Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Release Notes & Announcements Subscription Service

You can subscribe to the Customer Community Portal Announcements section in order to receive immediate email notifications on important announcements and product release notes. 

Version 22.4.2 (15-May-2022)

New Features and Updates

Product

Description

WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos

A configuration error occurs if the user fails to specify the hostType or matchHost parameters when setting hostRules for private registry.

Resolved Issues

Product

Description

WhiteSource for Azure Repos

When onboarding a whitesource-config repo, an exception would occur when converting the Azure API response for getting repositories.

WhiteSource for Github.com
WhiteSource for Azure Repos

In some cases, a 500 internal server error would occur when sending update requests from the SCM scanner. A retry sends the update request successfully.

Version 22.4.1 (1-May-2022)

New Features and Updates

Product

Description

WhiteSource for GitLab

Added the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a WhiteSource IaC Check was introduced which runs in parallel to the existing WhiteSource Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues.

WhiteSource for Github.com
WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos

Added a new tag commitId to the WhiteSource application Projects that will contain the latest scanned commit ID.

WhiteSource for Azure Repos

The issueType setting was added to the issueSettings parameter of the WhiteSource configuration file. This setting defines the type of issues that will be enabled in the repository - one for each vulnerability or one for each dependency with all vulnerabilities grouped within.

WhiteSource for Github.com
WhiteSource for Azure Repos

Python version 3.8 is now supported when performing a scan with the SCM scanner. Note that Python version 3.7.12 is still the supported default version.

WhiteSource for Github.com
WhiteSource for Azure Repos

The scanning of Dotnet 6 projects is now supported.

WhiteSource for Github.com
WhiteSource for Azure Repos

Dev dependencies in the NPM and Yarn projects will not be scanned by default.

Version 22.3.3 (17-April-2022)

New Features and Updates

Product

Description

WhiteSource for Bitbucket Server

Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (NPM and Maven).

NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period.

WhiteSource for GitHub.com
WhiteSource for GitHub Enterprise

An option is now available to allow users to control Whitesource IaC check runs in the.whitesource / repo-config.json files.

WhiteSource for GitLab

The issueType setting was added to the issueSettings parameter of the WhiteSource configuration file. This setting defines the type of issues that will be enabled in the repository - one for each vulnerability or one for each dependency with all vulnerabilities grouped within.

WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server

Python versions 3.8 and 3.9 are now supported when performing a scan with the SCM scanner. 

Version 22.3.2 (3-April-2022)

New Features and Updates

Product

Description

WhiteSource for GitHub.com
WhiteSource for Azure Repos

Python version 3.9 is now supported when performing a scan with the SCM scanner. 

WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos

It is now possible to define a scope for migration to the Global Configuration - for all organizations or for all repositories of a specific organization.

WhiteSource for GitLab

Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependencies (NPM only).

NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period.

WhiteSource for Azure Repos

Work Items will now be created and updated for all of the Processes: Basic, Agile, Scrum, and CMMI. Previously, only Basic was supported.

Resolved Issues

Product

Description

WhiteSource for GitHub Enterprise

Issues would not be created in the Issue Repo when the Issues tab was not enabled in the origin repo.

WhiteSource for Bitbucket Server and Data Center

Improved exception handling and logging when handling PR Webhooks.

Version 22.3.1 (20-March-2022)

New Features and Updates

Product

Description

WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos

A new parameter overrideConfigAllowList was added to the repo-config.json file. This parameter regulates the ability of repositories that inherit their configuration from the whitesource-config repository to override the parameters locally.


WhiteSource for GitHub Enterprise

Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependencies (NPM only).

NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period.

WhiteSource for GitHub.com

Repeated restarts no longer occur when performing a scan with the SCM scanner.

Resolved Issues

Product

Description

WhiteSource for GitHub.com

In some cases, when there were many Diff check runs of the Controller, the result would be a null link to the base branch run.

WhiteSource for GitHub.com

During a WhiteSource IaC Check, the Controller would fail to parse the resulting json file due to an inconsistent attribute type.

Version 22.2.2.1 (9-March-2022)

Resolved Issues

Product

Description

WhiteSource for GitHub Enterprise
WhiteSource for Bitbucket Server
WhiteSource for GitLab

The Python resolution was fixed by reducing the total number of duplicate dependencies.

