Page Comparison

General

Activation Key

bolt.op.activation.key

String

yes

Your generated activation key in the WhiteSource application

Proxy

HTTP Proxy Host

proxy.host

Host Address

no

HTTP proxy host. Leave blank to disable. Default value: Empty

Proxy

HTTP Proxy Port

proxy.port

Integer

no

HTTP proxy port. Leave blank to disable. Default value: Empty

Proxy

Proxy User

proxy.user

String

no

Proxy Username (if applicable)

user

Proxy

Proxy Password

proxy.password

String

no

Proxy Password (if applicable)

abc123

Advanced

Controller URL

controller.url

String

no

The ability to modify the App container URL in case its default name (wss-ghe-app) was modified. Default value: http://wss-ghe-app:5678

http://wss-ghe-app:5678

Issues

Should Create Issues

bolt4scm.create.issues

Boolean

no

The ability to globally enable/disable Issues creation across all of your organization's repositories.

Default value: true

(NOTE: Supported from version 20.5.1.3 only)

Issues

Should Update Commit Status

bolt4scm.create.check.runs

Boolean

no

The ability to globally enable/disable commit statuses across all of your organization's repositories.

Default value: true

(NOTE: Supported from version 20.5.1.3 only)

settingsInheritedFrom

String

When the global configuration is enabled, this parameter will specify the location of the whitesource-config repository from which it will inherit its configuration. It must contain the GitLab user name, repository name and branch (optional) of the repo-config.json file location. The default branch is 'master', but can be modified according to the location of the repo-config.json file in the whitesource-config repo. 

NOTE: You can override specific parameters that are relevant only in the specific repository by adding these after this parameter.

Examples:

Using only values defined in the global configuration:

"settingsInheritedFrom": "whitesource-config@master"

Using values defined in the global configuration and overriding the scan settings parameters:

"settingsInheritedFrom": "whitesource-config@master", 
"scanSettings": {
  "projectToken": "12345",
  "baseBranches": ["master","integration"]
}

No

N/A

configMode

String

The configuration mode to be used for each scan. There are three options:

• AUTO - Automatic mode. This will use the default WhiteSource configuration. 

• LOCAL - Local mode. This will look for a local 'whitesource.config' file to be provided in the root folder of the current repository. The configuration file should be in the same format as the Unified Agent configuration file. NOTE: Not supported in the Global Configuration.

• EXTERNAL - External mode. This will look for a configuration file specified according to the configExternalURL parameter. 

No

Auto

configExternalURL

String

The URL of the external configuration file (you can choose any filename). The configuration file content should be in the same format as the Unified Agent configuration file.

The following protocols are supported: 'ftp://', 'http://', 'https://'.

For example: 'https://mydomain.com/whitesource-settings/wss-unified-agent.config'

NOTE: This parameter is relevant only if configMode was set to EXTERNAL.

No

Empty

projectToken

String

Adds the ability to map a GitLab repository to a WhiteSource project. The parameter used needs to be the WhiteSource project token.

NOTE: Not supported in the Global Configuration.

No

Empty

baseBranches

Array

Adds the ability to specify one or more base branches for which scanning results will be sent to a new WhiteSource project.

Example usage: ["master", “integration"]

This will set both master and integration branches as base branches.

Note the following:

• An Issue will only be created for the specified branch names.

• Repositories which do not contain the baseBranches parameter will have issues generated for all branches.

• For each specified branch, a WhiteSource project will be created. The name of the project will contain a suffix "_branchname". For example, MyApp_dev. This suffix will not apply to the default branch.

NOTE: This parameter is available only from version 20.7.1.

No

Empty 

In this case, the base branch only consists of the default branch.

enableLicenseViolations

Boolean

When enabled, a new WhiteSource License Check will be generated for each valid push.

NOTES:

• This parameter is available only from version 20.11.2.

• You must have it least one policy of match type By License Group defined with a Reject action in the WhiteSource UI.

• The policy name in the WhiteSource UI must start with a “[License] “ prefix.
  For example, "[License] PolicyName".

No

false

displayMode

String

How to display WhiteSource security information for a scan performed on a non-base branch:

• When set to diff - Only the diff of detected vulnerabilities between the current commit and its base branch commit will be displayed. NOTE: This value is only supported when using the baseBranches configuration.

• When set to baseline - A summary of all detected vulnerabilities in the full repository inventory will be displayed.

No

diff

vulnerableCommitStatus

String

Customizable commit status settings.

• FAILED - If the WhiteSource scan detects vulnerabilities in a repository, the commit status will show a "failure" indicating that vulnerabilities were detected.
  If no vulnerabilities were detected, the commit status shows a "success" indicator. (default option)

• SUCCESS - The commit status will show a success indicator at the end of the scan regardless of whether the scan detected vulnerabilities in the repository.

• NONE - The commit status will not be updated by WhiteSource under any circumstances, not even to a "running" indicator while the scan is in progress.

No

FAILED

licenseCommitStatus

String

Customizable commit status settings.

• FAILED - If the WhiteSource scan detects license policy violations in a repository, the commit status will show a "failure" indicating that license policy violations were detected.
  If no license policy violations were detected, the commit status shows a "success" indicator. (default option)

• SUCCESS - The commit status will show a success indicator at the end of the scan regardless of whether the scan detected license policy violations in the repository.

• NONE - The commit status will not be updated by WhiteSource under any circumstances, not even to a "running" indicator while the scan is in progress.

No

FAILED

showWsInfo

Boolean

Whether to show additional WhiteSource information such as the project token inside the WhiteSource Commit Status (after the scan token).

WhiteSource information is only displayed if the commit originated from a base branch.
If the commit exists in multiple branches, the WhiteSource information displayed will only represent the origin base branch (i.e. where the baseBranches parameter was defined).

The following hidden JSON object will also be added inside the Commit Status when this parameter is enabled:

<!-- <INFO>{"projectToken":"1cd2d2a8651145c087609e0a43f783e95f7008cb908541498348fed529572e01"}</INFO> -->

NOTE: Additional WhiteSource data may be added inside the JSON object in the future.

No

false

minSeverityLevel

String

Enables users to decide whether to open a new Issue only if a certain severity level is available on a detected vulnerability.

Available values for minSeverityLevel:

• NONE - No Issues will be generated.

• LOW - Any Low/Medium/High vulnerabilities found will generate an Issue.

• MEDIUM - Any Medium/High vulnerabilities found will generate an Issue.

• HIGH - Any High vulnerabilities found will generate an Issue.

NOTE: The WhiteSource Security Check summary is also affected by this parameter.

No

LOW

openConfidentialIssues

Boolean

Whether the GitLab issues opened by WhiteSource will be confidential issues.

No

false

displayLicenseViolations

Boolean

Whether to generate an Issue for every detected license policy violation.

NOTE: This parameter is relevant only if enableLicenseViolations (scanSettings) is set to true.

No

true

(only if enableLicenseViolations (scanSettings) is set to true)