Overview

This page describes how to get started with the Unified Agent.

Prerequisites

Ensure you have one of the following Java versions on the computer on which you want to run the Unified Agent. 

Additionally, depending on your project type, ensure that the relevant package managers are installed:

Project Type

Package Manager

C#

  • NuGet + .Net

  • Paket

Elixir, Erlang

MIX

Go

  • Dep

  • Godep

  • Vndr

  • Gogradle

  • Govendor

  • Gopm

  • Glide

  • Vgo

  • Modules

  • Bazel

Haskell

Cabal

Java

  • Maven

  • Gradle

  • ANT

  • Bazel

JavaScript

  • Yarn - required only if the project is not built

  • NPM - required only if the project is not built (or the detection was set to use NPM)

  • Bower

Objective-C, Swift

CocoaPods - required only if the project is not built  

OCaml

Opam

PHP

Composer - required only if the project is not built

Python

  • PIP

  • Poetry

  • Pipenv

R

Packrat - if used

Ruby

Bundler

Rust

Cargo - required only if the project is not built

Scala

SBT

Unified Agent Usage Overview

Step #

Step Name

1

Download the latest version of the Unified Agent and verify its integrity.

2

Set up the Unified Agent.

3

Do one of the following:

(See execution examples on this page)

4

View the results in your WhiteSource organizational portal.

Downloading the Unified Agent

The Unified Agent latest version can be downloaded from Amazon S3 or GitHub.

Latest Unified Agent Version

File

Features

Release Date

MD5

Comments

21.3.2.1

wss-unified-agent.jar

Release Notes 21.3.2.1

13-04-2021

707B193FEB891C1B40DD98A0B433ECA8

N/A


Version

File

Features

Release Date

MD5

Comments

21.3.2.1

wss-unified-agent-21.3.2.1.jar

Release Notes 21.3.2.1

13-04-2021

707B193FEB891C1B40DD98A0B433ECA8

N/A

21.3.2

wss-unified-agent-21.3.2.jar

Release Notes 21.3.2

11-04-2021

C3576952F70F574FE6745E754A16A0EE

N/A

21.3.1

wss-unified-agent-21.3.1.jar

Release Notes 21.3.1

04-04-2021

C5639E304DEC915F664CE2B391D5A9D7

N/A

21.2.2

wss-unified-agent-21.2.2.jar

Release Notes 21.2.2

14-03-2021

5118B3403C578EC3AD922901CF70EF85

N/A

21.2.1

wss-unified-agent-21.2.1.jar

Release Notes 21.2.1

28-02-2021

490F2217238889F0EC22A4D9352174B9

N/A

21.1.2.1

wss-unified-agent-21.1.2.1.jar

Release Notes 21.1.2.1

14-02-2021

9C6B4DE63AAC89EBB4E7411F792C0AA8

N/A

21.1.2

wss-unified-agent-21.1.2.jar

Release Notes 21.1.2

14-02-2021

15D50AB0EF4D43907393515BF19F6897

N/A

21.1.1

wss-unified-agent-21.1.1.jar

Release Notes 21.1.1

31-01-2021

FDC75043196E49882BCBE19CBCBBD81D

N/A

20.12.3

wss-unified-agent-20.12.3.jar

Release Notes 20.12.3

17-01-2021 

00198172C5724A389CCD6EACD41B8D96

N/A

20.12.2

wss-unified-agent-20.12.2.jar

Release Notes 20.12.2

03-01-2021

DA174CC191818A3763CC79934C2AEAE8

N/A

20.12.1

wss-unified-agent-20.12.1.jar

Release Notes 20.12.1

20-12-2020

70C387ECCA4FA7DCEA02C6C27FFE9247

N/A

20.11.2

wss-unified-agent-20.11.2.jar

Release Notes 20.11.2

06-12-2020

20FC4F59F3183F98D12E82882039531A

N/A

20.11.1

wss-unified-agent-20.11.1.jar

Release Notes 20.11.1

22-11-2020

75293725F596010982E7B831B6BC2F98

N/A

20.10.2

wss-unified-agent-20.10.2.jar

Release Notes 20.10.2

08-11-2020

AD6F30452BAB599BA13CFBE6CDC59AC1

N/A

20.10.1

wss-unified-agent-20.10.1.jar

Release Notes 20.10.1

25-10-2020

2D4624B239234177C851F7204ADB21F3

N/A

20.9.2.1

wss-unified-agent-20.9.2.1.jar

Release Notes 20.9.2.1

15-10-2020

673218A312EB4BF2EB4BB2122E66D2EC

N/A

20.9.1

wss-unified-agent-20.9.1.jar

Release Notes 20.9.1

04-10-2020

F375670B1F651330254AF5C65830CB10

N/A

20.8.2

wss-unified-agent-20.8.2.jar

Release Notes 20.8.2

13-09-2020

6CD6522EB3BFA9D5893505B618303C72

N/A

20.8.1.1

wss-unified-agent-20.8.1.1.jar

Release Notes 20.8.1.1

09-02-2020

E4D40C9C156BA1F284D23A09061FCAA9

N/A

20.8.1

wss-unified-agent-20.8.1.jar

Release Note 20.8.1

30-08-2020

2D4624B239234177C851F7204ADB21F3

N/A

20.7.3.1

wss-unified-agent-20.7.3.1.jar

Release Notes 20.7.3.1

24-08-2020

F15A81CA898EF48378C004F0C30DAC17

N/A

20.7.3

wss-unified-agent-20.7.3.jar

Release Notes 20.7.3

16-08-2020

088FE4495C2636DB12DDE290599D3487

N/A

20.7.2

wss-unified-agent-20.7.2.jar

Release Notes 20.7.2

02-08-2020

C4C1C03EAD650710F41BA06F934E6C8A

N/A

20.7.1

wss-unified-agent-20.7.1.jar

Release Notes 20.7.1

19-07-2020

B0E5171D9187DD5DCF0DC2E31065F210

N/A

20.6.2

wss-unified-agent-20.6.2.jar

Release Notes 20.6.2

05-07-2020

9B00D753CEE4AB7706D6BF5F47A3C5EE

N/A

20.6.1.1

wss-unified-agent-20.6.1.1.jar

Release Notes 20.6.1.1

28-06-2020

460155621945D42A0F0B373F646BC491

N/A

20.6.1

wss-unified-agent-20.6.1.jar

Release Notes 20.6.1

21-06-2020

4E23EF142E29EA1BED0620F83CFCA569

N/A

20.5.2

wss-unified-agent-20.5.2.jar

Release Notes 20.5.2

07-06-2020

396917EE2C0ADB58C0DFA20E5DAE6D44

N/A

20.5.1

wss-unified-agent-20.5.1.jar  

Release Notes 20.5.1

24-05-2020

6C2BDD65B57EF8480C49C33D5B202185

N/A

20.4.2.1

wss-unified-agent-20.4.2.1.jar 

  • Bug fixes

12-05-2020

4FE20039F2323181A7B218E444D08D3B

N/A

20.4.2

 wss-unified-agent-20.4.2.jar   

  • Nuget resolution - Support of Floating Versions, e.g for example: 20.3.*

  • npm.ignoreScripts is supported for Yarn 
    (in addition to NPM)

