Develop a New Agent

Purpose of an agent

Agents should send open source information of a project to WhiteSource.

Once informed, WhiteSource automatically reflects any changes to the project's inventory.

Agents are meant to run periodically in order to allow automatic, continuous, management of a project's usage of open source software.

What information should be sent ?

An agent is expected to send two kinds of information:

  1. Open source usage
  2. Project identification 

Open source usage

At the moment we're only interested in open source libraries used in the project.
For each such usage we need to information to identify the library. An open source library is identified by at least one of two methods, Coordinates and Hash code

These two methods usually corresponds to the way the project is built.
Coordinates is a term used in build systems that provides an integral dependency management like maven, Ivy, etc...
In addition, Hash code (SHA1) can be calculated easily for any file and may be used to identify that library. 

An agent need to use at least one of these methods, depending on the information at hand.
Using both is recommended, if possible. Since it may help to solve some non unique identification conflicts.

Project identification

WhiteSource has to know which project should be associated with the given information. 

Project matching is done utilizing the following waterfall approach:

Step 1: look for a project with a name matching the project's coordinates using the default naming convention.

Step 2: in case the above look up has failed we use the WhiteSource project's unique identifying token. 

If the project is successfully matched, WhiteSource will update its inventory. Otherwise, a new project will be created based on the given information (depends on configuration in the service). 

In addition, a unique identifier for the organization must be provided (acquired from the service).

How to test your agent ?

Coming soon ...