Version 22.2.2 (6-March-2022)

New Features and Updates

Product

Description

WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com

A scan is now triggered when changes are made to the gradle.properties or gradle.lockfile file.

WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Azure Repos

A new parameter customLabels was added to issueSettings in the .whitesource configuration file, enabling you to define labels that will be added to the issues created following a scan.

WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com

A new parameter assignees was added to issueSettings in the .whitesource configuration file that specifies the users that will be assigned to issues that are created following a scan.

WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server

The new caching mechanism is now enabled by default.

WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos

The scanning of NPM projects with lockfileVersion: 2 is supported.

WhiteSource for GitHub Enterprise
WhiteSource for GitHub.com
WhiteSource for GitLab
WhiteSource for Bitbucket Server
WhiteSource for Azure Repos

Ruby bundler projects are now supported by Remediate.

Version 22.2.2 (6-March-2022)

Resolved Issues

Product

Description

WhiteSource for GitHub Enterprise

WhiteSource for GitHub.com

WhiteSource for GitLab

WhiteSource for Bitbucket Server 

WhiteSource for Azure Repos

Ignored vulnerability alerts in the WhiteSource application dashboard would appear in diff check runs of the Controller.

WhiteSource for GitLab

When onboarding a whitesource-config repo, if the repo had the same name as its subgroup, the onboarding would not complete.

WhiteSource for GitHub Enterprise

The scanning would fail when the commit tag was equal to the default branch name.

Version 22.2.1 (20-February-2022)

New Features and Updates

Product

Description

WhiteSource for GitHub Enterprise

WhiteSource for GitHub.com

WhiteSource for GitLab

WhiteSource for Bitbucket Server 

WhiteSource for Azure Repos

A scan will now be triggered when changes are made to a pipfile.lock file.

WhiteSource for GitHub.com

Enabled defining a caching mechanism by setting the WS_CACHE_TYPE environmental variable in the Controller. You can choose local Redis caching instead of the previous default memory-based caching.

Resolved Issues

Product

Description

WhiteSource for GitHub Enterprise

WhiteSource for GitHub.com

WhiteSource for GitLab

WhiteSource for Bitbucket Server 

WhiteSource for Azure Repos

Ignored vulnerability alerts in the WhiteSource application dashboard would appear in diff check runs of the Controller.

WhiteSource for GitLab

When onboarding a whitesource-config repo, if the repo had the same name as its subgroup, the onboarding would not complete.

WhiteSource for GitHub Enterprise

The scanning would fail when the commit tag was equal to the default branch name.

...

Version 22.1.1 (23-January-2022)

New Features and Updates

Product

Description

WhiteSource for Azure Repos

Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (NPM only).

WhiteSource for GitHub.com

WhiteSource for Azure Repos

Default archive extraction depth is set to 0 for the scanner. To change this value, look for the configModeparameter in the .whitesource file.

WhiteSource for GitHub.com

WhiteSource for Azure Repos

The scanning of private Ruby registries is now supported.

Resolved Issues

Product

Description

WhiteSource for GitHub.com

After running a scan, the Controller container would find issues that were previously closed with an additional “autoclosed” suffix appended to their title.

Version 21.12.2 (9-January-2022)

New Features and Updates

Product

Description

WhiteSource for GitHub Enterprise

WhiteSource for GitHub.com

For Go, Python or Maven projects, when the manifest file (go.mod, Pipfile or pom.xml) is changed, the scan will be triggered only if the dependencies section is changed.

WhiteSource for GitHub.com,

WhiteSource for Bitbucket Server, 

WhiteSource for Bitbucket Data Center,

WhiteSource for GitHub Enterprise,

WhiteSource for GitLab,

WhiteSource for Azure Repos

Check runs can be disabled from ever being created during the scan.

WhiteSource for GitHub.com,

WhiteSource for Bitbucket Server, 

WhiteSource for Bitbucket Data Center,

WhiteSource for GitHub Enterprise,

WhiteSource for GitLab,

WhiteSource for Azure Repos

A new parameter workflowRules was added to remediateSettings in the .whitesource file that specifies the rules which regulate when to open remediation pull requests.

