSource projects.

...

updateWss

...

forceUpdate

...

repoKeys

...

The list of the repositories to scan.

...

useProxy

...

proxyHost

...

proxyPort

...

proxyUser

...

proxyPass

...

archiveIncludes

...

includesRepositoryContent

...

archiveIncludes

...

Info

The extraction depth of the Artifactory Plugin for archived files is currently to the first level. The /wiki/spaces/WD/pages/33718339 has an extraction depth of up to seven levels.

Examples

Cron Scheduling Example:

Open the whitesource-artifactory-plugin.groovy file in a txt editor and go to the jobs section.

Find row similar to this:  updateRepoWithWhiteSource(cron: "* * * * * ?")  and schedule the job to a specific running time.

Cron parameters (from left to right) :

1 - seconds, 2 - Minutes, 3 - Hours, 4 - Day-of-Month, 5 - Month, 6 - Day-of-Week, 7 - Year (optional field).

Examples:

"0 42 10 * * ?" - Build a trigger that will fire daily at 10:42 am.

"0 0/2 8-17 * * ?" - Build a trigger that will fire every other minute, between 8am and 5pm, every day. 

Plugin Logs

The default log level for the plugin is "warn". To change the plugin log level, add the following to ${ARTIFACTORY_HOME}/etc/logback.xml:

Code Block
titlePlugin logs
<logger name="whitesource-artifactory-plugin">
    <level value="info"/>
</logger>

Artifactory Update Inventory Plugin - (Deprecated)

...

titleDeprecated

...

This page is available at: https://docs.mend.io/bundle/unified_agent/page/artifactory_plugin.html