  • Bug fixes

10-05-2020

A4311921A3C24D8B82401CA79765AC93

N/A

20.4.1.2

 wss-unified-agent-20.4.1.2.jar 

  • Bug fixes - detection of OS packages for RPM and Debian based systems.

04-05-2020

EBDEF558C11911F312A43B3754D63516

N/A

20.4.1.1

wss-unified-agent-20.4.1.1.jar

  • Bug fixes

27-04-2020

EA949C737B5F4F3B979BE3AEF71F9BC6

N/A

20.4.1

wss-unified-agent-20.4.1.jar

  • This version provides support for Global Packages for Poetry

  • In addition to parsing/collecting yarn dependencies, the Unified Agent now supports adding yarn workspaces with their dependencies (direct and transitive) as a hierarchy tree

  • Bug fixes

26-04-2020

11C15925E4A6DB42FED71BCC8B10351F

N/A

20.3.2

wss-unified-agent-20.3.2.jar

  • Support Docker Azure Login to Registeries ACR

  • Support projects using sbt-coursier and SBT <1.3.x

  • Improved resolution of GitHub dependencies in python

  • GO improved resolution of "Replace Directive"

  • When ignoreSourceFiles=true then includes/excludes param will be ignored

  • Enable using -ignoreEuaNotices flag from the command line

  • New Flags : docker.azure.authenticationType, docker.azure.registryAuthenticationParameters

  • Bug fixes

12/04-2020

ACE029C7C78501DD4144ADEAFBC1F0F8

N/A

20.3.1

wss-unified-agent-20.3.1.jar 

  • Support for go version 1.14

  • Support for cabal version 3.0

  • New flags:   haskell.runPreStep, nuget.resolveAssetsFiles

  • bug fixes

29-March-2020

570732B7B4993626886C7277DDEABEBE

N/A

20.2.2

wss-unified-agent-20.2.2.jar 

  • Support build.gradle.kts (gradle kotlin files)

  • Go VNDR package manager improvements

  • Gradle improvements

  • New flags: ignoreEuaNotices, python.resolvePipEditablePackages

  • Minor bug fixes

15-March-2020

265FDCDFE4957F563839CDAD5B69DB37

N/A

20.2.1

wss-unified-agent-20.2.1.jar

  • Nuget resolution optimizations

    • Bug fixes

1-March-2020

EFA11408B05BD091C42BAA3D99C9E0A2

N/A

20.1.3

wss-unified-agent-20.1.3.jar

  • Bug fixes

  • support to SBT 1.3.x

16-Feb-2020

EFA11408B05BD091C42BAA3D99C9E0A2


20.1.2 

wss-unified-agent-20.1.2.jar

  • Bug fixes

  • Support DNF/ centOS:8  images scan

02-Feb-2020

F9A65505858A17C50B02E6A1FF0D0340


20.1.1 

wss-unified-agent-20.1.1.jar

  • Bug fixes

  • Nuget resolution Optimizations

  • Python EUA Optimizations

26-JAN-2020

386D855084E6BAC388E673BDCFF9C18E


19.12.2

wss-unified-agent-19.12.2.jar

  • Npm resolution optimization

  • Bug fixes

05-JAN-2020

5600023FB14724540AB2FF41B906B2A7


19.12.1.2

wss-unified-agent-19.12.1.2.jar

  • Minor fix for gradle resolution

  • Bower resolution fix

  • Minor fixes

26-DEC-2019

05CC57719938D46BCA7CCCB0585EB330


19.12.1.1

wss-unified-agent-19.12.1.1.jar

  • Minor python bug fix

22-DEC-2019

62D3A4910D85548355789A7738E222AD


19.12.1

wss-unified-agent-19.12.1.jar

  • Resolve R dependencies  without a package manager 

  • Add the ability to read maven output from a file

  • Add summary statistics (Time Elapsed) to the recommendation phase.

  • Bug fixes

22-DEC-2019

0EC3A0C76513A2482D84C3B8434E22D7


19.11.2

wss-unified-agent-19.11.2.jar

  • Support new Artifactory integration flags :

    • artifactory.includes

    • artifactory.excludes

  • Add new flag for PHP: 

    • php.ignoreSourceFiles

  • Add whitesource folder path flag - whiteSourceFolderPath

  • Bug fixes

08-DEC-2019

FEECAEDFEB849735627D68E005A6459F


19.11.1

wss-unified-agent-19.11.1.jar

  • Avoiding scan of *.opam files when scanning Ocaml project

  • Improvement of Yarn resolution

  • Change default location of logs and allow the user to modify it with a new configuration parameter - log.files.path

  • Bug fixes

24-NOV-2019

0000A3B0790E02FDF59FA88C1A726F2E


19.10.1

wss-unified-agent-19.10.1.jar

  • Add support for OCaml

  • Add dependency hierarchy tree for pipenv

  • Maven project name can be taken from the pom.xml file

  • Resolve of NPM's global packages - relevant for Docker

  • Fix WS logo in checkPlicies report

  • Bug fixes

24-NOV-2019

5CAB6CA5092EDB9906E108DCD9332233


19.9.2.3

wss-unified-agent-19.9.2.3.jar

  • Minor bug fixes - python resolution

28-OCT-2019

68CBA721502F66E011A4CCCD7339C89D


19.9.2.2

wss-unified-agent-19.9.2.2.jar

  • Add new flag for NPM - npm.failOnNpmLsErrors

  • SBT enhancement

  • Bug Fixes

27-OCT-2019

EE304EA7C5BD7D57041FBDD38C1FB446


19.9.1.1

wss-unified-agent-19.9.1.1.jar

  • Minor bug fix for Yarn dev dependencies resolution  

26-SEP-2019

900C228DD11F4E1F4E2226E62486F8BB


19.9.1

wss-unified-agent-19.9.1.jar

  • Support docker images scan for images saved as tar or tar.gz files, docker.scanImages should be enabled. New parameter: docker.scanTarFiles

  • Minor bug fixes

22-SEP-2019

97B3136DD6756D70E68D3ABC3FA28AB9


19.8.1

wss-unified-agent-19.8.1.jar

  • Support gradle.ignoredConfigurations & gradle.includedConfigurations
    in addition to gradle.ignoredScopes & gradle.includedScopes

  • Support Extraction of .hpi files extraction

  • Logs folder per scan

  • Support Docker Artifactory additionl URL for pulling images
    'docker.artifactory.pullUrl' added to be used as URL to docker [login/pull] commands while ‘docker.artifactory.url’ is used to run REST API command for artifactory.

  • sbt.targetFolder becomes deprecated

  • general bug fixes

08-SEP-2019

D2E1DEFCD0E378B65F16B8AA250A22C8


19.7.3.3

wss-unified-agent-19.7.3.3.jar

  • Fix bug in noConfig scan mode

21-AUG-2019

98143FDF996818AAB937FAF9B09E0C44


19.7.3.2

wss-unified-agent-19.7.3.2.jar

  • Fix a bug that prevented scanning a/an container/image without specifying a tag

20-AUG-2019

C150CF3D43A8699E9A3D21AE035F7EC1


19.7.3.1

wss-unified-agent-19.7.3.1.jar

  • Minor bug fixes

19-AUG-2019

51B5BB8538EA2A82E10DF2E5285F8553


19.7.3

wss-unified-agent-19.7.3.jar

  • Support for Cabal - Haskell package manager

  • Added two configuration parameters for Gradle: gradle.excludeModules and gradle.includeModules

  • Bug fixes

18-AUG-2019

54427B4C04E1C629DBC2D4089DAEAFAD


19.7.2

wss-unified-agent-19.7.2.jar

  • Add the ability to specify which scopes to include in the scan in Gradle resolution

  • Bug fixes

04-AUG-2019

4BD05463F66AE0BAC607F067923ADF71


19.7.1

wss-unified-agent-19.7.1.jar

  • Add the ability to pass arguments to maven dependency tree command

  • Fix Java warnings when using JDK 12 on Windows 10

  • Improve NuGet resolution - check target framework

  • Set default for "updateEmptyProject" parameter to "true"

  • Add the number of scanned  Linux (Debian/Rpm/Alpine/Arch Linux) packages found to Summary Scan 

  • Support for Cargo - Rust package manager

  • Bug fixes

21-JUL-2019

EC017302E7FCCEC507D769A105558177


19.6.1

wss-unified-agent-19.6.1.jar

  • Enabling automatic creation of the config file, with recommended settings according to the contents of the scanned folders, using a new command line parameter "-detect"

  • Go projects can be scanned without any dependency manager installed.  To use this functionality Go 1.11 (or above) should be available. and go.dependencyManager in the configuration files should be set to modules

  • Bug fixes

07-JUL-2019

64986C756521FC446BC0700D71D43B74


19.5.3.1

wss-unified-agent-19.5.3.1.jar

  • Minor Fix.

23-JUN-2019

478F162CB95FAAC8684D90BCA3C56DD1


19.5.3

wss-unified-agent-19.5.3.jar

  • Allowing to disable downloading of missing dependencies in gradle and maven, using 2 new command line paraemters:

    • maven.downloadMissingDependencies

    • gradle.downloadMissingDependencies

  • The flag gradle.localRepositoryPath can handle a list of paths with comma/space separated

  • When scanning Gradle projects, allowing to add parameters to the gradle dependencies (or gradlew dependencies command), using a new configuration parameter - 

    • gradle.additionalArguments

     User can provide any parameters starting with '-' or '--', and Unified Agent should add these at the end of the gradle       dependencies or gradlew dependencies command. For example:

  • -Pbranch=dev -PbuildWithSources=false

  • --no-daemon --info

  • -Pbranch=dev -PbuildWithSources=false --no-daemon --info

  • Bug fixes

23-JUN-2019

E71F5F36C466F11E71A1B194DF447638


19.5.2

wss-unified-agent-19.5.2.jar

  • Scan of Go projects improvements - reduced time and memory usage

  • VNDR in Go - More accurate hierarchy tree retrieval

  • Fixed EOFException error when scanning HTML dependencies

  • Allow Artifactory access by user name and password, with 2 new configuration parameters:

    • artifactory.userName

    • artifactory.userPassword

  • When scanning Gradle project, path to gradlew (gradle wrapper) can be set using a new configuration parameter:

    • gradle.wrapperPath

  • When scanning NPM projects, allow to control if duplicated and global dependencies are ignored, using the following configuration parameters:

    • npm.removeDuplicateDependencies

    • npm.resolveAdditionalDependencies

  • When scanning a JFrog Artifactory repository, the UA can update the JFrog Artifactory property tab.

  • Bug fixes

02-JUN-2019

EC909172A7429CC7847BC6BE08F4F7DC


19.5.1.2

wss-unified-agent-19.5.1.2.jar

  • Gradle android resolution bug fix

27-MAY-2019

914B9C20FC70455AAB93873DC98ECE05


19.5.1.1

wss-unified-agent-19.5.1.1.jar

  • Go Dep resolution bug fix

20-MAY-2019

D1D0A3A9F1142B6B99DF40E60E4B7FE3


19.5.1

wss-unified-agent-19.5.1.jar

  • Added support for Docker Hub integration, using 4 new configuration parameters:

    • docker.hub.enabled

    • docker.hub.userName

    • docker.hub.password

    • docker.hub.organizationsNames

  • Added support to support Ant external parameters with a new configuration parameter

    • ant.external.parameter

  • Added support to scanning of JFrog Artifactory using APIs, with new configuration parameters

