Artifactory Plugin

Overview

This plugin integrates Artifactory Artifacts with WhiteSource.

The Artifactory plugin adds additional information to the Artifactory artifacts and updates WhiteSource.  

Once invoked, all the artifacts' metadata on your Artifactory will be uploaded to your WhiteSource inventory.

  • Artifactory instance is mapped to WhiteSource product. 
  • Artifactory repositories will be mapped to WhiteSource projects.
  • WhiteSource organization will be updated regardless of policy violation.
  • Policies will be enforced and policy details will be added to the artifacts property tab, WSS-Acrion (Approve/Reject) and WSS-Policy-Details.
  • Additional data for each artifact will be added to the property tab: WSS-Licenses, WSS-Description, WSS-Homepage and WSS-Vulnerabilities.

The plugin is licensed under the Apache 2.0 license.

Notes

  • Artifactory editions not supported by the Groovy-based User Plugins are not supported by WhiteSource.
  • The recommended integration method for the JFrog Artifactory is using the Unified Agent.
  • Updates in Artifactory: The plugin updates Artifactory repositories with no more than 10000 artifacts.
  • Updates in WhiteSource: The plugin updates WhiteSource with repositories with no more than 2000 artifacts.

How It Works

The Artifactory plugin works in two modes:

  1. Cron based job - when invoked, repositories artifacts will be checked in WhiteSource and additional data will be added to the property tab of each artifact.
  2. Adding new Artifact - when uploaded, new artifact will be checked in WhiteSource. Policies will be checked and additional data will be added to the property tab of the artifact.

Installation

Download

Download the latest version.

VersionFileFeaturesRelease DateMD5
20.9.1whitesource-artifactory-plugin-20.9.1.zipFix typo2020-10-043A238385348051D7AD24EE166F26F935
20.7.3whitesource-artifactory-plugin-20.7.3.zipSupport Artifactory 7.x 2020-08-160A26F0B1CA1A7C2C5FA012D9AED3ED4C
20.6.2whitesource-artifactory-plugin-20.6.2.zipBug fixed - Block artifact in before download in case of policy violation2020-07-07A766DE35D4D39C7C5761E1F7F49501E7
20.5.1whitesource-artifactory-plugin-20.5.1.zipBug fixes2020-05-240F7A360476D0B870229CF54C500A5AC4
19.9.1whitesource-artifactory-plugin-19.9.1.zipMinor bug fix2019-09-22520A2FC631F9D368AE2F2DFC308FAB12
19.4.2whitesource-artifactory-plugin-19.4.2.zipMemory leak bug fix2019-05-05E7DC7341CF90A2B37EAC328D5A675743
19.3.2whitesource-artifactory-plugin-19.3.2.zipMinor bug fix2019-04-070D7103F7CE1142ED3D3C9C206E081AA8
19.3.1whitesource-artifactory-plugin-19.3.1.zipAdd archive extraction depth 'archiveExtractionDepth' parameter2019-03-247352FC6C56D61A001756A1CF040A0576
19.1.1whitesource-artifactory-plugin-19.1.1.zipUpdates agent version2019-01-27018B2749498BF6BC144B03556EAD034B
18.10.3whitesource-artifactory-plugin-18.10.3.zip

Bug Fixes

Added 'triggerAfterCreate' & 'triggerBeforeDownload' parameters

2018-11-18E86760C59E0A3262591707BA7C02C3B7
18.8.2whitesource-artifactory-plugin-18.8.2.zipMinor Bug fixes2018-09-02BB473552069155C24CDD8021C38B9029
18.6.3whitesource-artifactory-plugin-18.6.3.zipMinor Bug fixes2018-07-08480A308C2359BC75EBED9717A032D1B7
18.5.1whitesource-artifactory-plugin-18.5.1.zipAdd user key - unique identifier of user, can be generate from the profile page in your whitesource account2018-05-27EA4F045B6A00136342FF7B9F01FFAFBA
17.12.1whitesource-artifactory-plugin-17.12.1.zipBug fix - Archive extraction2017-12-1780DC1701AAB7B471EF58E6E3A1CC5D82
1.0.9whitesource-artifactory-plugin-1.0.9.zip

Add support for 'before download' method from a local repository according to a policy in WhiteSource

Resolved issues WSA-308

2017-10-080FFCEF0BC0777C06898A031E6F2679F6
1.0.8whitesource-artifactory-plugin-1.0.8.zip
  1. Add CVSS score
  2. Add before download method - prevent artifacts download from a remote repository according to a policy in WhiteSource

Resolved issues WSA-242, WSA-177.

