TeamCity Plugin



Overview

The plugin integrates automatic open source management with Jetbrains TeamCity

Once set up, all usage of open-source software in the organization will be continuously and automatically in sync with WhiteSource.

  • New projects will be created

  • Existing projects will be updated

  • Policies will be enforced on every action, failing the build if necessary.


The plugin currently support build steps with either Maven, Ant, or shell script Runner types.

The plugin is licensed under the Apache 2.0 license. Source code and issues are hosted on github .

How it Works

On execution, the plugin will determine which open source is currently used by your project and send it to WhiteSource.

No source code is scanned. Only descriptive information is sent over the wire.

Normal Flow

WhiteSource uses the collected information to create new projects or update existing ones.

Policy Check Flow

The plugin will check each new library against the organizational policies. If any library is automatically rejected by some policy, the build will fail. Otherwise your account will be updated.

An informative report of the results will be generated regardless of the outcome.

Installing the Plugin

Download the plugin:

TeamCity Version

WhiteSource plugin

Installation of the plugin is done directly via the TeamCity GUI:

  1. Go to Administration →  Server Administration → Plugins List.

  2. Click on the “Upload plugin zip” button, and navigate to the location of the plugin's zip file.

     

  3. Restart the TeamCity server (this task can also be done via the TeamCity GUI).

Using the Plugin

Start by configuring the global settings, these settings will be applied to every project in your TeamCity environment. Then, setup the jobs that should interact with WhiteSource.

Global Settings

Once the plugin is installed go to Administration →  Integrations → WhiteSource.

  • Organization Token: A unique identifier of the organization. You can retrieve it in the Admin Integration API page.

  • User Key: Unique user key. See User Level Access Control in Integrations and APIs for more information. 

  • Policy Check: Checks that the introduced open source libraries conform with organization policies.

    • Check only new libraries: Check that the newly introduced open source libraries conform with organization policies.

    • Force check all libraries: Check that all introduced open source libraries conform with organization policies. 

    • Disable: Disable policies check when updating WhiteSource.

  • Force Update: Updates organization inventory regardless of policy violations.

  • Fail on Error: Indicates whether or not to fail the build on a general error (e.g. network error).

  • Service URL: URL of the environment on which the WhiteSource organization is hosted. The default ishttps://saas.whitesourcesoftware.com”; therefore organizations hosted on that can leave this field blank.

  • Connection Timeout (optional): Connection timeout value in minutes. If field is left blank then value is 60 minutes.

  • Proxy Server (optional)If TeamCity is behind a firewall then you should select the checkbox. As displayed in the following screenshot, once the checkbox is selected, newly displayed fields can be filled in, in order to allow communication with the WhiteSource servers. 


Environment Variable - Skip plugin

By setting SKIP_WHITESOURCE_PLUGIN to true the plugin will be disabled.

Connection Retries

Number of connection retries when unable to connect to WhiteSource service (default value is 1).

Connection Retries Interval

Connection interval in seconds between two connection retries to WhiteSource service (default value is 3 seconds).



Job Specific Settings

You should enable the plugin for each job you want to use to update WhiteSource.

Only supported runner types will have this options visible.

Maven Runner



Generic Configuration

Build runners that have no concise system for managing dependencies require a different configuration.

What we're looking for is descriptive information about each library used. What we need to know is which libraries to include and where we can find them, that is the sole purpose of the configuration.



Build Log

The plugin is executed when the runner finishes. Sample log section:

Screen Casts

Install the plugin and import data into WhiteSource.



Apply policy check before updating WhiteSource.

Change Log

Version

Description

Version

Description

Version 21.1.1

  • Upgrade com.thoughtworks.xstream dependency  version to 1.4.15

Version 20.11.2

  • Upgrade com.thoughtworks.xstream dependency  version to 1.4.14 

Version 20.10.2

  • Upgrade junit dependency  version to 4.13.1 

Version 20.7.1

  • Upgraded the XStream Core dependency to version 1.4.12

Version 20.6.2

  • Bug fix - check policies

Version 19.11.2

Version 19.9.2.2

  • Minor Fixes

Version 19.5.3

  • Minor Fixes

Version 19.1.2

  • Update agent api version

Version 18.10.1

Version 18.6.2

  • Resume build upon failed communication to server.

Version 18.5.1

  • Added support for user-level access control in integrations.

Version 17.11.4

  • Improve hash processing.

  • Add parameter to enable/disable whitesource plugin (SKIP_WHITESOURCE_PLUGIN = true ).

  • Bug Fix - Fail or error : Build did not pass despite the flag set to false.

Version 1.1.7

  • Add 'fail on error' functionality - fails the build even in case of inventory force update, or other general errors.

Version 1.1.6

  • Add force update functionality.

Version 1.1.5

  • Add support for force check all dependencies (old and new) according to the organization policies

  • Bug Fix - use global settings in maven runner.

Version 1.1.4

  • Add connection timeout parameter. Connection timeout is measured in minutes. Default value is 60 minutes.

Version 1.1.3

  • Automatic proxy detection + minor bug fixes.

Version 1.1.2

  • Product identification in agent api

  • Improved proxy configuration

  • Option to change service url

Version 1.1.1

Minor changes:

  • Communication with WhiteSource servers is now encrypted using SSL by default.

  • Several bug fixes in policy check report

  • Code refactor

Version 1.1.0

First release of the plugin.