WhiteSource Scanner¶

What is Whitesource¶

It’s the only all-­in-one security, compliance, and reporting solution for managing open source components, and the only one that operates in real-­time, by automatically and continuously scanning dozens of open source repositories, and cross-­referencing this data directly against the open source components in your build.
So, our goal is to have all Fyber repositories to be scanned every week to keep updated.

How to use¶

Scanner Job is used to be triggered by Trigger Job.
So, list and configuration of Repos to be scanned listed at job Jenkinsfile :

[
      ProductName  : "Inneractive" , 
      ProjectName  : "bln-k8s-common-helm", 
      ProjectUrl   : "bitbucket.org:inneractive-ondemand/bln-k8s-common-helm.git",
      Credentials  : "bitbucket_jenkins_deploy_key",
      ProjectBranch: "master",
      SlackChannel : "#whitesource-reports",
      ProjectType  : "default"
  ],

ProjectType field indicates which exactly worker image and configuration file to use. It expects that Docker image is created and pushed to 67648288756.dkr.ecr.us-east-2.amazonaws.com/whitesource with $ProjectType tag and configuration file is stored here with "$ProjectType.config" name.
To add an another project to scope of scanning you need to add a section with mentioned parameters. If your project type (basic used programming language) is not there

Reports¶

Reports will be saved in structured way to s3://whitesource-report/${productName}/${projectName}/ with timestamp to keep all results.