The GitHub integration allows you to scan your GitHub repository directly and connect it to your WhiteSource projects without needing a local clone / copy of your remote GitHub repository.
You should have an existing GitHub account with a public email account.
In order to make sure that your email is public, please login to your GitHub repository and click on edit profile at the top right corner:
Then, on the “Profile” section, please make sure that you have your email set as the public email. Once complete, click on “Update Profile”:
Add Your GitHub User
The first thing that you should do in order to use the GitHub integration feature is to associate your WhiteSource portal user with your GitHub user.
In order to do so, please click on your name in the upper right corner and select profile from the drop-down menu:
In the user profile management screen, click on Associate Social Account:
Select GitHub on the next screen and login using your GitHub credentials:
on the next screen, please click on “Authorize Application”. Make sure the "Organization access" option is checked for "whitesource":
You can now see your GitHub account under your Social Identities section:
Setup a GitHub Scan
In order to setup a GitHub scan, we will go to the Admin menu and click on “GitHub Repository Scan”:
In the GitHub Repository scan you can select the specific branches and tags that you wish to scan by specifying a user and a repository. Once decided, click on select in order to add the desired repository to the selected repositories list.
For each repository, under the “project” column, please specify whether to create a new project or to scan the repository into an existing one.
Once completed, click on Save and the information will be saved for future use.
Pre-requisites for languages requiring build preparations
Notice: To run a GitHub scan on repositories that involve additional build or installation steps, such an "npm install" or "pip install" commands, you need to make sure :
- These steps have been applied
- The GitHub repository contents already includes the files generated by running these steps.
Run a GitHub Scan
In order to run a scan, click on “Scan Repositories” at the lower part of the GitHub Repository Scan screen .
You will receive a notification that a scan has begun:
In addition, as long as the scan is in progress, you will see an indication near the “Scan Repositories” button: