whitesourceExecuteScan¶
Execute a Mend (formerly known as WhiteSource) scan
Description¶
With this step Mend (formerly known as Whitesource) security and license compliance scans can be executed and assessed. Mend is a Software as a Service offering based on a so called unified agent that locally determines the dependency tree of a node.js, Java, Python, Ruby, or Scala based solution and sends it to the WhiteSource server for a policy based license compliance check and additional Free and Open Source Software Publicly Known Vulnerabilities detection.
The step uses the so-called Mend Unified Agent. For details please refer to the Mend Unified Agent Documentation.
Docker Images
The underlying Docker images are public and specific to the solution's programming language(s) and therefore may have to be exchanged to fit to and support the relevant scenario. The default Python environment used is i.e. Python 3 based.
Usage¶
We recommend to define values of step parameters via .pipeline/config.yml file.
In this case, calling the step is essentially reduced to defining the step name.
Calling the step can be done either in an orchestrator specific way (e.g. via a Jenkins library step) or on the command line.
library('piper-lib-os')
whitesourceExecuteScan script: this
piper whitesourceExecuteScan
Outputs¶
Output type | Details |
---|---|
commonPipelineEnvironment |
|
influx | measurement step_data
whitesource_data |
Prerequisites¶
Your company has registered an account with WhiteSource and you have enabled the use of so called User Keys
to manage
access to your organization in WhiteSource via dedicated privileges. Scanning your products without adequate user level
access protection imposed on the WhiteSource backend would simply allow access based on the organization token.
Parameters¶
Overview - Step¶
Overview - Execution Environment¶
Orchestrator-specific only
These parameters are relevant for orchestrator usage and not considered when using the command line option.
Name | Mandatory | Additional information |
---|---|---|
containerCommand | no | |
containerShell | no | |
dockerEnvVars | no | |
dockerImage | no | |
dockerName | no | |
dockerOptions | no | |
dockerPullImage | no | |
dockerVolumeBind | no | |
dockerWorkspace | no | |
stashContent | no |
Details¶
SkipProjectsWithEmptyTokens¶
Skips projects with empty tokens after scanning. This is for testing purposes only and should not be used until we roll out the new parameter
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
activateMultipleImagesScan¶
Use this parameter to activate the scan of multiple images. Additionally you'll need to provide skipParentProjectResolution and scanImages parameters
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
agentDownloadUrl¶
URL used to download the latest version of the WhiteSource Unified Agent.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar |
Secret | no |
Configuration scope |
|
Resource references | none |
agentFileName¶
Locally used name for the Unified Agent jar file after download.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | wss-unified-agent.jar |
Secret | no |
Configuration scope |
|
Resource references | none |
agentParameters¶
[NOT IMPLEMENTED] List of additional parameters passed to the Unified Agent command line.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | $PIPER_agentParameters (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
agentUrl¶
URL to the WhiteSource agent endpoint.
Scope | Details |
---|---|
Aliases | whitesourceAgentUrl |
Type | string |
Mandatory | no |
Default | https://saas.whitesourcesoftware.com/agent |
Secret | no |
Configuration scope |
|
Resource references | none |
aggregateVersionWideReport¶
This does not run a scan, instead just generated a report for all projects with projectVersion = config.ProductVersion
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
assessmentFile¶
Explicit path to the assessment YAML file.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | hs-assessments.yaml |
Secret | no |
Configuration scope |
|
Resource references | none |
assignees¶
Defines the assignees for the Github Issue created/updated with the results of the scan as a list of login names.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
buildDescriptorExcludeList¶
List of build descriptors and therefore modules to exclude from the scan and assessment activities.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | - unit-tests/pom.xml - integration-tests/pom.xml |
Secret | no |
Configuration scope |
|
Resource references | none |
buildDescriptorFile¶
Explicit path to the build descriptor file.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_buildDescriptorFile (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
buildTool¶
Defines the tool which is used for building the artifact.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | yes |
Default | $PIPER_buildTool (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: buildTool |
configFilePath¶
Explicit path to the WhiteSource Unified Agent configuration file.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | ./wss-unified-agent.config |
Secret | no |
Configuration scope |
|
Resource references | none |
containerCommand¶
Jenkins-specific: Used for proper environment setup.
Kubernetes only: Allows to specify start command for container created with dockerImage parameter to overwrite Piper default (/usr/bin/tail -f /dev/null).
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
containerRegistryPassword¶
For buildTool: docker
: Password for container registry access - typically provided by the CI/CD environment.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_containerRegistryPassword (if set) |
Secret | yes |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/repositoryPassword commonPipelineEnvironment: reference to: custom/repositoryPassword |
containerRegistryUser¶
For buildTool: docker
: Username for container registry access - typically provided by the CI/CD environment.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_containerRegistryUser (if set) |
Secret | yes |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/repositoryUsername commonPipelineEnvironment: reference to: custom/repositoryUsername |
containerShell¶
Jenkins-specific: Used for proper environment setup.
Allows to specify the shell to be executed for container with containerName.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
createProductFromPipeline¶
Whether to create the related WhiteSource product on the fly based on the supplied pipeline configuration.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | true |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
createResultIssue¶
Whether the step creates a GitHub issue containing the scan results in the originating repo. Since optimized pipelines are headless the creation is implicitly activated for scheduled runs.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: custom/isOptimizedAndScheduled |
customScanVersion¶
Defines a custom version for the WhiteSource scan which deviates from the typical versioning pattern using version
and versioningModel
.
It allows to set non-numeric versions as well and supersedes the value of version
which is calculated automatically.
The parameter is also used by other scan steps (e.g. Detect, Fortify, Sonar) and thus allows a common custom version across scan tools.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_customScanVersion (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
customTlsCertificateLinks¶
List of download links to custom TLS certificates. This is required to ensure trusted connections to instances with repositories (like nexus) when publish flag is set to true.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | $PIPER_customTlsCertificateLinks (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
cvssSeverityLimit¶
Limit of tolerable CVSS v3 score upon assessment and in consequence fails the build. A negative value (like the default of -1) means that the build won't fail.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | -1 |
Secret | no |
Configuration scope |
|
Resource references | none |
defaultNpmRegistry¶
URL of the npm registry to use. Defaults to https://registry.npmjs.org/
Scope | Details |
---|---|
Aliases | npm/defaultNpmRegistry |
Type | string |
Mandatory | no |
Default | $PIPER_defaultNpmRegistry (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
disableNpmSubmodulesAggregation¶
The default Mend behavior is to aggregate all submodules of NPM project into one project in Mend. This parameter disables this behavior, thus for each submodule a separate project is created.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerConfigJSON¶
Path to the file .docker/config.json
- this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the Docker documentation.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_dockerConfigJSON (if set) |
Secret | yes |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: custom/dockerConfigJSON Jenkins credential id: id: dockerConfigJsonCredentialsId Vault resource: name: dockerConfigFileVaultSecretName default value: docker-config Vault paths:
|
dockerEnvVars¶
Jenkins-specific: Used for proper environment setup.
Environment variables to set in the container, e.g. [http_proxy: "proxy:8080"].
Scope | Details |
---|---|
Aliases | - |
Type | map[string]string |
Mandatory | no |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerImage¶
Jenkins-specific: Used for proper environment setup.
Name of the docker image that should be used. If empty, Docker is not used and the command is executed directly on the Jenkins system.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | buildTool=dub : buildpack-deps:stretch-curl buildTool= docker : buildpack-deps:stretch-curl buildTool= mta : devxci/mbtci-java11-node14 buildTool= golang : golang:1 buildTool= gradle : gradle buildTool= sbt : hseeberger/scala-sbt:8u181_2.12.8_1.2.8 buildTool= maven : maven:3.5-jdk-8 buildTool= npm : node:lts-buster buildTool= pip : python:3.6-stretch buildTool= yarn : node:lts-buster |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerName¶
Jenkins-specific: Used for proper environment setup.
Kubernetes only: Name of the container launching dockerImage. SideCar only: Name of the container in local network.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerOptions¶
Jenkins-specific: Used for proper environment setup.
Docker options to be set when starting the container.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | buildTool=golang : [{-u 0}] |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerPullImage¶
Jenkins-specific: Used for proper environment setup.
Set this to 'false' to bypass a docker image pull. Useful during development process. Allows testing of images which are available in the local registry only.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | buildTool=dub : true buildTool= docker : true buildTool= mta : true buildTool= golang : true buildTool= gradle : true buildTool= sbt : true buildTool= maven : true buildTool= npm : true buildTool= pip : true buildTool= yarn : true |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerVolumeBind¶
Jenkins-specific: Used for proper environment setup.
Volumes that should be mounted into the docker container.
Scope | Details |
---|---|
Aliases | - |
Type | map[string]string |
Mandatory | no |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerWorkspace¶
Jenkins-specific: Used for proper environment setup.
Kubernetes only: Specifies a dedicated user home directory for the container which will be passed as value for environment variable HOME
.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | buildTool=dub : /tmp buildTool= docker : /tmp buildTool= mta : /home/mta buildTool= golang : /go buildTool= gradle : /home/gradle buildTool= sbt : /tmp buildTool= maven : /tmp buildTool= npm : /home/node buildTool= pip : /tmp buildTool= yarn : /home/node |
Secret | no |
Configuration scope |
|
Resource references | none |
emailAddressesOfInitialProductAdmins¶
The list of email addresses to assign as product admins for newly created WhiteSource products.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | $PIPER_emailAddressesOfInitialProductAdmins (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
excludes¶
List of file path patterns to exclude in the scan.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | $PIPER_excludes (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
failOnSevereVulnerabilities¶
Whether to fail the step on severe vulnerabilties or not
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | true |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
githubApiUrl¶
Set the GitHub API URL.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | https://api.github.com |
Secret | no |
Configuration scope |
|
Resource references | none |
githubToken¶
GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
Scope | Details |
---|---|
Aliases | access_token |
Type | string |
Mandatory | no |
Default | $PIPER_githubToken (if set) |
Secret | yes |
Configuration scope |
|
Resource references | Jenkins credential id: id: githubTokenCredentialsId Vault resource: name: githubVaultSecretName default value: github Vault paths:
|
globalSettingsFile¶
Path to the mvn settings file that should be used as global settings file.
Scope | Details |
---|---|
Aliases | maven/globalSettingsFile |
Type | string |
Mandatory | no |
Default | $PIPER_globalSettingsFile (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
includes¶
List of file path patterns to include in the scan.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | $PIPER_includes (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
installArtifacts¶
If enabled, all artifacts will be installed to the local Maven repository to ensure availability before running WhiteSource. Currently, this parameter is not honored in whitesourceExecuteScan step, as it is internally managed by UA with the 'runPreStep'. In the future, this parameter will be honored based on the individual build tool.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
installCommand¶
Install command that can be used to populate the default docker image for some scenarios.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_installCommand (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
jreDownloadUrl¶
URL used for downloading the Java Runtime Environment (JRE) required to run the WhiteSource Unified Agent.
Scope | Details |
---|---|
Aliases | whitesource/jreDownloadUrl (deprecated) |
Type | string |
Mandatory | no |
Default | https://github.com/SAP/SapMachine/releases/download/sapmachine-17.0.13/sapmachine-jre-17.0.13_linux-x64_bin.tar.gz |
Secret | no |
Configuration scope |
|
Resource references | none |
licensingVulnerabilities¶
[NOT IMPLEMENTED] Whether license compliance is considered and reported as part of the assessment.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | true |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
m2Path¶
Path to the location of the local repository that should be used.
Scope | Details |
---|---|
Aliases | maven/m2Path |
Type | string |
Mandatory | no |
Default | $PIPER_m2Path (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
npmIncludeDevDependencies¶
Enable this if you wish to include NPM DEV dependencies in the scan report
Scope | Details |
---|---|
Aliases | npm/includeDevDependencies |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
orgToken¶
WhiteSource token identifying your organization.