WhiteSource Advise for VS Code

Yarn 1, 2, and 3 are supported.

Resolved Issues

Product

Description

WhiteSource for GitHub Enterprise

WhiteSource for GitHub.com

When onboarding a whitesource-config repo, if the repo is empty, the onboarding would not complete.

Version 21.12.1.1 (29-December-2021)

Resolved Issues

Product

Description

WhiteSource for GitHub Enterprise

Some newly onboarded repositories did not inherit the configuration from the whitesource-config organization.

Version 21.12.1 (26-December-2021)

New Features and Updates

Product

Description

WhiteSource for GitHub.com

WhiteSource for Azure Repos

The scanning of private Yarn 2 and Yarn 3 registries is now supported.

WhiteSource for GitHub Enterprise

WhiteSource for Bitbucket Server

WhiteSource for GitLab

The scanning of private Nuget registries is now supported. 

WhiteSource for GitHub Enterprise

WhiteSource for Bitbucket Server

WhiteSource for GitLab

Gradle 7 projects are now supported.

WhiteSource for GitHub Enterprise

WhiteSource for GitHub.com

For NPM projects, when package.json is changed, the scan will be triggered only if the dependencies section is changed.

WhiteSource Advise for WebStorm

WhiteSource for GitHub.com

Smart Fix: Fixrecommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (NPM only).

Version 21.11.2 (12-December-2021)

New Features and Updates

Product

Description

WhiteSource for GitHub Enterprise

WhiteSource for Bitbucket Server

WhiteSource for Bitbucket Data Center

WhiteSource for GitLab

The scanning of private Go and Yarn (Yarn 1) registries is now supported.

WhiteSource for GitHub Enterprise

WhiteSource for Bitbucket Server

WhiteSource for Bitbucket Data Center

WhiteSource for GitLab

Yarn 2 and Yarn 3 projects are now supported.

WhiteSource for GitHub Enterprise

The scanning of private Gradle registries is now supported.

WhiteSource for GitHub Enterprise

The scanning of private Python PIP registries is now supported.

WhiteSource for GitHub.com

WhiteSource for Azure Repos

The scanning of private Nuget registries is now supported.

WhiteSource for GitHub.com

WhiteSource for Azure Repos

Gradle 7 projects are now supported.

WhiteSource for GitHub.com

WhiteSource for GitHub Enterprise

WhiteSource for Azure Repos

Check run will ignore IaC issues that were manually closed by the user.

WhiteSource Advise for Visual Studio Code

Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (NPM only).

Resolved Issues

Product

Description

WhiteSource for GitHub.com

WhiteSource for GitHub Enterprise

Sometimes, less dependencies were found in the Maven projects than expected.

WhiteSource for GitHub Enterprise

Some new projects and products in the WhiteSource application were created with the "_1" prefix even if no duplicates were present.

Version 21.11.1 (28-November-2021)

New Features and Updates

Product

Description

WhiteSource Advise for IntelliJ IDEA

WhiteSource Advise for PyCharm

WhiteSource Advise for WebStorm

Additional user notifications are provided regarding vulnerability alerts when in Focus mode, for the IntelliJ, PyCharm, and WebStorm integrations.


WhiteSource for GitHub.com

The scanning of Yarn 2 and Yarn 3 projects is now supported.

WhiteSource for GitHub.com

The scanning of private Go and Yarn (Yarn 1) registries is now supported.

WhiteSource for GitLab

WhiteSource for Bitbucket Server

WhiteSource for Bitbucket Data Center

The scanning of private Gradle and Python PIP registries is now supported.

WhiteSource for GitHub.com

WhiteSource for GitLab

WhiteSource for Bitbucket Server

WhiteSource for Bitbucket Data Center

Two tags will be added to the project in the WhiteSource application when the respective repository is scanned for the first time:

  • repoFullName: Contains the repo context in the following mapping: {ownerName}/{repoName}@{branchName}

  • repoId: Contains the unique SCM repository ID.

WhiteSource for Azure Repos

Launch of the WhiteSource for Azure Repos: open beta stage.

