NuGet Plugin

General Information

The plugin allows NuGet based projects to integrate with WhiteSource open source management.

Once configured and executed the plugin will create new projects, update existing projects and enforce inventory license policies.

The plugin is licensed under the Apache 2.0 license.

Source code and issues are hosted on github and on npm.


Install plugin globally:


Create a "ws_config.json" file in your project root directory and input your WhiteSource API Token found in the Admin Integration API page:

General Parameters

apiKeyStringUnique identifier of the organization to update, can be retrieved from the admin page in your WhiteSource account.Yes
configurationFilesPathsArrayFull path of NuGet configuration files that are used to identify all the OS componentsYes
productStringName or token of the product to update.No, no projectToken is allowed
productVersionStringVersion of the product to update.No, only read if produc is defined
projectNameStringName of the project to update.No, if not defined matching to existing White Source projects is done by projectToken
projectVersionStringVersion of the project.No, only read if projectName is defined
projectTokenStringAPI token to match an existing WhiteSource project, can be retrieved from the Integration API page in your White Source account.No, if not defined matching to existing White Source projects is done by projectName. No product is allowed
devDependenciesbooleanAdds development dependencies to the WhiteSource report. Accepts either 'true' or 'false'No, default is true
wssUrlStringURL to send the request to.No, defaults to

Used only if action type is 'CHECK_POLICY_COMPLIANCE' or 'UPDATE'.

Setting 'forceCheckAllDependencies' to true will force check all policies for all dependencies introduced to the WhiteSource projects.

Setting 'forceCheckAllDependencies' to false or not using it at all will check only the new dependencies introduced to the WhiteSource projects.

No, default is false

General URL to download nuget packages from registry.

"{0}" - the name of the package

"{1}" - the version of the package

For example if the registry url is: and we want to download the package "nugetPackage" with version "1.0.0".

Assume that the download link for this package is:

The general url is:{0}/{1}

No, default is{0}/{1}/{0}.{1}.nupkg
privateRegistryUsername StringUsername for private registryNo
privateRegistryPassword StringPassword for private registryNo
userKeyStringUnique identifier of the user who updates, can be retrieved from the admin page in your WhiteSource account.Required if WhiteSource administrator has enabled "Enforce user level access" option
connectionRetriesintNumber of connection retries when unable to connect to WhiteSource service (default value is 1).No. Uses the default configuration
connectionRetriesIntervalintConnection interval in seconds between two connection retries to WhiteSource service (default value is: 3 seconds).No. Uses the default configuration

Command Line Parameters

ws_config-cPath to WS configuration file, configuration file name must be "ws_config.json".No, default will look for the file in the working directory
action-aThe request type action. Options are 'UPDATE' or 'CHECK_POLICY_COMPLIANCE'.

No, default is 'UPDATE'


-dWill set debugging level to 'debug' and will create a log file in the working directory.

No, default log level is 'info'

Packages.config File Example

Proxy Configuration

Proxy configuration should be automatically detected according to environment variables or Npm global proxy settings. 

Executing the Plugin

Run the plugin with this command:

Execution sample:

Updating the plugin

 In order to update the plugin please run it with the following command: