NuGet Plugin
General Information
The plugin allows NuGet based projects to integrate with WhiteSource open source management.
Once configured and executed the plugin will create new projects, update existing projects and enforce inventory license policies.
The plugin is licensed under the Apache 2.0 license.
Source code and issues are hosted on github and on npm.
Installation
Install plugin globally:
Configuration
Create a "ws_config.json" file in your project root directory and input your WhiteSource API Token found in the Admin Integration API page:
General Parameters
| Attribute | Type | Description | Required |
|---|---|---|---|
| apiKey | String | Unique identifier of the organization to update, can be retrieved from the admin page in your WhiteSource account. | Yes |
| configurationFilesPaths | Array | Full path of NuGet configuration files that are used to identify all the OS components | Yes |
| product | String | Name or token of the product to update. | No, no projectToken is allowed |
| productVersion | String | Version of the product to update. | No, only read if produc is defined |
| projectName | String | Name of the project to update. | No, if not defined matching to existing White Source projects is done by projectToken |
| projectVersion | String | Version of the project. | No, only read if projectName is defined |
| projectToken | String | API token to match an existing WhiteSource project, can be retrieved from the Integration API page in your White Source account. | No, if not defined matching to existing White Source projects is done by projectName. No product is allowed |
| devDependencies | boolean | Adds development dependencies to the WhiteSource report. Accepts either 'true' or 'false' | No, default is true |
| wssUrl | String | URL to send the request to. | No, defaults to https://saas.whitesourcesoftware.com/agent |
| forceCheckAllDependencies | boolean | Used only if action type is 'CHECK_POLICY_COMPLIANCE' or 'UPDATE'. Setting 'forceCheckAllDependencies' to true will force check all policies for all dependencies introduced to the WhiteSource projects. Setting 'forceCheckAllDependencies' to false or not using it at all will check only the new dependencies introduced to the WhiteSource projects. | No, default is false |
| repositoryUrl | String | General URL to download nuget packages from registry. "{0}" - the name of the package "{1}" - the version of the package For example if the registry url is: http://privateRegistry.com and we want to download the package "nugetPackage" with version "1.0.0". Assume that the download link for this package is: http://privateRegistry.com/download/nugetPackage/1.0.0 The general url is: http://privateRegistry.com/download/{0}/{1} | No, default is https://api.nuget.org/v3-flatcontainer/{0}/{1}/{0}.{1}.nupkg |
| privateRegistryUsername | String | Username for private registry | No |
| privateRegistryPassword | String | Password for private registry | No |
| userKey | String | Unique identifier of the user who updates, can be retrieved from the admin page in your WhiteSource account. | Required if WhiteSource administrator has enabled "Enforce user level access" option |
| connectionRetries | int | Number of connection retries when unable to connect to WhiteSource service (default value is 1). | No. Uses the default configuration |
| connectionRetriesInterval | int | Connection interval in seconds between two connection retries to WhiteSource service (default value is: 3 seconds). | No. Uses the default configuration |
Command Line Parameters
| Paramater | Alias | Description | Required |
|---|---|---|---|
| ws_config | -c | Path to WS configuration file, configuration file name must be "ws_config.json". | No, default will look for the file in the working directory |
| action | -a | The request type action. Options are 'UPDATE' or 'CHECK_POLICY_COMPLIANCE'. | No, default is 'UPDATE' |
debug | -d | Will set debugging level to 'debug' and will create a log file in the working directory. | No, default log level is 'info' |
Packages.config File Example
Proxy Configuration
Proxy configuration should be automatically detected according to environment variables or Npm global proxy settings.
Executing the Plugin
Run the plugin with this command:
Execution sample:
Updating the plugin
In order to update the plugin please run it with the following command: