Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Supported Package Managers

Package Manager

Language

Extra Details

Maven

Java

N/A

Gradle

Java

N/A

Go Modules

Golang

Remediate will update both the go.mod as well as go.sum files, as well as any vendored files found within a vendor/ directory.

npm/Yarn

JavaScript

WhiteSource Remediate always updates both the package file (e.g. package.json) as well as any lock file (e.g. yarn.lock) in the same commit/fix Pull Request.
If a developer subsequently updates either file on the default branch, causing a git conflict with any of Remediate's Pull Requests, then Remediate will update the fix Pull Request to resolve all conflicts while still remediating the vulnerability.

NuGet

.NET

Only SDK-style .csproj files are currently supported. By default, this includes:

  • .NET Core 1.0 and above

  • .NET Standard class libraries

  • Any .csproj in the SDK-style syntax

To convert your .NET Framework .csproj into an SDK-style project, follow this guide.

pip

Python

N/A

pipenv

Python

N/A

poetry

Python

N/A

setuptools

Python

N/A

Composer

PHP

N/A

NOTE: In WhiteSource for GitLab, mirrored repositories are not supported.

...

Code Block
languagejs
{
  "remediateSettings": {
    "enableRenovate": true,
    "prBodyDefinitions": {
      "Age": "![age](https://badges.renovateapi.com/packages/npm/{{replace '/' '%2f' depName}}/{{{toVersion}}}/age-slim)",
      "Adoption": "![adoption](https://badges.renovateapi.com/packages/npm/{{replace '/' '%2f' depName}}/{{{toVersion}}}/adoption-slim)",
      "Passing": "![passing](https://badges.renovateapi.com/packages/npm/{{replace '/' '%2f' depName}}/{{{toVersion}}}/compatibility-slim/{{{fromVersion}}})",
      "Confidence": "![confidence](https://badges.renovateapi.com/packages/npm/{{replace '/' '%2f' depName}}/{{{toVersion}}}/confidence-slim/{{{fromVersion}}})"
    },
    "packageRules": [
      {
        "datasources": [
          "maven", "npm", "pypi"
        ],
        "updateTypes": [
          "patch",
          "minor",
          "major"
        ],
        "prBodyColumns": [
          "Package",
          "Change",
          "Age",
          "Adoption",
          "Passing",
          "Confidence"
        ]
      }
    ]
  }
}

Remediate Worker Horizontal Scalability

To scale Remediate to allow it to utilize additional containers, in order to process multiple repositories concurrently, you can enable Remediate Worker Horizontal Scalability. In this mode, the Remediate “worker” logic (which processes repositories) is separated from the Remediate “server” logic (scheduler, job queue and webhook handling) in a many-to-one relationship.

The same Remediate Docker image is used for both Server and Worker functionality, as they are differentiated/configured using environment variables.

If you have already been running Remediate, you can keep that existing node as the new “Remediate Server”. All that is needed is to pass it the environment variable REMEDIATE_SERVER_ONLY: 'true' and that will be enough for it to know it should be in server-only mode and not run any worker jobs itself. This container will still be the one that the W4D controller needs to reach, e.g. to pass on webhooks.

Next, you should configure one or more Remediate Worker containers. To do so, start up a Remediate image and configure the environment variable REMEDIATE_SERVER_URL to point to the above Remediate Server’s API.

Here is a simple example of two Worker containers and one Server container using Docker Compose syntax:

Code Block
remediate-server:
  image: wss-remediate
  restart: always
  ports:
    - '8080:8080'
  volumes:
    - './conf/:/etc/usr/local/whitesource/conf/'
  environment:
    REMEDIATE_SERVER_ONLY: 'true'
remediate-worker:
  image: wss-remediate
  scale: 2
  depends_on:
    - remediate-server
  restart: always
  volumes:
    - './conf/:/etc/usr/local/whitesource/conf/'
  environment:
    REMEDIATE_SERVER_URL: http://remediate-server:8080