For all examples below, ensure that the branches defined within the .yml file are same as the branch where the file is going to be committed
YAML files beginning with "github"
- Add the yml file to a subfolder named workflows underneath the .github folder in the branch you would like to scan and adjust branch triggers (on:) within the yml file.
.github/workflows/github-action.yml
- Add a repository secret named "APIKEY" to the repository with your WhiteSource API Key from the Integrate page and "USERKEY" from your profile page
YAML files containing "azure-pipelines"
- Ensure the default branch is the same as the .yml file or replace branch name in trigger.
- Create a new pipeline by selecting Pipelines>Create Pipeline>Azure Repos Git> your imported repository, then select starter pipeline and replace contents with the .yml file
- Add a pipeline variable named "apikey" with your WhiteSource API Key from the integrate page & "userkey" from your profile page
The default for many of these yml files is enabled to scan on every push & pull request to a release branch. It is recommended to run prioritize on pull requests to a protected branch. An example of this config for GitHub actions can be seen below
on:
pull_request:
branches: [ release* ]
- Publish the whitesource logs by adding the following commands depending on each pipeline
- publish: $(System.DefaultWorkingDirectory)/whitesource
artifact: Whitesource-Logs
- name: 'Upload Artifact'
uses: actions/upload-artifact@v2
with:
name: Whitesource-Logs
path: whitesource
retention-days: 1
-
Add -viaDebug true at the end of the unified agent command
-
Add the following section after the java -jar unified agent call to upload all logs as artifacts that can be downloaded for viewing.
-
Important items
- App.json file will have the elementid & method that should be tracked down
- log should tell you if java or jdeps is a problem
- %TEMP% in Windows instead of /tmp/
cp -r whitesource Whitesource-Logs
cp -r /tmp/whitesource* Whitesource-Logs
# uncomment for multimodule analyzer projects
# cp -r /tmp/MultiModuleAnalyzer* Whitesource-Logs