Versions Compared

Old Version 24

changes.mady.by.user Bartosz Walter

Saved on

compared with

New Version 25

changes.mady.by.user Marcin Wolski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Firstmost, it is necessary to get acquainted with Unified Agent (UA).

Unified Agent (UA) - Overview

The Unified Agent is a Java command-line tool that scans directories' open source components for vulnerable libraries and license complications, and displays the results in the WhiteSource web application. The Unified Agent works the following way: directories are scanned to identify the open-source components, whereupon the Unified Agent checks each new component against organizational policies (note that no source code is scanned - only descriptive information is sent to WhiteSource).

At the end of the Unified Agent's scan, it aggregates the information and uploads it to the WhiteSource web application, where it is presented in an Organization/Product/Project hierarchy, enabling the user to view and analyze the scan results. Additionally, an informative report of the results is generated in HTML and JSON formats, located in the 'whitesource' folder. This folder is created in the directory where the Unified Agent ran.

Prerequisites

Java JDK/JRE installation is required in order to run the Unified Agent. The following versions of Java are supported:

...

Additionally, depending on what you are scanning, ensure that the relevant build tools, package managers, etc. are installed. An overview of project types and corresponding project managers is given here.

Installation

  1. Download the Unified Agent .jar file from here.
  2. Download the default configuration file from here and place it in the same directory as the Unified Agent jar file. 

Configuring the Unified Agent

Enter the following parameters in the configuration file:

...

In the section Package Manager Dependency resolvers, there are all dependencies that UA can scan (#resolveDependencies=false); they all are comments, so all will be scanned by UA. In GÉANT there are many different projects with many technologies and languages, so it would be safer to scan all dependencies.

Running the Unified Agent from the Command Line (Scanning Procedure)

To run the Unified Agent from the command line, execute the following command on the machine where your codebase is located:

...