Resolved Issues

Product

Description

WhiteSource for GitLab

Fixed automatic naming for products in the WhiteSource application connected to subgroups in the repositories.

WhiteSource Advise for Visual Studio

Visual Studio would sometimes crash when using WhiteSource Advise 21.10.1.

Version 21.10.2 (14-November-2021)

New Features and Updates

Product

Description

WhiteSource for GitHub.com

The scanning of private Gradle registries is now supported.

WhiteSource for GitHub.com

The scanning of private Python PIP registries are now supported.

WhiteSource Advise for Visual Studio

Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured scanned base branch.

Resolved Issues

Product

Description

WhiteSource for GitHub.com,

WhiteSource for GitHub Enterprise,

WhiteSource for GitLab

The WhiteSource application would delete issue labels that were manually created by users.


Version 21.10.1 (31-October-2021)

New Features and Updates

Product

Description

WhiteSource for GitHub Enterprise,

WhiteSource for GitLab,

WhiteSource for Bitbucket Server

Enabled cloning project files through Git shell commands.

WhiteSource Advise for Visual Studio

The Diff operation is now enabled by default when the WhiteSource Advise plugin is active.

WhiteSource Advise for Visual Studio Code

Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured scanned base branch.

Version 21.9.1.1 (25-October-2021)

Resolved Issues

Product

Description

WhiteSource for GitHub.com

Scans found zero non-private dependencies when the Go project included any private dependencies


Version 21.9.1 (17-October-2021)

New Features and Updates

Product

Description

WhiteSource for Bitbucket Server, 

WhiteSource for Bitbucket Data Center,

WhiteSource for GitHub Enterprise,

WhiteSource for GitLab

Support for NPM private registries by providing an asymmetric encryption solution to support scoped secrets/credentials in Repository Integrations.

WhiteSource for GitHub.com,

WhiteSource for Bitbucket Server, 

WhiteSource for Bitbucket Data Center,

WhiteSource for GitHub Enterprise,

WhiteSource for GitLab

Support for Maven private registries.

WhiteSource for GitHub Enterprise

Expanded support for WhiteSource IaC Check. Configuration files Terraform, CloudFormation, Kubernetes, ARM Templates, Serverless, and Helm, are now supported.

Resolved Issues

Product

Description

WhiteSource Advise for IntelliJ IDEA

WhiteSource Advise for PyCharm

WhiteSource Advise for WebStorm

After installing the WhiteSource plugin, the exception “Do not request resource from classloader using path with leading slash“ would occur on Windows, Mac or Linux with the IntelliJ, PyCharm, and WebStorm integrations.

All Repo Integrations

Building the Repo integration scanner Dockerfile would fail when trying to install Cocoapods for managing the library dependencies.

Version 21.8.2 (3-October-2021)

New Features and Updates

Product

Description

WhiteSource Advise for IntelliJ IDEA

WhiteSource Advise for PyCharm

WhiteSource Advise for WebStorm

WhiteSource Advise for Visual Studio Code

The Focus Mode allows developers to see only new vulnerability alerts in their feature branches compared to a predefined base branch.

This feature is now enabled by default.

WhiteSource Advise for PyCharm

WhiteSource Advise for WebStorm

Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured base branch.

WhiteSource for GitHub.com

(BETA) Support for NPM private registries by providing an asymmetric encryption solution to support scoped secrets/credentials Repository Integrations.

WhiteSource for GitHub.com

Expanded support for WhiteSource IaC Check: Configuration files Terraform, CloudFormation, Kubernetes, ARM Templates, Serverless, and Helm, are now supported.

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab

Regular account repo-settings.json or global-settings.json files are now automatically populated with the settings from the whitesource-config account’s global-settings.json file.

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab

Added a feature to save scan logs to a zip file after manual scanning from the Global Repo.

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab

Python Conda projects are now supported in all Repo integrations. 

Version 21.8.1 (29-August-2021)

New Features and Updates

Product

Description

WhiteSource Advise for IntelliJ IDEA

An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IntelliJ. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured base branch.

WhiteSource for Bitbucket Server

  • Added parse validation and error notification via issues and commit status for configuration files.

  • Added inheritance configuration validation and error notification via issues and commit status.

