There are several methods for configuring the Unified Agent:
Environment Variables (Recommended) All the parameters available in the configuration file can be passed to the Unified Agent using environment variables. For more information, refer here.
Configuration File A configuration file can be passed to the Unified Agent in the command line using the -c argument. If no file is specified, the Unified Agent will look for a configuration file named wss-unified-agent.config in the current working directory. Refer here for more information. It is recommended to create a blank configuration file and only add parameters that you want to change, in order to make use of the default configuration settings. As a reference, please refer here.
Command-line Parameters The Unified Agent supports command-line options and parameters. For more information refer here.
The configuration is applied in the following order of precedence:
The name of the product created after running a scan.
The name of the project created after running a scan
Scanning Best Practices
Require a userKey by enabling enforce user level access in order to see which team members are scanning. NOTE: The userKey is also required for API calls and reporting parameters such as generateScanReport.
Optimal detection is achieved when scanning after a successful build where dependency files used to create the application are available. NOTE: This will allow the Unified Agent to detect libraries with all three of its detection methods, as described below.
During the detection, manifest files (such as, requirements.txt in python) are used to pinpoint a specific version of the package used.
Binary and Source File Matching Overview
The WhiteSource Unified Agent also detects binaries and source files (such as, .py files in Python or a .jar file in Java) and matches them against the WhiteSource Index.
WhiteSource matches binary and source files to the repository (such as, GitHub, SourceForge) from which they most likely originated.
The WhiteSource knowledge base includes ~340M files and ~45M open source projects.
The file matching method is required when there are no known packages that can be resolved by utilizing the dependency resolution process.
set WS_APIKEY=<your-api-key> set WS_USERKEY=<your-user-key> set WS_PRODUCTNAME=<your-product-name> set WS_PROJECTNAME=<your-project-name> set WS_WSS_URL=https://saas.whitesourcesoftware.com/agent java -jar wss-unified-agent.jar
Specify the -d parameter to scan another directory besides the current working directory.
Full or relative paths can be used, however paths with spaces must be double-quoted ("").
Viewing and Understanding the Scan Steps and Summary
The Unified Agent command-line interface enables you to view the steps that ran as part of a scan and understand how long each step took.
A start/end indication is displayed for each scan step. For example: