...
Table of Contents |
---|
Overview
Info |
---|
Proxy settings are relevant for requests for WhiteSource servers only. Proxy for remote repositories requests is not supported |
This topic describes how the JFrog Artifactory plugin integrates with WhiteSource. The plugin adds additional information to the Artifactory artifacts and updates WhiteSource. Once invoked, all the artifacts' metadata on your Artifactory will be uploaded to your WhiteSource inventory.
...
Artifactory editions not supported by the Groovy-based User Plugins are not supported by WhiteSource.
Scanning of Docker repositories is not supported.
Scanning of virtual repositories is not supported.
The recommended integration method for the JFrog Artifactory is using the Unified Agent.
Updates in Artifactory: The plugin updates Artifactory repositories with no more than 10000 artifacts.
Updates in WhiteSource: The plugin updates WhiteSource with repositories with no more than 2000 artifacts.
How
...
the Artifactory Plugin Works
The Artifactory plugin works in two modes:
Cron-based job - when invoked, repositories artifacts will be checked in WhiteSource and additional data will be added to the property tab of each artifact.
Adding new Artifact - when uploaded, new artifact will be checked in WhiteSource. Policies will be checked and additional data will be added to the property tab of the artifact.
Downloading the Plugin
Version | File |
---|
Release Notes
Release Date
Release Notes | Release Date | MD5 | ||
---|---|---|---|---|
21.12.1 | 2021-12-26 | FD435A4B3C7D2EAC3D07DC5FA6774789 | ||
21.7.2 | Temp folders deletion fix & |
upgrade dependencies versions | 2021-08-15 | 1B4B6DE62613AD5F52B8B162F6A7993D | ||
20.9.1 | Fix typo | 2020-10-04 | 3A238385348051D7AD24EE166F26F935 | |
20.7.3 | Support Artifactory 7.x | 2020-08-16 | 0A26F0B1CA1A7C2C5FA012D9AED3ED4C | |
20.6.2 | Bug fixed - Block artifact in before download in case of policy violation. | 2020-07-07 | A766DE35D4D39C7C5761E1F7F49501E7 | |
20.5.1 | Bug fixes | 2020-05-24 | 0F7A360476D0B870229CF54C500A5AC4 | |
19.9.1 | Minor bug fix | 2019-09-22 | 520A2FC631F9D368AE2F2DFC308FAB12 | |
19.4.2 | Memory leak bug fix | 2019-05-05 | E7DC7341CF90A2B37EAC328D5A675743 | |
19.3.2 | Minor bug fix | 2019-04-07 | 0D7103F7CE1142ED3D3C9C206E081AA8 | |
19.3.1 | Add archive extraction depth |
|
parameter | 2019-03-24 | 7352FC6C56D61A001756A1CF040A0576 |
19.1.1 | Updates |
Agent version | 2019-01-27 | 018B2749498BF6BC144B03556EAD034B |
18.10.3 | Bug Fixes Added |
|
& |
|
parameters. | 2018-11-18 | E86760C59E0A3262591707BA7C02C3B7 | ||
18.8.2 | Minor Bug fixes | 2018-09-02 | BB473552069155C24CDD8021C38B9029 | |
18.6.3 | Minor Bug fixes | 2018-07-08 | 480A308C2359BC75EBED9717A032D1B7 | |
18.5.1 | Add user key - unique identifier of user, can be generate from the profile page in your whitesource account | 2018-05-27 | EA4F045B6A00136342FF7B9F01FFAFBA | |
17.12.1 | Bug fix - Archive extraction | 2017-12-17 | 80DC1701AAB7B471EF58E6E3A1CC5D82 | |
1.0.9 | Add support for 'before download' method from a local repository according to a policy in WhiteSource Resolved issues WSA-308 | 2017-10-08 | 0FFCEF0BC0777C06898A031E6F2679F6 | |
1.0.8 |
Resolved issues WSA-242, WSA-177. | 2017-09-27 | E8643C70DEEF4C75EF45AC18B3F9EBF0 | |
1.0.7 | Add option for creating a project in WhiteSource for each repository. | 2017-09-11 | D0C22C6E4D265BBF2FBC3A799848838 | |
1.0.6 | Add parameter for updating WhiteSource. | 2017-08-08 | 48D7AED7EB8D005F5F6F45E210EEC33B | |
1.0.5 | Minor bug fixes. | 2017-07-18 | F18B154FC8B0CEF0D96DD08848B3FFB7 | |
1.0.4 | Adjust plugin version to agents-api & whitesource-fs-agent versions. | 2017-07-16 | 675032D04CE06BDC28EC70FAEBA4D2AF | |
1.0.3 | Enabliing update WSS scan Artifactory repositories. | 2017-05-07 | 37568D088633E3EF877C364A1F901221 | |
1.0.2.2 | Minor Bug fixes | 2017-02-01 | C1A62DE5C257874E0C5DF82869DC2892 | |
1.0.2.1 | Minor bug fixes | 2017-01-29 | 14DFB6A85A821C01F962886FCC68A62F | |
1.0.2 | Add proxy support. | 2017-01-24 | B7C4E651C1707B1B530BCE871BB7207C | |
1.0.1.2 | Split vulnerability link and severity into 2 lines. | 2016-07-17 | FA1BE663ED9A0526237ED1B03D97ADCC | |
1.0.1.1 | Bug fixes. rename properties file. | 2016-05-03 | 272692C2CD8C04DA0BE3E9858248A717 | |
1.0.1 | Add | 2016-04-27 | D2BA5AC9B45EEEA144BA324924BB1C85 | |
1.0.0 | Check Policies and Add |
Additional Data to the Artifact property tab. | 2016-04-07 | e2654abeb61162044495e49e6845eb2e |
Installing the Plugin
NOTE: For details on how to migrate from a previous version of the Artifactory Plugin earlier than 21.12.1, see Migrating the Artifactory Plugin.
Artifactory Version <= 6.x
Download the zip file and extract it.
Place Replace the
whitesource-artifactory-plugin.
propertiesproperties
andwhitesource-artifactory-plugin.
groovygroovy
files under $under${ARTIFACTORY_HOME}/etc/plugins
.Create a new '
lib
' folder under $:${ARTIFACTORY_HOME}/etc/plugins
Place the following jars in the lib folder:
wss-agent-report-<version>.jar
wss-agent-api-client-<version>.jar
wss-agent-api-<version>wss-unified-agent-utils-<version>.jar or wss-unified-agent-<version>.jar (depending on the plugin version you download)
Update Place the new
whitesource-artifactory-plugin-VERSION.jar
file in theplugins/lib
directory.Update the
whitesource-artifactory-plugin.
propertiesproperties
file with the appropriate parameters (see example and full reference Cron Scheduling Example and General Parameters).Schedule the cron job in the
whitesource-artifactory-plugin.
groovy file, under the jobs sectiongroovy
file (see example Cron Scheduling Example).Restart Artifactory.
.
jarArtifactory Version >= 7.x
Download the zip file and extract it.
Place Replace the
whitesource-artifactory-plugin.
propertiesproperties
andwhitesource-artifactory-plugin.
groovygroovy
files under $under${ARTIFACTORY_HOME}/var/etc/artifactory/plugins
Create a new '
lib
' folder under $${ARTIFACTORY_HOME}/var/etc
/artifactory/plugins.Place the following jars in the lib folder:
wss-agent-report-<version>.jar
wss-agent-api-client-<version>.jar
wss-agent-api-<version>.jar
wss-unified-agent-utils-<version>.jar
Update
/artifactory/plugins
.Place the new
whitesource-artifactory-plugin-VERSION.jar
file in theplugins/lib
directory.Update the
whitesource-artifactory-plugin.
propertiesproperties
file with the appropriate parameters (see example and full reference Cron Scheduling Example and General Parameters).Schedule the cron job in the
whitesource-artifactory-plugin.
groovy file, under the jobs sectiongroovy
file (see example Cron Scheduling Example).Restart Artifactory.
Configuring the Plugin
...
Code Block | ||
---|---|---|
| ||
// whitesource-artifactory-plugin properties file wssUrl="" // wssUrl="http://localhost:8080/agent" // Organization Token: apiKey="<your WSS api key>" // UserKey Token: Unique identifier of user, can be generategenerated from the profile page in your whitesource account. //userKey="<your WSS user key>" // Product Name - represents Artifactory instance, Artifactory repositryrepository represents project // In order to map repository to a product in WhiteSource mark this field as comment productName="<your Artifactory representing name>" // Check Policices. will check only delta between WSS and current files checkPolicies=false // check all files all the time. if true that checkpolicies must also be true forceCheckAllDependencies=false // update WSS updateWss=false // update WSS regardless of the check policies result forceUpdate=false // Names of the repositories in the Artifactory to scan repoKeys=["repo1","repo2","repo3"] // Proxy Settings useProxy=false //proxyHost="127.0.0.1" //proxyPort=3128 //proxyUser="" //proxyPass="" // The type of files that will be extracted and their content will be checked archiveIncludes = ["war", "ear", "zip"] // archiveExtractionDepth=2 // Once the archive was extracted, which files within it should be checked includesRepositoryContent=["m", "mm", "js", "php", "jar", "zip"] // Whether to run beforeDownload/afterCreate method (defaults to true) //triggerBeforeDownload=false //triggerAfterCreate=false/triggerAfterCreate=false |
General Parameters
Attribute | Type | Description | Required | Additional Information |
---|---|---|---|---|
wssUrl | String | URL for sending the request. Use the 'WhiteSource Server URL' which can be retrieved from your 'Profile' page on the 'Server URLs' panel. Then, add the '/agent' path to it. For example: "https://saas.whitesourcesoftware.com/agent". | No |
. Defaults to https://saas.whitesourcesoftware.com/agent | ||||
apiKey | String | Unique identifier of the organization, can be retrieved from the admin page in your WhiteSource account. | Yes | |
userKey | String | Unique identifier of user, can be |
generated from the profile page in your WhiteSource account. |
Yes | Supported since version 18.5.1 | |||
productName | String | Represents Artifactory instance and product in WhiteSource. Comment this field to map repository to product in WhiteSource (project will represent repository as well) | No | |
checkPolicies | Boolean | Whether or not to send the check policies request to WhiteSource. | No | |
forceCheckAllDependencies | Boolean | Used only if |
|
is set to true. Setting |
|
to true will force check all policies for all dependencies introduced to the WhiteSource projects. Setting |
|
to false or not using it at all will check only the new dependencies introduced to the WhiteSource projects. | No | Supported since version 1.0.3 | ||
updateWss | Boolean | Whether or not send update to WhiteSource | Yes | Supported since version 1.0.6 |
forceUpdate | Boolean | Whether or not update organization inventory regardless of policy violations. | No |
. The default value is false. |
Supported since version 1.0.3 | ||||
repoKeys | Array | The list of the repositories to scan. | Yes | |
useProxy | boolean | Whether or not use proxy settings | Yes | |
proxyHost | String | Proxy host url. | No | |
proxyPort | Integer | Proxy port. | No | |
proxyUser | String | Proxy User name if exist. | No | |
proxyPass | String | Proxy password if exist. | No | |
archiveIncludes | String | Comma separated list specifying the type of files that will be extracted | No. The default list |
includes the following: jar, war, ear, egg, zip, whl, sca, sda, gem, tar.gz, tar, tgz, tar.bz2, rpm, rar. | Supported since version 1.0.3 | |||