    • artifactory.enableScan

    • artifactory.url

    • artifactory.accessToken

    • artifactory.repoKeys

  • Added support to R scanning, with new configuration parameters:

    • r.resolveDependencies

    • r.runPreStep

    • r.ignoreSourceFiles

    • r.cranMirrorUrl

19-MAY-2019

D1D0A3A9F1142B6B99DF40E60E4B7FE3


19.4.2.1

wss-unified-agent-19.4.2.1.ja

  • Bug Fix - prevent creation of projects for non direct sub-folders (as previous versions)

13-MAY-2019

A622E7DA33353BBACC65C3CE7686927A


19.4.2

wss-unified-agent-19.4.2.jar

  • Improved Go projects scanning using Glide & Dep dependency managers

  • Bug fixes

05-MAY-2019

E46756D06E43E5B317A1ABC7E508E9FD


19.4.1.1

wss-unified-agent-19.4.1.1.jar

  • Minor Bug fixes

22-APR-2019

FA72DF9C4CDE9B0F6C14E5D0404C9665


19.4.1

wss-unified-agent-19.4.1.jar

  • Dep package manager for Go: The display of the hierarchy tree has been optimized.

  • Support Scanning Apache Ant based projects, using 2 new configuration parameters: 'ant.resolveDependencies' & 'ant.pathIdIncludes'. 

  • Bug fixes

21-APR-2019

9F37EB3DAAD94F49F865132478E19143


19.3.2.1

wss-unified-agent-19.3.2.1.jar

  • Bug fixes

08-APR-2019

0D46F5FBAB5496232BACB9907C8BDF94


19.3.2

wss-unified-agent-19.3.2.jar

  • Add configuration parameters for specifying a framework that should be scanned by EUA - 1) analyzeFrameworks whether to use analyzeFrameworksReference 2) analyzeFrameworksReference - path to a file containing frame work reference, passed to the EUA

  • The log includes more data about Gradle's ignored scopes

  • Add a configuration parameter to control filename format of the JSON Scan Report - scanReportFilenameFormat

  • Add a configuration parameter - npm.resolveMainPackageJsonOnly:  when true,  checking if there is a package json in the folder of -d parameter, if the file doesn't exist, the scan will fail, otherwise scanning only on this package.json.

  • gradle.ignoredScopes can accept regular expressions as a value.

  • Bug fixes

07-APR-2019

CB8013F47AFFEB9E1A1DA4861FF8A91C


19.3.1

wss-unified-agent-19.3.1.jar

  • Added .car extraction to the zip extractions

  • Implementation of Docker image scanning from google container registry

24-MAR-2019

02F4B9C66A4FF2EC8941E5F507F6C0C2


19.2.2.2

wss-unified-agent-19.2.2.2.jar

  • Fix sbt bug

17-MAR-2019

B45A15A7A9B12A9297411211C9D067A6


19.2.2.1

wss-unified-agent-19.2.2.1.jar

  • Enable running EUA even if there are npm commands errors.

  • Fix stopwatch bug

13-MAR-2019

16030BB5E6CFC6E8CD9B3CCC011E340D


19.2.2

wss-unified-agent-19.2.2.jar

  • Fixed regex pattern to work on linux/ubuntu as well

  • Log is more detailed - added separation between scan steps and provide summary of all steps. See also /wiki/spaces/WD/pages/723813398.

  • Added new CLI and configuration parameter - generateScanReport, when set to true a json report is created at the end of the scan. The report includes information on vulnerabilities, policy violations, top fixes and inventory details.

  • Added new configuration parameter - generateProjectDetailsJson, when set to ‘true’, the Unified Agent generates a JSON file at the end of the scan named ‘scanProjectDetails.json’ containing the projectToken(s) and projectName(s) .

  • Added a new configuration parameter - excludeDependenciesFromNodes - which excludes specific dependency nodes from a scan.

  • Added functionality to support resolving of NuGet projects having `nuspec` file as the manifest file. A new configuration parameter was added - nuget.resolveNuspecFiles

  • Bug fixes

10-MAR-2019

EE59E98203D567163A1275517D11431B


19.2.1.1

wss-unified-agent-19.2.1.1.jar

  • Fix support for different nuspec dependency formats

25-FEB-2019

58C607518E8CD3BF760099E3F6FCF885


19.2.1

wss-unified-agent-19.2.1.jar

  • Support vgo (Go Modules) package manager for Go (new valid value for go.dependencyManager - vgo)

  • Support Include/exclude fields in Serverless scanning.  2 new configuration parameters available - serverless.includes & serverless.excludes

  • EUA scan can run without a configuration file (only with CLI parametes)

  • Bug fixes

24-FEB-2019

754A658FC4A6CAA2B6F3F585C5178EF7


19.1.2

wss-unified-agent-19.1.2.jar

  • Added hierarchy tree support for glide, go-dep and go-pm package managers

  • Changed Maven repository's URL to access mirror sites properly

  • Making sure Hex is installed before running the Hex resolver

  • Improved parameters' reading when scanning offline request files

  • When scanning a Go project - making sure the manifest file is updated before resolving it

  • New configuration file paramter - maven.m2RepositoryPath  - path to .m2 repository

  • Improved EUA related error messsages

  • Bug fixes

10-FEB-2019

08B8241D8D0096B55D5EF912C82C7867


19.1.1

wss-unified-agent-19.1.1.jar

  • Added support for full hierarchy tree in Nuget projects

  • Added new configuration parameter failErrorLevel which sets additional scenarios to 'error' instead of 'success'

  • Default value for -c command line parameter (path to configuration file) was changed to 'wss-unified-agent.config' (if that file is not found, the Unified Agent will look for 'whitesource-fs-agent.config')

  • When preparing a multi-module setup file, added a new field named altName (alternative name), such that when two different modules have a jar with the same name, the alternative name is used.

  • Using a new command line parameter -analyzeMultiModuleExclusions - when preparing a multi-module setup file, filtering out files which names end in values found in the exclusions list.

  • Bug fixes

27-JAN-2019

A928EE6FD80A747933D378838C9EAF9A


18.12.2

wss-unified-agent-18.12.2.jar

  • New configuration parameter - gradle.localRepositoryPath - path to local dependencies repository.

  • The UA can resolve dependencies only based on manifest file; source files are not necessary. 