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab

Regular account repo-settings.json or global-settings.json files can now inherit settings from the “whitesource-config” account’s global-settings.json file.

Version 21.7.2 (15-August-2021)

New Features and Updates

Product

Description

WhiteSource for GitLab

  • Added parse validation and error notification via issues and commit status for configuration files ( .whitesource/repo-config.json/global-config.json).

  • Added inheritance configuration validation and error notification via issues and commit status.

WhiteSource for GitHub.com
WhiteSource for GitHub Enterprise

Users can now manually trigger scans for specific repositories.

WhiteSource Advise for Visual Studio

WhiteSource added developer focus mode for Visual Studio.

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab

Added Remediate Worker Horizontal Scalability. This feature is used to scale Remediate to allow it to utilize additional containers, in order to process multiple repositories concurrently.

...

Version 21.7.1 (1-August-2021)

New Features and Updates

Product

Description

WhiteSource for GitHub.com
WhiteSource for GitHub Enterprise

Added inheritence configuration validation and error notification via issues and check runs.

WhiteSource Advise for WebStorm

WhiteSource added developer focus mode for WebStorm.

WhiteSource Advise for Visual Studio Code

WhiteSource added developer focus mode for Visual Studio Code.

...

Version 21.6.3 (18-July-2021)

New Features and Updates

Product

Description

WhiteSource Advise for IntelliJ IDEA

  • WhiteSource added developer focus mode for IntelliJ IDEA

  • Added aggregated fix suggestion for direct dependencies

  • Added support for custom build.gradle filenames

WhiteSource Advise for PyCharm

  • Added aggregated fix suggestion for direct dependencies

WhiteSource for GitHub.com
WhiteSource for GitHub Enterprise

  • Added parse validation and error notification via issues and check runs for configuration files ( .whitesource/repo-config.json/global-config.json)

WhiteSource for GitHub Enterprise

  • Added a new parameter, branchProtectionRule, that automatically creates branch protection rules for newly onboarded repositories

    • Provided a way to globally ignore all user accounts when installing the GitHub application. If a user account does install the application, it will automatically be uninstalled. There is a way to include specific user accounts even if they are globally ignored by using the exact names attribute. 

WhiteSource for GitHub Enterprise
WhiteSource for GitLab
WhiteSource for Bitbucket Server

  • Added environment variables to improve UA log consumption inside the scanner container.

Resolved Issues

Product

Description

All Repo Integrations

In cases of update requests that originated from the SCM scanner, the plugin request report in the app displayed the org's default approver instead of the service user that created the scan.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.4.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.5.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com.
WhiteSource for GitLab

When the global-config.json (as part of Global Configuration) contained a noWhitesourceFile parameter, repositories with an unmerged (open/closed) onboarding PR were not scanned.

WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com

In rare cases, the WhiteSource IaC Check returned a Success status instead of a failed status.

WhiteSource for GitLab

In specific cases, in the Remediate container logs, an SSH public key was leaked.

WhiteSource Advise for Eclipse

  • In some cases, when scanning a Java project, a null pointer exception was returned.

  • In some cases, when scanning a Java project, an Exception while Http call: Invalid request parameters was returned.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.4.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.4.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource for GitHub.com

Repositories built with Paket could not be scanned successfully.

WhiteSource for GitHub.com

Elixir-based repositories could not be scanned successfully.

WhiteSource Advise for IntelliJ

In specific scenarios where a dependency did not contain an explicit version, no vulnerability alerts were raised for it.

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com.
WhiteSource for GitLab

Modifying the minSeverityLevel parameter value inside the .whitesource configuration file did not lead to the automatic closing of existing non-relevant issues.

WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com

In specific scenarios, a Bad Credentials error was displayed when migrating specific repositories to the global configuration via the migration feature.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.3.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.4.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource Advise for VS Code

In specific scenarios, when installing the extension on a WhiteSource Dedicated Instance-related environment, scanning resulted in connection issues.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.3.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.3.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource Advise for IntelliJ,
WhiteSource Advise for WebStorm,
WhiteSource Advise for PyCharm,

Better handling when the developers' environment is disconnected from the internet or has no access to the WhiteSource servers.

