Skip to end of metadata
Go to start of metadata

General Information

This plugin integrates Artifactory Artifacts with WhiteSource.

The Artifactory plugin adds additional information to the Artifactory artifacts and updates WhiteSource.  

Once invoked, all the artifacts on your Artifactory will be uploaded to your WhiteSource inventory.

  • Artifactory instance is mapped to WhiteSource product. 
  • Artifactory repositories will be mapped to WhiteSource projects.
  • WhiteSource organization will be updated regardless of policy violation.
  • Policies will be enforced and policy details will be added to the artifacts property tab, WSS-Acrion (Approve/Reject) and WSS-Policy-Details.
  • Additional data for each artifact will be added to the property tab: WSS-Licenses, WSS-Description, WSS-Homepage and WSS-Vulnerabilities.

The plugin is licensed under the Apache 2.0 license.


Note: The plugin updates Artifactory repositories with no more than 10000 artifacts.

WhiteSource inventory will be updated only when using cron based job.

The plugin updates WhiteSource with repositories with no more than 2000 artifacts.

How It Works

The Artifactory plugin works in two modes:

  1. Cron based job - when invoked, repositories artifacts will be checked in WhiteSource and additional data will be added to the property tab of each artifact.
  2. Adding new Artifact - when uploaded, new artifact will be checked in WhiteSource. Policies will be checked and additional data will be added to the property tab of the artifact.



Download the latest version.

VersionFileFeaturesRelease DateMD5
1.0.5whitesource-artifactory-plugin-1.0.5.zipMinor bug fixes.2017-07-18F18B154FC8B0CEF0D96DD08848B3FFB7
1.0.4whitesource-artifactory-plugin-1.0.4.zipAdjust plugin version to agents-api & whitesource-fs-agent versions.2017-07-16675032D04CE06BDC28EC70FAEBA4D2AF

Enabliing update WSS scan Artifactory repositories.

2017-05-0737568D088633E3EF877C364A1F901221 Bug fixes2017-02-01C1A62DE5C257874E0C5DF82869DC2892 bug fixes2017-01-2914DFB6A85A821C01F962886FCC68A62F
1.0.2whitesource-artifactory-plugin-1.0.2.zipAdd proxy support.2017-01-24B7C4E651C1707B1B530BCE871BB7207C Split vulnerability link and severity into 2 lines.2016-07-17FA1BE663ED9A0526237ED1B03D97ADCC fixes. rename properties file.2016-05-03272692C2CD8C04DA0BE3E9858248A717
1.0.1whitesource-artifactory-plugin-1.0.1.zipAdd setup.groovy file to automatically install dependencies.2016-04-27D2BA5AC9B45EEEA144BA324924BB1C85
1.0.0whitesource-artifactory-plugin-1.0.0.zipCheck Policies and Add additional data to the Artifact property tab.2016-04-07e2654abeb61162044495e49e6845eb2e

GitHub Repository


  1. Download the zip file.
  2. Extract the zip file. 
  3. Put the and whitesource-artifactory-plugin.groovy files under ${ARTIFACTORY_HOME}/etc/plugins
  4. Create 'lib' folder under  ${ARTIFACTORY_HOME}/etc/plugins/lib 
  5. Download the following jars and put them in the lib folder:
  6. Update file with relevant parameters.
  7. Schedule the cron job in whitesource-artifactory-plugin.groovy file.
  8. Restart Artifactory.

Cron Scheduling Example:

Open the whitesource-artifactory-plugin.groovy file in a txt editor and go to the "jobs" section.

Find row similar to this:  updateRepoWithWhiteSource(cron"* * * * * ?")  and schedule the job to a specific running time.

Cron parameters (from left to right) :

1 - seconds, 2 - Minutes, 3 - Hours, 4 - Day-of-Month, 5 - Month, 6 - Day-of-Week, 7 - Year (optional field).


"0 42 10 * * ?" - Build a trigger that will fire daily at 10:42 am.

"0 0/2 8-17 * * ?" - Build a trigger that will fire every other minute, between 8am and 5pm, every day. 

Properties file example:

Properties File


General Parameters

AttributeTypeDescriptionRequiredAdditional Information
StringUnique identifier of the organization, can be retrieved from the admin page in your WhiteSource account.Yes 
booleanWhether or not to send the check policies request to WhiteSource.No 

The list of the repositories to scan.

StringURL to send the request to.No, defaults to 
booleanWhether or not use proxy settingsYes 
StringProxy host url.No 
StringProxy port.No  
StringProxy User name if exist.No  
StringProxy password if exist.No  
booleanWhether or not update organization inventory regardless of policy violations.No, the default value is false.Supported since version 1.0.3

used only if 'checkPolicies' is set to true.

Setting 'forceCheckAllDependencies' to true will force check all policies for all dependencies introduced to the WhiteSource projects.

Setting 'forceCheckAllDependencies' to false or not using it at all will check only the new dependencies introduced to the WhiteSource projects.

NoSupported since version 1.0.3
StringComma separated list specifying the type of files that will be extractedNo. The default list inclues the following: jar, war, ear, egg, zip, whl, sca, sda, gem, tar.gz, tar, tgz, tar.bz2, rpm, rar.Supported since version 1.0.3
StringComma separated list. Specifying which files to include in the scan once the archive was extracted according to the paramters in
NoRequired since version 1.0.3
StringRepresents Artifactory instance and product in WhiteSource.Yes 

The default log level for the plugin is "warn". To change the plugin log level, add the following to ${ARTIFACTORY_HOME}/etc/logback.xml:

Plugin logs


Artifactory Update Inventory Plugin - (Deprecated)

VersionFileFeaturesRelease DateMD5Additional Information
1.0.0whitesource-artifactory-UpdateInventory-plugin-1.0.0.zipUpdate WhiteSource inventory with repositories data.2017-02-20E26480E230E3BF7605EECB21690C6A54

Deprecated since version 1.0.3 (2017-05-07)

  • None