The plugin is a Setuptools added command to integrate Python projects with open source management.
Once configured and executed the plugin will create new projects, update existing projects and enforce inventory license policies.
The plugin is licensed under the Apache 2.0 license.
Source code and issues are hosted on github.
On execution, the plugin will determine which open source libraries are currently used by your project and send it to WhiteSource.
WhiteSource uses the collected information to create new projects or update existing ones.
The plugin will check each new library against the organizational policies. If any library should be automatically rejected by some policy the build will fail. Otherwise your account will be updated.
- Python 2.7+ or 3.5+
- Setuptools 1.1.5+
Download the latest version.
Pip Users (recommended)
Easy Install Users
1. Import the Plugin
2. For projects with a requirements.txt file, add this line before the call to setup():
As from version 18.2.1 WssPythonPlugin.open_required method is deprecated and might be removed in the future.
3. Add an 'install_requires' line within the setup() method:
If you don't have a 'requirements.txt' file, then you can add your list of dependencies directly within the setup() method, for example:
4. Add the entry point for the WhiteSource plugin within the call to setup() method:
Example of the setup.py:
Install the dependencies:
- Create a configuration file, for example: "my_config_file.py"
- Within this file, initialize a dictionary named config_info with the following parameters:
|org_token||String||Unique identifier of the organization to update, can be retrieved from the admin page in your White Source account||Yes|
|url_destination||String||The URL of the White Source service||No, defaults to saas|
|check_policies||boolean||Whether or not to enforce checking organizational policies||No, defaults to false|
|product_name||String||Name or unique identifier of the product to update.||No|
|product_version||String||Version of the product to update.||No|
|index_url ||String||Local Pypi repository url, other than the official Pypi repository||No|
|proxy ||Dictionary||Assigning proxy settings||No|
Used only if 'check_policies' is set to true.
Setting 'force_check_all_dependencies' to true will force check all policies for all dependencies introduced to the WhiteSource projects.
Setting 'force_check_all_dependencies' to false or not using it at all will check only the new dependencies introduced to the WhiteSource projects.
Indicates whether to update WhiteSource inventory even if there's a policy violation.
Irrelevant if 'check_policies' is set to false or unspecified.
|fail_on_error||boolean||Indicates whether to fail the build on a policy rejection, even if 'force_update' is also set to true. In this case, the inventory will be updated and the build will fail.||No|
|connection_retries||String||Connection retries when unable to connect to WhiteSource service (default value is 1).||No|
|connection_retries_interval||String||Connection interval in seconds between two connection retries to WhiteSource service (default value is: 3 seconds).||No|
The host address
|port||String||The port number||No|
|user_name||String||User name for the proxy server authentication||No|
|password||String||Password for the proxy server authentication||No|
Example of the my_config_file.py:
To execute the plugin directly, simply run in your shell.
Sample log section: