Python Plugin (Setuptools)

General Information

The plugin is a Setuptools added command to integrate Python projects with open source management.

Once configured and executed the plugin will create new projects, update existing projects and enforce inventory license policies.

The plugin is licensed under the Apache 2.0 license.

Source code and issues are hosted on github.

Using the Plugin

On execution, the plugin will determine which open source libraries are currently used by your project and send it to WhiteSource.

Normal Flow

WhiteSource uses the collected information to create new projects or update existing ones.

Policy Check Flow

The plugin will check each new library against the organizational policies. If any library should be automatically rejected by some policy the build will fail. Otherwise your account will be updated.



  • Python 2.7+ or 3.5+
  • Setuptools 1.1.5+


Download the latest version.

VersionFileFeaturesRelease DateMD5Comments
19.2.1wss_plugin-19.2.1.tar.gzMinor fix2019-02-2402020502B1A29BA34B8D555006A28F12
18.6.3wss_plugin-18.6.3.tar.gzResumes build upon failed communication to server.2018-07-088296584a26aa53bebe15ecb65e4f66b5
18.6.2wss_plugin-18.6.2.tar.gzUpdate version of one of the dependency of the plugin2018-06-249ac631710a4ecf8300ba8b078ed530be

Added support for user-level access control in integrations:

Add request token
Fix support for pip 10
Add support for URL dependencies in requirements.txt via pip
Fix support for python 3
18.1.2wss_plugin-18.1.2.tar.gzCreate offline request2018-01-3135aded9da0df96a546043520548fb725
1.1.4wss_plugin-1.1.4.tar.gzFix Python 2 backwards compatibility issue for loading config file module2017-06-2963e4dc13799bac36c8febc2a5199939b
1.1.3wss_plugin-1.1.3.tar.gzAdd force check all dependencies, force update and fail on error configuration parameters2017-06-2182e41f565c247cfbe605ac2b079a890c
1.1.2wss_plugin-1.1.2.tar.gzFix error message2017-06-01e46eb1531117ef2b0c723c38af3bd64e
1.1.1wss_plugin-1.1.1.tar.gzAdd initial support for Python 3.5+2017-05-199ca2c2362b77446ecccda762962e17fd
1.1.0wss_plugin-1.1.0.tar.gzInitial release2015-10-153d78867f02ca29910c92bde6a17eb718


Install the Plugin

Pip Users (recommended)

Easy Install Users

Configure File

1.  Import the Plugin

2. For projects with a requirements.txt file, add this line before the call to setup():

As from version 18.2.1 WssPythonPlugin.open_required method is deprecated and might be removed in the future.

3. Add an 'install_requires' line within the setup() method:

If you don't have a 'requirements.txt' file, then you can add your list of dependencies directly within the setup() method, for example:

4. Add the entry point for the WhiteSource plugin within the call to setup() method:

Example of the

Install the dependencies:


  1. Create a configuration file, for example: ""
  2. Within this file, initialize a dictionary named config_info with the following parameters:

General Parameters:

org_tokenStringUnique identifier of the organization to update, can be retrieved from the admin page in your White Source accountYes
url_destinationStringThe URL of the White Source serviceNo, defaults to saas
check_policiesbooleanWhether or not to enforce checking organizational policiesNo, defaults to false
product_nameStringName or unique identifier of the product to update.No
product_versionStringVersion of the product to update.No
index_url StringLocal Pypi repository url, other than the official Pypi repositoryNo
proxy DictionaryAssigning proxy settingsNo

Used only if 'check_policies' is set to true.
Setting 'force_check_all_dependencies' to true will force check all policies for all dependencies introduced to the WhiteSource projects.
Setting 'force_check_all_dependencies' to false or not using it at all will check only the new dependencies introduced to the WhiteSource projects.


Indicates whether to update WhiteSource inventory even if there's a policy violation.
Irrelevant if 'check_policies' is set to false or unspecified.

fail_on_errorbooleanIndicates whether to fail the build on a policy rejection, even if 'force_update' is also set to true. In this case, the inventory will be updated and the build will fail.No
connection_retriesStringConnection retries when unable to connect to WhiteSource service (default value is 1).No
connection_retries_intervalStringConnection interval in seconds between two connection retries to WhiteSource service (default value is: 3 seconds).No

Proxy Settings:


The host address

portStringThe port numberNo
user_nameStringUser name for the proxy server authenticationNo
passwordStringPassword for the proxy server authenticationNo

Example of the

Executing the Plugin

To execute the plugin directly, simply run in your shell.

Sample log section: