IMPORTANT: The Jenkins plugin will reach its End Of Life starting August 1, 2022.
After this date, WhiteSource will no longer provide standard support, including updates and fixes, for the deprecated plugin. Extended Support, which is limited to configuration and Support troubleshooting, will continue until February 1, 2023. Following this date, the Jenkins plugin will no longer be supported by WhiteSource. Please make sure to migrate to the Unified Agent before the end of standard support on August 1, 2022 to maintain full support of your product.
The plugin integrates automatic open source management with Jenkins.
Once set up, all usage of open-source software in the organization will be continuously and automatically synchronized with WhiteSource:
New projects will be created
Existing projects will be updated
Policies will be enforced on every action, failing the build if necessary.
Supported since version 1.7. For previous versions of Jenkins plugin click here.
The plugin currently supports maven, freestyle jobs and maven pipeline jobs.
The plugin is licensed under the Apache 2.0 license. Source code and issues are hosted on github.
Before you begin, note the following:
The native Jenkins plugin does not support NPM resolution through package.json.
The Jenkins plugin documentation contains documentation for General or Maven jobs only.
The Jenkins plugin is useful for Maven projects or for source file scanning.
How it Works
Once the build is finished, the plugin will determine which open source is currently used by your project and send it to WhiteSource.
No source code is scanned. Only descriptive information is sent to WhiteSource.
WhiteSource uses the collected information to create new projects or update existing ones.
Policy Check Flow
The plugin checks each new library against the organizational policies. If a library is automatically rejected by a policy then the build fails. Otherwise, your account is updated.
An informative report of the results is generated, regardless of the outcome.
Go to Manage Jenkins > Manage Plugins > Available.
Search for WhiteSource, select the checkbox, and click Install.
Using The Plugin
Start by configuring the global settings. These settings will apply across all jobs on this Jenkins master. Then setup the jobs which should interact with WhiteSource.
Global WhiteSource Configuration
Once the plugin is installed, go to Manage Jenkins > Configure System.
Go to the WhiteSource section.
Selecting the Fail on error checkbox instructs to fail the build on a general error (e.g., network error) or a policy violation. Clearing this checkbox indicates that the plugin fails the build only for policy violations.
Connection timeout is measured in minutes. Default value is 60 minutes.
A unique identifier of the organization. You can receive an API token in the administration section of your WhiteSource account.