WhiteSource Advise for Visual Studio

In some cases, scanning a C# project resulted in an exception, and in addition, no vulnerabilities were displayed.

WhiteSource for GitHub.com

When adding an empty whitesource-config repository from a default "main" branch to the integration, it was not initialized with WhiteSource configuration files.

WhiteSource for GitLab

When using the security dashboard, issues were published but the commit comment was not updated with scan results and remained with a "scan in progress" indication.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.2.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.3.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource Advise for IntelliJ

When scanning a large Gradle project (~20 modules), the plugin would run for an excessive amount of time, which resulted in the IDE being frozen.

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab

Improved rotation of the application container logs by modifying the maximum log size from 10GB to 2GB, and the maximum history days from 600 to 60 days.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.1.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.2.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource for GitHub Enterprise

In a forked repository with branch protection rules in place, when the last commit in a PR did not trigger a scan (not a valid push), then a neutral check run was created. In such a case, even if new vulnerabilities were introduced as part of the PR, merging the PR was still possible.

WhiteSource for GitHub.com

In cases where the WhiteSource License Check was enabled, license policy violation data for libraries with an unknown license (Requires Review license type) were not surfaced in the integration.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.1.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.1.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub.com,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab

  • When two or more valid push events occurred a few seconds apart from each other within the same repository,  new issues (which didn’t exist before) were sometimes created twice. NOTE: In this case, the duplicate issue(s) will be auto-closed.

  • In version 21.1.1 - in some edge cases, issues were not being created due to an internal exception.

WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm

  • When multiple dependency paths were detected as part of a transitive dependency vulnerability, the indication of the number of paths detected inside the Brief Vulnerability Information popup was missing.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.12.3 of the Unified Agent. The GitHub.com integration in this version supports version 21.1.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource Advise for PyCharm

  • When vulnerabilities with different severities (high/medium/low) were found on a project, the Problems Tool Window displayed all issues as errors (instead of displaying high severity vulnerabilities as errors, and medium/low severity vulnerabilities as warnings).

  • In some cases, dependencies declared inside a requirements.txt file were incorrectly identified when declared in a case-sensitive way.

WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm

In some cases, a wrong transitive vulnerability tree was displayed for vulnerabilities detected under a direct dependency.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.12.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.3 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource Advise for IntelliJ IDEA,
WhiteSource Advise for PyCharm,
WhiteSource Advise for WebStorm

In some cases, when the Remember license key option was enabled during activation, the activation credentials would not be saved upon restarting the IDE.

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab

A .whitesource file pointing to a custom whitesource-config repo which is not the default one, led to the global repo configuration (global-config.json) being taken from the default whitesource-config repo location.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.12.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource Advise for IntelliJ IDEA

Scanning a Gradle project following file changes would sometimes not show markers for detected vulnerabilities.

WhiteSource for Bitbucket Server,
WhiteSource for Bitbucket Data Center

In an integrated repository page, the Critical severity metric inside the WhiteSource Security widget was modified to High in order to align with the WhiteSource UI severity metrics.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.11.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.1 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.11.1 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource Advise for IntelliJ IDEA

The No proxy HTTP setting was ignored by the plugin.

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center,
WhiteSource for GitHub Enterprise,
WhiteSource for GitLab

The scanner container did not clean up between container restarts, resulting in a potentially large growth in the container’s disk size.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.11.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.11.2 of the Unified Agent. The WhiteSource for Bitbucket integration in this version supports version 20.11.1 of the Bitbucket Add-on.

Resolved Issues

Product

Description

WhiteSource for GitHub Enterprise

Renovate config presets were not being resolved.

WhiteSource for Bitbucket Server, 
WhiteSource for Bitbucket Data Center

In the WhiteSource Security Report (Code Insights), the table listing each vulnerability was not displayed correctly.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.10.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.11.1 of the Unified Agent.

Resolved Issues

Product

Description

WhiteSource Advise for IntelliJ,
WhiteSource Advise for Eclipse,
WhiteSource Advise for VS Code

  • When CVSS3 data was available for a vulnerability, WhiteSource Advise displayed CVSS2 severity instead of CVSS3 severity information.

