Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added remediate settings to .whitesource config

...

Parameter TypeDescriptionRequired Default
minSeverityLevelString

Enables users to decide whether to open a new Issue only if a certain severity level is available on a detected vulnerability.

Available values for minSeverityLevel:

  • NONE - No Issues will be generated.

  • LOW - Any Low/Medium/High vulnerabilities found will generate an Issue.

  • MEDIUM - Any Medium/High vulnerabilities found will generate an Issue.

  • HIGH - Any High vulnerabilities found will generate an Issue.

NOTE: The WhiteSource Security Check summary is also affected by this parameter.

NoLOW
displayLicenseViolationsBoolean

Whether to generate an Issue for every detected license policy violation.

NOTE: This parameter is relevant only if enableLicenseViolations (scanSettings) is set to true.

No

true

(only if enableLicenseViolations (scanSettings) is set to true)

Remediate Settings (remediateSettings)

Parameter TypeDescriptionRequired Default
enableRenovateBoolean

When enabled, Remediate will raise automated Pull Requests for outdated dependencies in addition to Pull Requests remediating vulnerable dependencies. Remediate will then perform all the functionality and support all the configuration options available in WhiteSource Renovate.

See Renovate configuration options for all configuration options.

Refer here for parameter usage.

Nofalse
transitiveRemediationBoolean

Whether to enable transitive remediation for NPM repos.

When npm v6 (npm v7 is not currently supported) is used with a package-lock.json file, and vulnerabilities are found within transitive dependencies in the file, then in most cases Remediate is able to successfully remediate the vulnerability. Sometimes it may not be possible to successfully remediate because a parent dependency does not yet have a new release that allows the necessary fixed-in version of the transitive dependency.

Nofalse

Providing a Global Configuration File

...