  • New configuration parameter - maven.environmentPath - path to installation of maven, in case it doesn't match the M2_HOME environment variable

  • Improved Hex resolver SHA1 detection functionality 

  • Improved error messages when running EUA

  • Added supported to AWS Lambda server-less functionality; requires new configuration parameters - 

    • serverless.provider

    • serverless.scanFunctions

    • serverless.functionNames

    • serverless.region

    • serverless.maxFunctions

13-JAN-2019

28F2B17BC7AEF31B2832B28996BDAABD


18.12.1

whitesource-fs-agent-18.12.1.jar

  • Option to disable all dependency resolvers for a scan using a new configuration parameter 'resolveAllDependencies'.

  • Support for ruby bundler 'gems.locked' file. The Unified Agent can scan both 'gems.locked' and 'Gemfile.lock' files if these are found in the project path.

  • Minor bug fixes

30-DEC-2018

A0B04D6F8922D07DC9225FF27619815


18.11.2.1

whitesource-fs-agent-18.11.2.1.jar

  • New CLI parameter -noConfig;  when set to true, you can run a scan without using a configuration file. However, parameters projectToken or project and apiKey are mandatory.

  • New CLI parameter -wss.url which is a parameter already available in the configuration file.

  • Fixed a bug which raised an exception when running offline-scan and the product-token parameter was emtpy

  • Time-stamp in log expanded to include date and time-zone

  • Minor bug fixes

30-DEC-2018

656C065FF61D346F2BC8A002439DAA0F


18.11.1




whitesource-fs-agent-18.11.1.jar

  • Add nuget.resolvePackagesConfigFiles parameter (default value is true) and nuget.resolveCsProjFiles parameter (default value is true). If nuget.resolvePackagesConfigFiles is true, the unified agent resolves packages.config files. If nuget.resolveCsProjFiles is true, the unified agent resolves .csproj files. Note: nuget.resolveDependencies needs to be set to true in order for these new parameters to take effect.

  • Minor bug fixes.

02-DEC-2018

BDB9D6867813EB25AFD8324904110409


18.10.3

whitesource-fs-agent-18.10.3.jar

  • Support CocoaPods package manager.

  • Add maven.ignoreMvnTreeErrors parameter (default value is false). If the parameter is true and the command `mvn dependency:tree` failed, the unified agent tries to resolve the partial output (of the command) and parse all the direct dependencies from the pom.xml file.

  • Minor bug fixes.

18-NOV-2018

8EBDEAE146BCEF47D2E53FB6CFCC388F


18.10.2.1

whitesource-fs-agent-18.10.2.1.jar

  • Minor fix

05-NOV-2018

74F359FF56E3B4A426BD13A43D1C7BF7


18.10.2

whitesource-fs-agent-18.10.2.jar

  • Bug fixes

04-NOV-2018

6DAE5432F21817CD8DAAAA0FAFC7117F


18.10.1

whitesource-fs-agent-18.10.1.jar

  • Support Pipenv package manager.

  • Allow downloading and using configuration file from remote locations (supported protocols: https, ftps and samba).

  • Add Pre-Step option for Gradle scans.

  • Support Seamless Docker image scanning in AWS ECR.

  • Add 'maven.runPreStep' flag - when enabled the Unified Agent will run "mvn clean install" on the root project folder.

  • Add a new parameter 'updateInventory' - when set to 'false', it will simply send a check policies request to WhiteSource without sending the update request.

  • Minor bug fixes.

21-OCT-2018

8E343F78D76A98D650EB504FEB3D4314


18.9.1.1

whitesource-fs-agent-18.9.1.1.jar

  • Bug fix from version 18.9.1 - Unified Agent HTTP maximum request size was fixed from 1MB to 200MB.  

  • Support govendor package manager.

  • Support Gopm package manager.

  • Add new config parameter, "go.gogradle.enableTaskAlias", to enable/disable task aliasing - when using gogradle.

  • Minor bug fixes.

09-OCT-2018

089FBF27CD1F6EA530EFC455856F22DF


18.9.1

whitesource-fs-agent-18.9.1.jar

  • Support govendor package manager.

  • Support Gopm package manager.

  • Add new config parameter, "go.gogradle.enableTaskAlias", to enable/disable task aliasing - when using gogradle.

  • Minor bug fixes.

07-OCT-2018

D9FCDC2F85CC9E6095A97DD3E86A88B4


18.8.3.1

whitesource-fs-agent-18.8.3.1.jar

  • Minor bug fixes

17-SEP-2018

9CFEFE1B7D529E0E84BAAEBC46B94B3A


18.8.3

whitesource-fs-agent-18.8.3.jar

  • Added a new parameter gradle.ignoredScopes to the configuration file. Value can be a space-separated list of scopes to be ignored from the scan.

  • Added ignoreSourceFiles parameter to the configuration file, for Ruby, Python, Bower, NPM, Nuget, Maven, Gradle, Packet, Go & SBT.

  • Minor bug fixes

16-SEP-2018

550B87D9AED5561CA230B6C30CA5A158


18.8.2




whitesource-fs-agent-18.8.2.jar

  • Supports extraction of aar files.

  • Support gradle dependencies resolution with gradle wrapper; Add a new parameter: gradle.preferredEnvironment - when set to 'wrapper',Unified Agent will run 'gradlew' wrapper command. If set to 'gradle', it will use the built-in gradle command.
    If parameter is missing or empty, the default value is 'gradle'.

  • Support Glide package manager; Add a new parameter: go.glide.ignoreTestPackages - whether or not to ignore test packages defined with the 'testImport' section of the glide.yaml file.

  • Add an option to run 'nuget restore' before scanning packages.config files; Add a new parameter: nuget.runPreStep - runs 'nuget restore' on found packages.config files.

  • Change the config file and CLI parameters to be case-insensitive.

  • Minor bug fixes:

    • Maven resolution: fix incorrect maven dependency tree analysis with verbose=true and fix parsing of maven dependency tree in first run of the command 'mvn dependency:tree'.

    • Gradle resolution: fix parsing of 'gradle assemble' command.

    • Other: remove all temporary files after failure.

02-SEP-2018

70B01D9E7204D68C93558E9444B28702


18.8.1

whitesource-fs-agent-18.8.1.jar

  • Minor bug fixes - removing print of duplicates lines, fixing override modules while running on maven multi-modules projects and fixing an error parsing while npm resolution.