WhiteSource Advise for IntelliJ

  • When no WhiteSource suggested fix was available for a vulnerability, WhiteSource Advise skipped the display of such vulnerability.

Version 20.10.2.1 (8-November-2020)

Resolved Issues

Product

Description

WhiteSource for GitHub Enterprise

In some cases, two scans were triggered for the same commit. This led the issue publishing process to run twice at the exact same time, causing duplicate issues to be created.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.9.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.10.1 of the Unified Agent.

Resolved Issues

Product

Description

WhiteSource for Bitbucket Server

  • The WhiteSource Add-on had a limitation where you could only integrate up to 1,000 repositories.

  • In the Global Repo Configuration, it was not possible to specify a Project Key when using the ignoredRepos parameter inside the global-config.json file.

WhiteSource for Bitbucket Server,
WhiteSource for GitHub Enterprise,
WhiteSource for GitHub.com,
WhiteSource for GitLab

  • Remediate - No fix Pull Request/Merge Request was generated for library yaml.v2-v2.2.2.

  • When Global Repo Configuration was enabled, in some cases, scans were not triggered after a valid push was performed.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.8.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.8.2 of the Unified Agent.

Resolved Issues

  • WhiteSource Advise for Eclipse: Reinstallation of the WhiteSource Advise plugin caused multiple entries in the Builders view.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.3 of the Unified Agent. The GitHub.com integration in this version supports version 20.8.1 of the Unified Agent.

Resolved Issues

  • When a vulnerability affected multiple packages, only information on a single package was shown in the WhiteSource security check.

  • Global Configuration: Adding the migration.json file to a non-default branch generated a failed WhiteSource security check.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.3 of the Unified Agent.

Resolved Issues

  • WhiteSource for GitHub.com, WhiteSource for GitHub Enterprise: Migrating specific repositories to the global configuration using the excludeRepos parameter led to incorrect results.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.2 of the Unified Agent.

Resolved Issues

  • WhiteSource for GitHub.com, WhiteSource for GitHub Enterprise: When the content of a "WhiteSource Security Check" exceeded GitHub's size limit for a Check Run, the check run content was not displayed.

  • WhiteSource for Bitbucket Server, WhiteSource for GitHub Enterprise, WhiteSource for GitHub.com, WhiteSource for GitLab: As part of the Global Repo Configuration, the whitesource-config repository had to be initialized with a README file in order for the global-config.json and repo-config.json files to be automatically generated by the integration.

Version 20.7.1.1 (23-July-2020)

Resolved Issues

  • All Repo Integrations: In some scenarios, the WhiteSource Security Check summary functionality led to a NullPointer exception where we could not identify the package dependency file path. This led to the Check Run/Commit Status/Build Status being in Pending status for 6 hours, after which a timeout mechanism marked it as Failed.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.6.2 of the Unified Agent.

Resolved Issues

  • WhiteSource for Bitbucket Server: When uninstalling the add-on, the activation key and list of integrated repositories were not cleared.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.5.1 of the Unified Agent.

Resolved Issues

  • WhiteSource for GitHub Enterprise: When running the wss-ghe-app container, a FileNotFoundException error message appeared in the logs.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.4.2.2 of the Unified Agent.

Resolved Issues

  • WhiteSource for GitHub Enterprise: When performing a scan, the local Maven registry directive was ignored.

...

NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab Server integrations in this version support version 20.2.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.2.2 of the Unified Agent.

Resolved Issues

  • WhiteSource Advise for Eclipse - Quick fix did not work when the version was provided as a variable

...

Product

Description

WhiteSource for Bitbucket Server

The .whitesource configuration file now includes a parameter minSeverityLevel, enabling you to decide whether to open a new Bitbucket Server Issue only if a certain Security Vulnerability Severity level is available.

WhiteSource Advise for Chrome

Removed browser permissions for the Chrome extension that were not used by WhiteSource.

Resolved Issues

Products

Description

WhiteSource for GitHub.com, WhiteSource for GitHub Enterprise

When executing a scan with either the LOCAL or EXTERNAL values set for the configMode parameter in the .whitesource configuration file, the includes and excludes parameters are ignored.

...