...
The Unified Agent is a Java command-line tool that scans directories' open source components for vulnerable libraries and source files, as well as license compliance, and uploads the results to the WhiteSource the Mend web application. The Unified Agent scans 200+ languages (source and binary files), and seamlessly integrates with repositories, multiple package managers, build tools, containerized environments, and CI/CD tools.
...
The Unified Agent scanning works the following way: Directories are scanned using GLOB patterns to identify the open-source components, whereupon the Unified Agent checks each new component against product/project level policies and organizational policies (note that no source code is scanned - only descriptive information is sent to WhiteSourceMend). Policies are created to alert organizations to act based on predetermined actions and criteria, such as rejecting/accepting a component based on its license type. If any components were rejected by a policy, the Unified Agent provides a policy violation exit code, which can be used to fail a build.
At the end of the Unified Agent's scan, it aggregates the information and uploads it to the WhiteSource the Mend web application, where it is presented in an Organization/Product/Project hierarchy, enabling you to view and analyze the scan results.
WhiteSource Mend administrators can configure several integrations of the Unified Agent with third-party components.
...