19-AUG-2018

2C390264F7BD4F737A3403114B64EC5C


18.7.2

whitesource-fs-agent-18.7.2.jar

  • Support Python dependencies that are listed directly in setup.py files. The following parameters were added:

    • New configuration file parameter: 'python.resolveSetupPyFiles' (default value is false). This flag will execute the setup.py script in order to install & resolve dependencies.

  • SBT Integration: 

    • New configuration file parameter: 'sbt.runPreStep' (default value is false). Whether or not to run 'sbt build' on the folder.

    • New configuration file parameter: 'sbt.targetFolder'. Beforehand, the target folder of the project was always the 'target' folder in the project root. It can now be changed by specifying the target path.

  • Support failing builds on policy violation when the flag 'forceUpdate' is enabled. If the flag is true, the return code will be the result of the policy check.

    • New configuration file parameter: 'forceUpdate.failBuildOnPolicyViolation' (default value is false).

  • Add help command to CLI.

  • Minor bug fixes

05-AUG-2018

E0F44F15C1F33BE76248A78A6547416A


18.7.1

whitesource-fs-agent-18.7.1.jar

  • The Python dependency default file name (‘requirements.txt’) can be changed, and the Unified Agent can support multiple Python dependency files. The following parameters were added:

    • New configuration file parameter: 'python.requirementsFileIncludes' (default value is ‘requirements.txt’).

    • New CLI parameter: '-requirementsFileIncludes' (default value is ‘requirements.txt’).

  • Maven Integration: The default value for the configuration parameter ‘maven.aggregateModules’ was changed to false.
    Note: Customers who have explicitly set this parameter or who have not yet upgraded to this version of the Unified Agent are not affected.  

  • Gradle Integration: The default value for the configuration parameter ‘gradle.aggregateModules’ was changed to false.
    Note: Customers who have explicitly set this parameter or who have not yet upgraded to this version of the Unified Agent are not affected.

  • SBT Integration: The default value for the configuration parameter ‘sbt.aggregateModules’ was changed to false.  
    Note: Customers who have explicitly set this parameter or who have not yet upgraded to this version of the Unified Agent are not affected.

  • Minor bug fixes

22-JUL-2018

018EA81E0A89DE35D5968D39B9B02F4D


18.6.3

whitesource-fs-agent-18.6.3.jar

  • Added command line '-projectToken' and '-productToken' parameters

  • Added support to SBT's multi-module projects

  • Added support to Gradle's multi-module projects

  • Minor bug fixes

08-JUL-2018

16C93A64450FA4265F2E47E398F134CC


18.6.2

whitesource-fs-agent-18.6.2.jar

  • Supports Scala dependency resolution

  • Supports JavaScript files resolution from HTML

  • Supports python dependency tree resolution

  • Supports running 'npm install --ignore-scripts'

24-JUN-2018

21A5029C6AF2852DE66C8F226B17D305


18.5.2

whitesource-fs-agent-18.5.2.jar

  • Improved support for Ruby dependencies resolution - dependencies are sent in hierarchy tree

10-JUN-2018

6B7F6022D08FAA38B1DD0A5ECACC8ABD


18.5.1

whitesource-fs-agent-18.5.1.jar

  • Supports Go dependency resolution

  • Supports Ruby dependency resolution

27-MAY-2018

8F25D5E8EA83DF3107133EA6A573B121


18.4.2

whitesource-fs-agent-18.4.2.jar

  • Added support for user-level access control in integrations.

  • Supports java 10

  • Supports new gradle android (New Gradle 3.0) implementation/API keywords

  • Minor bug fixes

13-MAY-2018

3897BB8AE4DBCA0F3D1FBE792C563829


18.4.1

whitesource-fs-agent-18.4.1.jar

  • Bug fix - archive extraction exceeds Windows length

29-APR-2018

6DBBE0F301874AE6287F92B8BF85D0EC


18.3.2

whitesource-fs-agent-18.3.2.jar

  • Supports paket dependency resolution

15-APR-2018

44654A53BA445F4DEA77852D74237B54


18.3.1

whitesource-fs-agent-18.3.1.jar

  • Supports Yarn

  • Supports scanning Docker images for rpm packages

  • Minor bug fixes

04-APR-2018

08E75B61DA9CBB47C002B818D9358A9F


18.2.2

whitesource-fs-agent-18.2.2.jar

  • Support scanning Docker images

  • Support Gradle dependency resolution

  • Fixed GitHub ssh issue

  • Resolve .Net dependencies using dotnet restore

18-MAR-2018

CD111E1D774F97ACE931E4734F1AB327


18.2.1

whitesource-fs-agent-18.2.1.jar

  • Supports java 9

  • Supports python 3 dependency resolution

  • Bug fix - error when sending empty maven dependencies 

04-MAR-2018

7FD0BB04C8F6C2A1951FA0B431D4AAEB


18.1.3

whitesource-fs-agent-18.1.3.jar

  • Bug fix - made 'requestFile' parameter to read data from multiple files

  • Added support for private npm registries

  • Added parameters for build resume: connectionRetries & connectionRetriesInterval 

18-FEB-2018

8EF2C85EA5F63F5451907F3ED0578F22


18.1.2

whitesource-fs-agent-18.1.2.jar

  • Bug fix - WSE-196 - override project name when running offline request 

  • Added python resolve capability

04-Feb-2018

0AE008C1F3EADEE99C5A45C13DDB9C8B


18.1.1

whitesource-fs-agent-18.1.1.jar

  • Added support for Linux flavors package manager scan (Alpine, Arch , Debian , CentOS by setting 'scanPackageManager=true'

  • Added support to .net Core Packages (.csproj files)

  • Bug fix - passing apiKey via command line.

