The old plugin version of WhiteSource Advise is deprecated.

Overview

WhiteSource Advise for IntelliJ IDEA is a plug-in for the IntelliJ IDEA Integrated Development Environment (IDE) that is designed to empower developers with important, valuable information on security vulnerabilities concerning open-source components employed in their development projects.

WhiteSource Advise for IntelliJ IDEA does the following:

Support for Languages and Package Managers

WhiteSource Advise for IntelliJ IDEA supports Java, Kotlin and Scala projects using Maven (pom.xml dependency files), and supports Java projects using Gradle (build.gradle dependency files).

NOTE: Gradle Kotlin projects are not supported in WhiteSource Advise.

Prerequisites

Ensure the following:

Installing WhiteSource Advise

To install WhiteSource Advise, do as follows:

  1. Start IntelliJ IDEA.

  2. From the menu bar, select File > Settings. The Settings screen is displayed.

  3. From the left sidebar, click Plugins.

  4. In the Search box, enter whitesource and then press Enter from your keyboard. The WhiteSource Advise plugin information is displayed.

  5. Click Install and then click Restart IDE.

  6. In the pop-up dialog box, click Restart.

Activating WhiteSource Advise

To activate WhiteSource Advise, do as follows:

  1. Start IntelliJ IDEA, specifying the preferred project.

  2. From the sidebar on the right, click WhiteSource (if you do not see the sidebar, select View >Tool Windows > WhiteSource). The Welcome screen is displayed.

  3. In Email, enter your organizational email (the email domain must be licensed to use Advise).

  4. In License Key, enter your license key (See here for more information on how to obtain a license key). 

  5. Click Connect.

NOTE: If you check Remember Token, the login credentials will be stored for later use. Once stored, the WhiteSource Advise login credentials will be used for all projects.

Configuring WhiteSource Advise

To configure WhiteSource Advise, do as follows:

  1. From the menu bar, select File > Settings. The Settings screen is displayed.

  2. Select Tools > WhiteSource.

  3. In Scan Results Settings, review the options and modify if necessary. See here for complete options list.

Options Table

Option

Description

Default Setting







Scanning a Project for Security Vulnerabilities

To scan a project, do one of the following:

Reviewing Scan Results

To view scan results, do as follows:

  1. Click the Inspection Results tab at the bottom (it may be already open).

  2. Ensure that you are in the WhiteSource Security Check tab (it is part of the Inspection Results area). This tab features information on vulnerability issues found inside the current project. For every module, the relevant vulnerabilities are displayed via either a pom.xml (Maven) or build.gradle (Gradle) item. Note the following functionality:

Displaying Vulnerability Information for a Scanned Component

This section describes how WhiteSource Advise can be used to display security vulnerability details for a project, via IntelliJ's main code view.

Open the WhiteSource security check tab and do as follows:

Viewing General Plugin Information 

To view version information about WhiteSource Advise, do as follows:

The About screen displays information about the Advise plugin's version, general information on your IDE, along with links for Privacy policy and Terms and Conditions.

Upgrading WhiteSource Advise 

To upgrade the WhiteSource Advise plugin, do as follows:

  1. From the menu bar, select File > Settings > Plugins. Ensure that you are in the Installed tab. A list of installed plugins is displayed.

  2. In the Downloaded section, search for WhiteSource Advise, and on the right-hand side, click Update.
    NOTE: If there is no new version, the Update button will not appear, and there is no need to continue this procedure. 

  3. Select WhiteSource Advise.

  4. If you are prompted to restart, do so.

Uninstalling WhiteSource Advise

To uninstall the plugin, do as follows: 

  1. From the menu bar, select File > Settings > Plugins. Ensure that you are in the Installed tab. A list of installed plugins is displayed. 

  2. In the Downloaded section, search for WhiteSource Advise and click it. The WhiteSource Advise plugin page is displayed.

  3. On the right-hand side, click the drop-down box, and then click Uninstall. The Plugin Uninstall dialog box is displayed. 

  4. Click Yes to confirm.

  5. If you are prompted to restart, do so.