Previous Versions of the Jenkins Plugin

General information 

The plugin integrates automatic open source management with Jenkins

Once set up, all usage of open source software in the organization will be continuously and automatically in sync with White Source.

  • New projects will be created
  • Existing projects will be updated
  • Policies will be enforced on every action, failing the build if necessary.

The plugin is licensed under the Apache 2.0 license. Source code and issues are hosted on github .

How it works

Once the build is finished, the plugin will determine which open source is currently used by your project and send it to White Source.

Normal flow

White Source uses the collected information to create new projects or update existing ones.

Policy check flow

The plugin will check each new library against the organizational policies. If any library should be automatically rejected by some policy the build will fail. Otherwise your account will be updated.

An informative report of the results will be generated regardless of the outcome.

The report files are saved in:

$JENKINS_HOME\jobs\<job name>\\builds\<build YYYY-MM-DD_HH-mm-ss>\whitesource

Installing the plugin

Like any other plugin for Jenkins. Go to the Jenkins update center, find and check White Source Publisher and Install it.

Using the plugin

Start by configuring the global settings, this settings will apply across all jobs on this Jenkins master. Then setup which jobs should interact with White Source.

Global Settings

Once the plugin is installed go to Administration -> Server Configuration -> White Source.

API token

A unique identifier of the organization. You can get yours in the administration section in your White Source account.

Policy check

Checking this option will check policies before any update.

Job specific settings

For each job you want to use the plugin you need to add a post build action. In job configuration 

Common configuration

This fields are common to all job types. They are mainly here to allow different values for global settings.

Product name or Token

Name or token to uniquely identify the product to update.

Product versionVersion of the product to update.
Check policiesOptionally override this property from global configuration.
Override API tokenOptionally override this property from global configuration.
Project tokenUnique identifier of the White Source project to update. If omitted, default naming convention will apply.
Requester emailEmail of the WhiteSource user that requests to update WhiteSource.

Maven jobs

Normally for maven 2/3 jobs no extra configuration is required.

However, If you do need more control on the plugin behavior click on Advanced to show more options.



Module tokensMap of module artifactId to White Source project token.
Modules to includeOnly modules with an artifactId matching one of these patterns will be processed by the plugin.
Modules to excludeModules with an artifactId matching any of these patterns will not be processed by the plugin.
Ignore pom modulesSet to true to ignore this maven modules of type pom.

Freestyle jobs

Projects with no concise system for managing dependencies like maven require different configuration.

What we're looking for is descriptive information about each library used. What we need to know is which libraries to include and where we can find them, that is the sole purpose of the configuration.


IncludesComma, space or line separated list of Ant style GLOB patterns specifying which files to include in scan.
ExcludesComma, space or line separated list of Ant style GLOB patterns specifying which files to exclude form scan.

Supported Extension Types

Currently we support the following file extensions:

Binary File Extensions

jar, aar, dll, tar.gz, egg, whl, rpm, tar.bz2, tgz, deb, gzip, gem, swf, swc

Source File Extensions

c, cc, cp, cpp, cxx, c++, go, goc, h, hpp, hxx, m, mm, c#, cs, csharp, js, php, py, rb, swift

Archive File Extensions

jar, war, ear, sca, gem, whl, egg, tar, tar.gz, tgz, zip

Screen casts

Coming soon ...