Configuring the Unified Agent for iOS Projects (CocoaPods)

The following article will include best practices and configuration recommendations for using the Unified Agent to scan iOS projects. Typically, iOS projects are written in Swift and Objective-C. WhiteSource supports CocoaPods as a package manager for managing Swift and Objective-C.

Best Practices

Before scanning an iOS project, ensure the following for the most accurate results:

  1. You are using CocoaPods to manage your Swift and Objective-C dependencies.

  2. The project can be built successfully on the machine where you are running the scan.

  3. You have set the ‘includes’ parameter to include the file extensions of all source files included in your project. Generally we recommend uncommenting the following line of the wss-unified-agent.config file: #includes=**/.m **/.mm **/.js **/.php

  4. You are scanning a Podfile and have a Podspec file for each library included in your project that is managed via CocoaPods.

Configuring UA Parameters

The following parameter should always be set to ‘true’:


If all of your dependencies are managed via CocoaPods, set the following to ‘false’, otherwise set it to ‘true’ if you are including loose source files in your project:


If you have already installed all of the dependencies on your machine and have a Podfile.lock file, you can set the following parameter to ‘false’, otherwise set it to ‘true’.


When set to ‘true’ this parameters configures the Unified Agent scan to run ‘pod install' against the provided Podfile and podspec files, which causes the dependency manager to download all dependencies into the 'Pods’ folder and creates a Podfile.lock file:

Additional Resources:

You can find more information about scanning CocoaPods projects in the following document:

Unified Agent - documentation on how to use the Unified Agent