Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NOTE: If you check Remember License Key, the login credentials will be stored in your Eclipse Secure Storage. Once stored, the WhiteSource Advise login credentials will be used for all Eclipse workspaces and all instances of Eclipse running on your computer. If you want to log in to WhiteSource Advise using a different set of credentials, select WhiteSource> WhiteSource Advise Login, click Login with Different Credentials.

Configuring WhiteSource Advise

Info

Changes made to the WhiteSource settings will only apply after running the next scan.

To configure WhiteSource Advise, do as follows:

  1. From the menu bar, select Window > Preferences.The Preferences screen is displayed.

  2. Select WhiteSource.

  3. In the WhiteSource screen, review the options and modify if necessary. See here for a list of all options.

  4. Click Apply and Close.

Options Table

Option

Description

Default Setting

Only show issues for direct dependencies

When enabled, WhiteSource Advise will only return vulnerabilities for direct dependencies defined in your dependency file.

Unselected (not checked)

Minimum vulnerability severity level

Alert only on detected vulnerabilities satisfying a Low/Medium/High minimum severity level.

  • Low - Vulnerability alerts for all severities (Low, Medium, High) are displayed.

  • Medium- Vulnerability alerts only for Medium or High severities are displayed.

  • High - Vulnerability alerts only for High severities are displayed.

Low

Scanning Projects for Security Vulnerabilities

...

  • To quickly locate the component referenced by a reported vulnerability in the project’s pom.xml/build.gradle, double-click the security vulnerability in the WhiteSource tab. The referenced component description in the pom.xml/build.gradle will be displayed and highlighted in a window view

    Image RemovedImage Added
  • To quickly locate vulnerability analysis resultsfor a component in the pom.xml/build.gradle view, click the WhiteSource Advise severity icon displayed to the left of that component reference in the pom.xml/build.gradle; analysis details for the corresponding component will be displayed and highlighted in the WhiteSource tab. Also, a tooltip featuring relevant analysis details including a dependency path from proprietary code to the component will be displayed.

  • To quickly review the list of vulnerabilities reported for a component in the pom.xml/build.gradle view, hover the mouse pointer over the WhiteSource Advice severity icon displayed to the left of a component. A tooltip will be displayed, featuring details (per vulnerability) including identifier (e.g., CVE), severity, and a fix suggestion if available.

    Image RemovedImage Added
  • (For Maven projects only) To quickly display an analysis summary for a component in the pom.xml view, hover the mouse pointer over the code for the component in that view; a tooltip will be displayed, featuring both information and (depending on vulnerability attributes) links for applicable options, as follows:

    • Jump to location: Changes the display to a view featuring the component’s definition

    • Fix for: (applicable only to vulnerabilities in direct dependencies) Updates the component’s version pom.xml field with the number of the earliest version that according to WhiteSource features a fix to the security vulnerability. 

      Image RemovedImage Added

Restoring the WhiteSource Tab

...