21-Jan-2018

E335C27978D2EF88E735612601BA9EFA


17.12.4

whitesource-fs-agent-17.12.4.jar

  • Added support for UTF-8-BOM encoded JavaScript files

  • Added the ability to run 'npm install' and 'bower install' automatically on found node/bower folders by using runPreStep parameter

  • Bug fix - project name for single maven project

07-Jan-2018

8CB2174EA7CDF5FDF6EB1AE23D5E71EC


17.12.2

whitesource-fs-agent-17.12.2.jar

  • Added time stamp to the logs

  • Supports override offline mode via command line

  • Bug fix - checksum calculation for '.js' files

  • Bug fix - archive file path

24-Dec-2017

7E2CE04A4542123810655F873B2C782B


17.12.1

whitesource-fs-agent-17.12.1.jar

  • Supports npm version 5.x

  • Supports extraction of maven dependencies

  • Bug fix - upload of offline request file

17-Dec-2017

417A15BE609EDB1F2FDE29558A92E184


17.11.4

whitesource-fs-agent-17.11.4.jar

  • Supports extraction of tar.xz

  • Bug fix - Delete temporary files when extracting archive files

  • Bug fix - handle errors while running 'npm ls'

03-Dec-2017

979B5221EC7A20A61FF350A4CABF6E80


17.11.3

whitesource-fs-agent-17.11.3.jar

  • Supports scanning List of remote repositories

  • Supports 'npm install' if package.json was found while scanning remote repositories

26-Nov-2017

d4af724a29a69f99540432638111c5e8


17.11.2

whitesource-fs-agent-17.11.2.jar

  • Added ability to append to existing projects via the command line '-updateType APPEND'

19-Nov-2017

47236E596CF529B7C7D450698DBA00BE


1.9.0

whitesource-fs-agent-1.9.0.jar

  • Added ability to create one project per scanned subfolder using "-projectPerFolder"

  • Added ability to include js files outside of node_modules folder using ignoreJavaScriptFiles = false

  • Added requesterEmail via configuration file "requesterEmail=user@provider.com"

05-Nov-2017 

C6396D64F974A09B5E353FEB767867B2


1.8.9

whitesource-fs-agent-1.8.9.jar

Added apiKey via command line using "-apiKey"

Added support for sending offline requests via command line using "-requestFiles"

Improved memory usage:

  • Fixed decompressing single file.

  • Improved decompressing procedure while considering the "excludes" parameter

22-Oct-2017

4B2ECBF250F0C1DE683715637E10F5E4


1.8.8

whitesource-fs-agent-1.8.8.jar

Added ability to calculate more sha1 checksums to improve matching of source files.

Resolved issues WSA-213, WSA-256:

  • Improved memory usage while scanning

  • Handling of NuGet .config files with no packages

  • Displays system path of files extracted from archives relative to the archive file

24-Sep-2017

355DAC0C30B07339F437D2B75BE52CD0


1.8.7

whitesource-fs-agent-1.8.7.jar

Resolved issues WSA-100, WSA-104:

  • Handles permission errors when calculating other platform sha1

  • Does not add strings to an immutable list

04-Sep-2017

5AAC786F099D2AF3B4731F178A56A960


1.8.6

whitesource-fs-agent-1.8.6.jar

Resolved issues WSA-64, WSA-69, WSA-75, WSA-76, #7 and #8:

  • Uses canonical paths to resolve '.' when using -d parameter

  • Handles error when parsing NuGet .config files

  • Sets system path for all files, including files over 10mb

  • Supports scanning archive files using -d parameter

  • Better error handling for reading properties from configuration file

2017-08-28

8D5377A99B359E97B405300C71031C3A


1.8.5

whitesource-fs-agent-1.8.5.jar

  1. Minor bug fixes

2017-08-08

B1983464ACDDC8E0D290850539AD0EBF


1.8.4

whitesource-fs-agent-1.8.4.jar 

Added NuGet recognition through packages.config files

2017-07-31

195BB14CE51277EF99E5FE876182F43A


1.8.3

whitesource-fs-agent-1.8.3.jar

Reads productVersion and projectVersion from command line

2017-07-31

5ACC4D2E889ED8BB5E017A9C53D37860


1.8.2

whitesource-fs-agent-1.8.2.jar

Fixed issues of missing 'version' tag on dependency listing

2017-07-23

07DB808A24ABC9E27F6FE4F111CADAA1


1.8.1

whitesource-fs-agent-1.8.1.jar

  1. Added bower resolve capability.

  2. Minor fixes

2017-07-19

CFAF17D45D0FE43151148A9064D4F141


1.8.0

whitesource-fs-agent-1.8.0.jar

  1. Added npm resolve capability.

  2. Upgraded to java 8

  3. Added support for proxy parameters in the command line

  4. Added exit code : Success=0, Error=-1, Policy Violation=-2, Client Failure=-3, Connection Failure=-4

2017-07-12

B38BD003DE107D26CA0E45F2E4595CBC

Java 8 is required.


Click here for earlier versions of the Unified Agent (previously called the File System Agent (FSA)).

Setting Up the Unified Agent

There are several methods for configuring the Unified Agent:

The configuration is applied in the following order of precedence:

  1. Command-line parameters

  2. Environment variables

  3. Configuration file

  4. Default values

Setting the Configuration Parameters

Set the following configuration parameters, in any of the available methods, for the Unified Agent's execution:

Parameter Name

Environment Variable Name

Configuration File Parameter Name

Command Line Parameter Name 

Description

API Key

WS_APIKEY

apiKey

-apiKey

The identifier of the organization

WhiteSource URL

WS_WSS_URL

wss.url

-wss.url

WhiteSource URL: 

https://[saas/app/app-eu/saas-eu].whitesourcesoftware.com/agent

Project Name

WS_PROJECTNAME

projectName

-project

The name of the project created after running a scan

Includes

WS_INCLUDES

includes

N/A

Which files to include/exclude in the scan (file extensions, file names. folder names, etc.) by use of GLOB patterns (i.e. **/*.c to scan all .c files). Refer here for details.

For setting more advanced and specific environment-related parameters, refer here.

Scanning Best Practices

General Tips

Scanning Source Files Overview

WhiteSource matches your source files to the source library (from GitHub, SourceForge, or other SCM) from which they most likely originated, done by utilizing a set of advanced algorithms. WhiteSource’s knowledge base includes ~340M source files and ~45M open-source projects (source libraries).

The source files matching method is required when there are no known packages that can be resolved by utilizing the dependency resolution process. It is instead required to match a list of scanned source files to a source library from where the files are downloaded - along with its version - in order to detect open source licensing information.

Note that the algorithm does not affect security vulnerabilities reporting as this information depends on source files.