2017-09-27E8643C70DEEF4C75EF45AC18B3F9EBF0
1.0.7whitesource-artifactory-plugin-1.0.7.zipAdd option for creating a project in WhiteSource for each repository2017-09-11D0C22C6E4D265BBF2FBC3A799848838
1.0.6whitesource-artifactory-plugin-1.0.6.zipAdd parameter for updating WhiteSource2017-08-0848D7AED7EB8D005F5F6F45E210EEC33B
1.0.5whitesource-artifactory-plugin-1.0.5.zipMinor bug fixes.2017-07-18F18B154FC8B0CEF0D96DD08848B3FFB7
1.0.4whitesource-artifactory-plugin-1.0.4.zipAdjust plugin version to agents-api & whitesource-fs-agent versions.2017-07-16675032D04CE06BDC28EC70FAEBA4D2AF
1.0.3whitesource-artifactory-plugin-1.0.3.zip

Enabliing update WSS scan Artifactory repositories.

2017-05-0737568D088633E3EF877C364A1F901221
1.0.2.2whitesource-artifactory-plugin-1.0.2.2.zipMinor Bug fixes2017-02-01C1A62DE5C257874E0C5DF82869DC2892
1.0.2.1whitesource-artifactory-plugin-1.0.2.1.zipMinor bug fixes2017-01-2914DFB6A85A821C01F962886FCC68A62F
1.0.2whitesource-artifactory-plugin-1.0.2.zipAdd proxy support.2017-01-24B7C4E651C1707B1B530BCE871BB7207C
1.0.1.2whitesource-artifactory-plugin-1.0.1.2.zip Split vulnerability link and severity into 2 lines.2016-07-17FA1BE663ED9A0526237ED1B03D97ADCC
1.0.1.1whitesource-artifactory-plugin-1.0.1.1.zipBug fixes. rename properties file.2016-05-03272692C2CD8C04DA0BE3E9858248A717
1.0.1whitesource-artifactory-plugin-1.0.1.zipAdd setup.groovy file to automatically install dependencies.2016-04-27D2BA5AC9B45EEEA144BA324924BB1C85
1.0.0whitesource-artifactory-plugin-1.0.0.zipCheck Policies and Add additional data to the Artifact property tab.2016-04-07e2654abeb61162044495e49e6845eb2e

GitHub Repository

Installation

Artifactory Version <= 6.x

  1. Download the zip file and extract it
  2. Place the whitesource-artifactory-plugin.properties and whitesource-artifactory-plugin.groovy files under ${ARTIFACTORY_HOME}/etc/plugins
  3. Create a new 'lib' folder under  ${ARTIFACTORY_HOME}/etc/plugins
  4. Place the following jars in the lib folder:
    wss-agent-report-<version>.jar
    wss-agent-api-client-<version>.jar
    wss-agent-api-<version>.jar
    wss-unified-agent-utils-<version>.jar or wss-unified-agent-<version>.jar (depending on the plugin version you download) 
  5. Update whitesource-artifactory-plugin.properties file with the appropriate parameters (see example and full reference).
  6. Schedule the cron job in the whitesource-artifactory-plugin.groovy file, under the jobs section (see example).
  7. Restart Artifactory.

Artifactory Version >= 7.x

  1. Download the zip file and extract it
  2. Place the whitesource-artifactory-plugin.properties and whitesource-artifactory-plugin.groovy files under ${ARTIFACTORY_HOME}/var/etc/artifactory/plugins
  3. Create a new 'lib' folder under  ${ARTIFACTORY_HOME}/var/etc/artifactory/plugins
  4. Place the following jars in the lib folder:
    wss-agent-report-<version>.jar
    wss-agent-api-client-<version>.jar
    wss-agent-api-<version>.jar
    wss-unified-agent-utils-<version>.jar
  5. Update whitesource-artifactory-plugin.properties file with the appropriate parameters (see example and full reference).
  6. Schedule the cron job in the whitesource-artifactory-plugin.groovy file, under the jobs section (see example).
  7. Restart Artifactory.

Configuration

General Parameters

AttributeTypeDescriptionRequiredAdditional Information

wssUrl

String

URL for sending the request.

Use the 'WhiteSource Server URL' which can be retrieved from your 'Profile' page on the 'Server URLs' panel. Then, add the '/agent' path to it. For example: "https://saas.whitesourcesoftware.com/agent".

No, defaults to https://saas.whitesourcesoftware.com/agent
apiKey
StringUnique identifier of the organization, can be retrieved from the admin page in your WhiteSource account.Yes
userKeyStringUnique identifier of user, can be generate from the profile page in your WhiteSource account.Required if WhiteSource administrator has enabled "Enforce user level access" optionSupported since version 18.5.1
productNameString

Represents Artifactory instance and product in WhiteSource.

Comment this field to map repository to product in WhiteSource (project will represent repository as well)

No

checkPolicies

BooleanWhether or not to send the check policies request to WhiteSource.No

forceCheckAllDependencies



Boolean

Used only if 'checkPolicies' is set to true.

Setting 'forceCheckAllDependencies' to true will force check all policies for all dependencies introduced to the WhiteSource projects.

Setting 'forceCheckAllDependencies' to false or not using it at all will check only the new dependencies introduced to the WhiteSource projects.

NoSupported since version 1.0.3

updateWss

BooleanWhether or not send update to WhiteSourceYesSupported since version 1.0.6

forceUpdate

BooleanWhether or not update organization inventory regardless of policy violations.No, the default value is false.Supported Supported since version 1.0.3

repoKeys

Array

The list of the repositories to scan.

Yes

useProxy

booleanWhether or not use proxy settingsYes

proxyHost

StringProxy host url.No

proxyPort

IntegerProxy port.No 

proxyUser

StringProxy User name if exist.No 

proxyPass

StringProxy password if exist.No 

archiveIncludes

StringComma separated list specifying the type of files that will be extractedNo. The default list inclues the following: jar, war, ear, egg, zip, whl, sca, sda, gem, tar.gz, tar, tgz, tar.bz2, rpm, rar.Supported since version 1.0.3
archiveExtractionDepthStringDrill down hierarchy level in archive files.
Max value is 7.
No, default is 2Supported since version 19.4.2

includesRepositoryContent

StringComma separated list. Specifying which files to include in the scan once the archive was extracted according to the parameters in
archiveIncludes
NoRequired since version 1.0.3
triggerBeforeDownloadBooleanWhether or not to trigger the 'beforeDownload' methodNo, the default value is true.Supported since version 18.10.3
triggerAfterCreateBooleanWhether or not trigger 'afterCreate' methodNo, the default value is true.Supported since version 18.10.3

Examples

Cron Scheduling Example:

Open the whitesource-artifactory-plugin.groovy file in a txt editor and go to the jobs section.

Find row similar to this:  updateRepoWithWhiteSource(cron: "* * * * * ?")  and schedule the job to a specific running time.

Cron parameters (from left to right) :

1 - seconds, 2 - Minutes, 3 - Hours, 4 - Day-of-Month, 5 - Month, 6 - Day-of-Week, 7 - Year (optional field).

Examples:

"0 42 10 * * ?" - Build a trigger that will fire daily at 10:42 am.

"0 0/2 8-17 * * ?" - Build a trigger that will fire every other minute, between 8am and 5pm, every day. 

Plugin Logs

The default log level for the plugin is "warn". To change the plugin log level, add the following to ${ARTIFACTORY_HOME}/etc/logback.xml:

Artifactory Update Inventory Plugin - (Deprecated)

VersionFileFeaturesRelease DateMD5Additional Information
1.0.0whitesource-artifactory-UpdateInventory-plugin-1.0.0.zipUpdate WhiteSource inventory with repositories data.2017-02-20E26480E230E3BF7605EECB21690C6A54