...
This document describes the product scanning scenario. It is not expected that endusers would be required to set up their project in WhiteSource Mend themselves. The work described here is part of GEANT WhiteSource Mend setup-assistance service. This information is published to provide a deeper understanding of the workflows and functioning of WhiteSource Mend and capture its key elements.
...
The Unified Agent is a Java command-line tool that scans directories' open source components for vulnerable libraries and license complications, and displays the results in the WhiteSource Mend web application. The Unified Agent works the following way: directories are scanned to identify the open-source components, whereupon the Unified Agent checks each new component against organizational policies (note that no source code is scanned - only descriptive information is sent to WhiteSourceMend).
At the end of the Unified Agent's scan, it aggregates the information and uploads it to the WhiteSource Mend web application, where it is presented in an Organization/Product/Project hierarchy, enabling the user to view and analyze the scan results. Additionally, an informative report of the results is generated in HTML and JSON formats, located in the 'whitesourceMend' folder. This folder is created in the directory where the Unified Agent ran.
...
- apiKey - unique identifier of the organization. It can be retrieved from the 'Integrate' page in your WhiteSource Mend account
- userKey - unique identifier of the user, and it is optional. It can be generated from the 'Profile' page in your WhiteSource Mend account. With the user key WhiteSourceMend recognize who runs the scan.
- wss.url - enable the relevant URL according to your organization's WS Server URL from your Profile page on the Server URLs panel (additionally, it can be found in the Integrate tab). Then, add the agent path. in the config file. There are three versions of
wss.url:#wss.url=https://saas.whitesourcesoftwareMendsoftware.com/agent#wss.url=https://app.whitesourcesoftwareMendsoftware.com/agentwss.url=https://app-eu.whitesourcesoftwareMendsoftware.com/agent (our WhiteSourceMend run under this url)
- productToken - identifies the product to be scan. First, you need to create a new product.
To create a new product do the following:From the menu bar, select Products > New Product. The Create New Product screen is displayed.
Enter the product name, and click Create.
ProductToken can be retrieved from the 'Integrate' page in your WhiteSourceMend account. In the product, we can define several projects.
- projectToken -ProjetToken can be retrieved from the 'Integrate' page in your WhiteSource Mend account. To add a new project:
Click Add Project.
Enter the project name, and click Create.
After running the scan, the output goes to the project.
Best practices - WhiteSource Mend recommends placing the project and product names in the configuration file (versions are optional). This is preferable for the first-time setup as it automatically creates a new project and product in WhiteSourceMend. If names or versions change rapidly, then use the projectToken and productToken of the existing WhiteSource Mend counterparts.
In section Polices:
...