Scanning Procedure 

The following is an example of scanning C and C++ source files:

includes=**/*.c **/*.cc **/*.cp **/*.cpp **/*.cxx **/*.c++ **/*.h **/*.hpp **/*.hxx

ignoreSourceFiles=false (default)

It is recommended to enable SmartMatch* (an enhanced matching algorithm) for an existing organization in the Advanced Settings section in the Integrate tab.

Running the Unified Agent 

To run the Unified Agent from the command line, execute the following command on the machine where your code base is located, or in a shell script task as part of your build pipeline:

Linux/macOS:

java -jar /path/to/wss-unified-agent.jar -c /path/to/wss-unified-agent.config -d /path/to/project/root/directory

Windows:

java -jar "C:\path\to\wss-unified-agent.jar" -c "C:\path\to\wss-unified-agent.config" -d "C:\path\to\project\root\directory"

NOTES:

Running the Unified Agent in a Docker Container

The Unified Agent can also be executed via Docker container. A Dockerfile template containing different package managers (e.g. maven, npm, etc.) can be found here. The file includes installation commands that enable you to create a customizable run environment for scanning projects/files, plus a basic (editable) set of package managers.

NOTE: This option currently does not support Docker scanning.

Viewing and Understanding the Scan Steps and Summary

The Unified Agent command-line interface enables you to view the steps that ran as part of a scan and understand how long each step took.

Start/End Indication

A start/end indication is displayed for each scan step. For example:

------------------------------------------------------------------------
-------------------- Start: Pre-Step & Resolve Dependencies ------------
------------------------------------------------------------------------
[INFO] [2019-03-07 13:58:02,775 +0200] - Trying to resolve MAVEN dependencies
[INFO] [2019-03-07 13:58:02,776 +0200] - topFolder = C:\Users\Me\Desktop\UAtests\GenerateScanReport\generateScanReport\Data
[INFO] [2019-03-07 13:58:07,105 +0200] - Start parsing pom files
[INFO] [2019-03-07 13:58:07,112 +0200] - End parsing pom files , found : search-engine,search-engine-client,search-engine-server
[INFO] [2019-03-07 13:58:07,191 +0200] - Trying to resolve HTML dependencies
[INFO] [2019-03-07 13:58:09,113 +0200] -
------------------------------------------------------------------------
-------------------- End: Pre-Step & Resolve Dependencies --------------
------------------------------------------------------------------------

Summary Table

A summary at the end of scan with all the relevant information on each step is also displayed. It Includes the following columns:

For example: 

Step                                 Completion Status                              Elapsed                              Comments
======================================================================================================================================================
Fetch Configuration                     COMPLETED                                 00:00:00.078                           --------
Scan Files Matching 'Includes' Pattern  COMPLETED                                 00:00:00.014                   1 source/binary files
Pre-Step & Resolve Dependencies         COMPLETED                                 00:00:06.378                   7 total dependencies (7 unique)
   MAVEN                                COMPLETED                                 00:00:04.416                   5 total dependencies (5 unique)
   HTML                                 COMPLETED                                 00:00:01.922                   2 total dependencies (2 unique)
Update Inventory                        COMPLETED                                 00:00:01.551                   2 updated projects

======================================================================================================================================================
Elapsed running time:                                                             00:00:08.021
======================================================================================================================================================
Process finished with exit code SUCCESS (0)

Execution Examples

The following are several syntax examples for various use cases of the Unified Agent execution:

Executing the Unified Agent: 

java -jar /path/to/jar/wss-unified-agent.jar -d /path/to/lib/folder

If you want to place the configuration file in a different folder, then you can specify its path as follows:

java -jar /path/to/jar/wss-unified-agent.jar -c /path/to/config/file -d /path/to/lib/folder

Multiple folders and files from text file:

(1)  To avoid a long command line string, use a text file with folders and files separated by new lines. For example:

/path/to/javascript/lib
/path/to/ruby/lib
/path/to/jars/aopalliance-1.0.jar
/path/to/jars/antlr-2.7.7.jar
/path/to/cpp/httpclient.cpp

 (2)  Run the agent using the argument '-f' (see Command Line Parameters):

java -jar /path/to/jar/wss-unified-agent.jar -f files.list

Multiple Folders and Files

Multiple folders and files can be scanned by entering comma-separated paths and using the argument '-d':

NOTE: Single files inserted via the -d argument are not excluded if they match the exclude glob pattern.

java -jar /path/to/jar/wss-unified-agent.jar -c /path/to/config/file -d /path/to/java/lib,/path/to/cpp/lib,/path/to/js/lib,/path/to/file/myfile.rb

Run the Unified Agent with the project and/or product parameters from the command line instead of the configuration file:

java -jar /path/to/jar/wss-unified-agent.jar -c /path/to/config/file -d /path/to/lib/folder -product my-product-name -productVersion 1.0.0 -project my-project-name -projectVersion 1.0.0

Allow downloading and using a configuration file from remote locations as well:

java -jar /path/to/jar/wss-unified-agent.jar -c http://user:password@example.com:8080/ -d /path/to/lib/folder

Run the Unified Agent with updateType from the command line:

NOTE: Supported from version 17.11.2. If not specified, the default value is updateType OVERRIDE.

java -jar /path/to/jar/wss-unified-agent.jar -updateType APPEND -c /path/to/config/file -d /path/to/lib/folder

Run the Unified Agent to create one project per subfolder:

java -jar /path/to/jar/wss-unified-agent.jar -projectPerFolder true -c /path/to/config/file -d /path/to/lib/folder

Run the Unified Agent with apiKey from the command line instead of the configuration file

java -jar /path/to/jar/wss-unified-agent.jar -c /path/to/config/file -apiKey your-api-key -d /path/to/lib/folder

Example:

Run the Unified Agent with proxy parameters from the command line instead of the configuration file

java -jar /path/to/jar/wss-unified-agent.jar -c /path/to/config/file -d /path/to/lib/folder -proxy.host my-proxy-host-name -proxy.port my-proxy-port-number -proxy.user my-proxy-username -proxy.pass my-proxy-password

Allow downloading and using the configuration file from remote locations with proxy 

NOTE: Running the Unified Agent with '-product' and '-project' parameters from the CLI will ignore the same parameters set in the configuration file (supported from version 1.7.1).

java -jar /path/to/jar/wss-unified-agent.jar -c path/to/config/file/in/remote -proxy scheme://<user>:<password>@host:port/ -d /path/to/lib/folder

*SmartMatch is trademarked.