Skip to end of metadata
Go to start of metadata

General Information

This plugin integrates Artifactory Artifacts with WhiteSource.

The Artifactory plugin adds additional information to the Artifactory artifacts and updates WhiteSource.  

Once invoked, all the artifacts on your Artifactory will be uploaded to your WhiteSource inventory.

  • Artifactory instance is mapped to WhiteSource product. 
  • Artifactory repositories will be mapped to WhiteSource projects.
  • WhiteSource organization will be updated regardless of policy violation.
  • Policies will be enforced and policy details will be added to the artifacts property tab, WSS-Acrion (Approve/Reject) and WSS-Policy-Details.
  • Additional data for each artifact will be added to the property tab: WSS-Licenses, WSS-Description, WSS-Homepage and WSS-Vulnerabilities.

The plugin is licensed under the Apache 2.0 license.

 

Note: The plugin updates Artifactory repositories with no more than 10000 artifacts.

WhiteSource inventory will be updated only when using cron based job.

The plugin updates WhiteSource with repositories with no more than 2000 artifacts.

How It Works

The Artifactory plugin works in two modes:

  1. Cron based job - when invoked, repositories artifacts will be checked in WhiteSource and additional data will be added to the property tab of each artifact.
  2. Adding new Artifact - when uploaded, new artifact will be checked in WhiteSource. Policies will be checked and additional data will be added to the property tab of the artifact.

Installation

Download

Download the latest version.

VersionFileFeaturesRelease DateMD5
1.0.5whitesource-artifactory-plugin-1.0.5.zipMinor bug fixes.2017-07-18F18B154FC8B0CEF0D96DD08848B3FFB7
1.0.4whitesource-artifactory-plugin-1.0.4.zipAdjust plugin version to agents-api & whitesource-fs-agent versions.2017-07-16675032D04CE06BDC28EC70FAEBA4D2AF
1.0.3whitesource-artifactory-plugin-1.0.3.zip

Enabliing update WSS scan Artifactory repositories.

2017-05-0737568D088633E3EF877C364A1F901221
1.0.2.2whitesource-artifactory-plugin-1.0.2.2.zipMinor Bug fixes2017-02-01C1A62DE5C257874E0C5DF82869DC2892
1.0.2.1whitesource-artifactory-plugin-1.0.2.1.zipMinor bug fixes2017-01-2914DFB6A85A821C01F962886FCC68A62F
1.0.2whitesource-artifactory-plugin-1.0.2.zipAdd proxy support.2017-01-24B7C4E651C1707B1B530BCE871BB7207C
1.0.1.2whitesource-artifactory-plugin-1.0.1.2.zip Split vulnerability link and severity into 2 lines.2016-07-17FA1BE663ED9A0526237ED1B03D97ADCC
1.0.1.1whitesource-artifactory-plugin-1.0.1.1.zipBug fixes. rename properties file.2016-05-03272692C2CD8C04DA0BE3E9858248A717
1.0.1whitesource-artifactory-plugin-1.0.1.zipAdd setup.groovy file to automatically install dependencies.2016-04-27D2BA5AC9B45EEEA144BA324924BB1C85
1.0.0whitesource-artifactory-plugin-1.0.0.zipCheck Policies and Add additional data to the Artifact property tab.2016-04-07e2654abeb61162044495e49e6845eb2e

GitHub Repository

Installation

  1. Download the zip file.
  2. Extract the zip file. 
  3. Put the whitesource-artifactory-plugin.properties and whitesource-artifactory-plugin.groovy files under ${ARTIFACTORY_HOME}/etc/plugins
  4. Create 'lib' folder under  ${ARTIFACTORY_HOME}/etc/plugins/lib 
  5. Download the following jars and put them in the lib folder:
    wss-agent-report-2.3.7.jar,
    wss-agent-api-client-2.3.7.jar,
    wss-agent-api-2.3.5.jar,
    whitesource-fs-agent-1.8.0.jar
  6. Update whitesource-artifactory-plugin.properties file with relevant parameters.
  7. Schedule the cron job in whitesource-artifactory-plugin.groovy file.
  8. Restart Artifactory.

Cron Scheduling Example:

Open the whitesource-artifactory-plugin.groovy file in a txt editor and go to the "jobs" section.

Find row similar to this:  updateRepoWithWhiteSource(cron"* * * * * ?")  and schedule the job to a specific running time.

Cron parameters (from left to right) :

1 - seconds, 2 - Minutes, 3 - Hours, 4 - Day-of-Month, 5 - Month, 6 - Day-of-Week, 7 - Year (optional field).

Examples:

"0 42 10 * * ?" - Build a trigger that will fire daily at 10:42 am.

"0 0/2 8-17 * * ?" - Build a trigger that will fire every other minute, between 8am and 5pm, every day. 

Properties file example:

Properties File

Configuration

General Parameters

AttributeTypeDescriptionRequiredAdditional Information
apiKey
StringUnique identifier of the organization, can be retrieved from the admin page in your WhiteSource account.Yes 
checkPolicies
booleanWhether or not to send the check policies request to WhiteSource.No 
repoKeys
Array

The list of the repositories to scan.

Yes 
wssUrl
StringURL to send the request to.No, defaults to https://saas.whitesourcesoftware.com/agent 
useProxy
booleanWhether or not use proxy settingsYes 
proxyHost
StringProxy host url.No 
proxyPort
StringProxy port.No  
proxyUser
StringProxy User name if exist.No  
proxyPass
StringProxy password if exist.No  
forceUpdate
booleanWhether or not update organization inventory regardless of policy violations.No, the default value is false.Supported since version 1.0.3
forceCheckAllDependencies
boolean

used only if 'checkPolicies' is set to true.

Setting 'forceCheckAllDependencies' to true will force check all policies for all dependencies introduced to the WhiteSource projects.

Setting 'forceCheckAllDependencies' to false or not using it at all will check only the new dependencies introduced to the WhiteSource projects.

NoSupported since version 1.0.3
archiveIncludes
StringComma separated list specifying the type of files that will be extractedNo. The default list inclues the following: jar, war, ear, egg, zip, whl, sca, sda, gem, tar.gz, tar, tgz, tar.bz2, rpm, rar.Supported since version 1.0.3
includesRepositoryContent
StringComma separated list. Specifying which files to include in the scan once the archive was extracted according to the paramters in
archiveIncludes
NoRequired since version 1.0.3
productName
StringRepresents Artifactory instance and product in WhiteSource.Yes 


The default log level for the plugin is "warn". To change the plugin log level, add the following to ${ARTIFACTORY_HOME}/etc/logback.xml:

Plugin logs

 

Artifactory Update Inventory Plugin - (Deprecated)

VersionFileFeaturesRelease DateMD5Additional Information
1.0.0whitesource-artifactory-UpdateInventory-plugin-1.0.0.zipUpdate WhiteSource inventory with repositories data.2017-02-20E26480E230E3BF7605EECB21690C6A54
Depracated

Deprecated since version 1.0.3 (2017-05-07)

Labels
  • None