archiveExtractionDepth | String | Drill down hierarchy level in archive files. | No, the default value is 2. | Supported since version 19.4.2 |
includesRepositoryContent | String | Comma separated list. Specifying which files to include in the scan once the archive was extracted according to the parameters in |
Code Block |
---|
archiveIncludes |
No
Required since version 1.0.3
| No | Required since version 1.0.3 | ||
triggerBeforeDownload | Boolean | Whether or not to trigger the downloading of components from local repositories. | No, the default value is true. | Supported since version 18.10.3 |
triggerBeforeRemoteDownload | Boolean | Whether or not to trigger the |
beforeDownload'
methoddownloading of components from remote repositories. | No, the default value is true. | Supported since version |
21. |
12. |
1 | ||||
triggerAfterCreate | Boolean | Whether or not trigger ' | No, the default value is true. | Supported since version 18 |
Info |
---|
The extraction depth of the Artifactory Plugin for archived files is currently to the first level. The Unified Agent has an extraction depth of up to seven levels. |
Examples
Cron Scheduling Example:
Open the whitesource-artifactory-plugin.groovy file in a txt editor and go to the jobs section.
Find row similar to this: updateRepoWithWhiteSource(cron: "* * * * * ?") and schedule the job to a specific running time.
Cron parameters (from left to right) :
1 - seconds, 2 - Minutes, 3 - Hours, 4 - Day-of-Month, 5 - Month, 6 - Day-of-Week, 7 - Year (optional field).
Examples:
"0 42 10 * * ?" - Build a trigger that will fire daily at 10:42 am.
"0 0/2 8-17 * * ?" - Build a trigger that will fire every other minute, between 8am and 5pm, every day.
Plugin Logs
The default log level for the plugin is "warn". To change the plugin log level, add the following to ${ARTIFACTORY_HOME}/etc/logback.xml
:
Code Block |
---|
<logger name="whitesource-artifactory-plugin">
<level value="info"/>
</logger> |
Artifactory Update Inventory Plugin - (Deprecated)
Version
File
Features
Release Date
MD5
Additional Information
1.0.0
Update WhiteSource inventory with repositories data.
2017-02-20
E26480E230E3BF7605EECB21690C6A54
Deprecated
.10.3 |
Info |
---|
The extraction depth of the Artifactory Plugin for archived files is currently to the first level. The Unified Agent has an extraction depth of up to seven levels. |
Cron Scheduling Example
This example demonstrates how to configure a schedule for scanning the Artifactory repositories.
Open the
whitesource-artifactory-plugin.groovy
file in a txt editor.To configure the interval at which the Artifactory repositories are scanned, modify the
def scanRepositoriesCron = "0 0 0 * * ?"
string in the plugin groovy file.
Code Block |
---|
/**
* scanRepositoriesCron (java.lang.String) - A valid cron expression used to schedule job runs.
* Modify this parameter to configure the desired schedule to scan your artifactory repositories.
* See README.md for examples.
*/
def scanRepositoriesCron = "0 0 0 * * ?"
jobs {
scanRepositories(cron: scanRepositoriesCron) {
pluginAgent.runRepositoriesScan()
}
}
|
scanRepositoriesCron parameters (from left to right):
1 - seconds, 2 - Minutes, 3 - Hours, 4 - Day-of-Month, 5 - Month, 6 - Day-of-Week, 7 - Year (optional field).
Examples:
"0 42 10 * * ?" - Build a trigger that will fire daily at 10:42 am.
"0 0/2 8-17 * * ?" - Build a trigger that will fire every other minute, between 8am and 5pm, every day.
Plugin Log Levels
The default log level for the plugin is "warn". To change the plugin log level, add the following to ${ARTIFACTORY_HOME}/etc/logback.xml
:
Code Block |
---|
<logger name="whitesource-artifactory-plugin">
<level value="info"/>
</logger> |