Scope | Details |
---|---|
Aliases | - whitesourceOrgToken - whitesource/orgToken (deprecated) |
Type | string |
Mandatory | yes |
Default | $PIPER_orgToken (if set) |
Secret | yes |
Configuration scope |
|
Resource references | Jenkins credential id: id: orgAdminUserTokenCredentialsId Vault resource: name: whitesourceVaultSecret default value: whitesource Vault paths:
|
owner¶
Set the GitHub organization.
Scope | Details |
---|---|
Aliases | githubOrg |
Type | string |
Mandatory | no |
Default | $PIPER_owner (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: github/owner |
privateModules¶
Tells go which modules shall be considered to be private (by setting GOPRIVATE).
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_privateModules (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
privateModulesGitToken¶
GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_privateModulesGitToken (if set) |
Secret | yes |
Configuration scope |
|
Resource references | Jenkins credential id: id: golangPrivateModulesGitTokenCredentialsId reference to: password Vault resource: name: golangPrivateModulesGitTokenVaultSecret default value: golang Vault paths:
|
productName¶
Name of the WhiteSource product used for results aggregation. This parameter is mandatory if the parameter createProductFromPipeline
is set to true
and the WhiteSource product does not yet exist. It is also mandatory if the parameter productToken
is not provided.
Scope | Details |
---|---|
Aliases | - whitesourceProductName - whitesource/productName (deprecated) |
Type | string |
Mandatory | no |
Default | $PIPER_productName (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
productToken¶
Token of the WhiteSource product to be created and used for results aggregation, usually determined automatically. Can optionally be provided as an alternative to productName
.
Scope | Details |
---|---|
Aliases | - whitesourceProductToken - whitesource/productToken (deprecated) |
Type | string |
Mandatory | no |
Default | $PIPER_productToken (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
projectName¶
The project name used for reporting results in WhiteSource. When provided, all source modules will be scanned into one aggregated WhiteSource project. For scan types maven
, mta
, npm
, the default is to generate one WhiteSource project per module, whereas the project name is derived from the module's build descriptor. For NPM modules, project aggregation is not supported, the last scanned NPM module will override all previously aggregated scan results!
Scope | Details |
---|---|
Aliases | whitesourceProjectName |
Type | string |
Mandatory | no |
Default | $PIPER_projectName (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
projectSettingsFile¶
Path to the mvn settings file that should be used as project settings file.
Scope | Details |
---|---|
Aliases | maven/projectSettingsFile |
Type | string |
Mandatory | no |
Default | $PIPER_projectSettingsFile (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
projectToken¶
Project token to execute scan on. Ignored for scan types maven
, mta
and npm
. Used for project aggregation when scanning with the Unified Agent and can be provided as an alternative to projectName
.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_projectToken (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
reporting¶
Whether assessment is being done at all, defaults to true
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | true |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
repository¶
Set the GitHub repository.
Scope | Details |
---|---|
Aliases | githubRepo |
Type | string |
Mandatory | no |
Default | $PIPER_repository (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: github/repository |
scanImage¶
For buildTool: docker
: Defines the docker image which should be scanned.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_scanImage (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/imageNameTag |
scanImageRegistryUrl¶
For buildTool: docker
: Defines the registry where the scanImage is located.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_scanImageRegistryUrl (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/registryUrl |
scanImages¶
For buildTool: docker
: Allowing to scan multiple docker images. In case parent project will not contain any dependecies, use skipParentProjectResolution parameter
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | $PIPER_scanImages (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: container/imageNameTags |
scanPath¶
Directory where to start WhiteSource scan.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | . |
Secret | no |
Configuration scope |
|
Resource references | none |
script¶
Jenkins-specific: Used for proper environment setup.
The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this
parameter, as in script: this
. This allows the function to access the commonPipelineEnvironment
for retrieving, e.g. configuration parameters.
Scope | Details |
---|---|
Aliases | - |
Type | Jenkins Script |
Mandatory | yes |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
securityVulnerabilities¶
Whether security compliance is considered and reported as part of the assessment.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | true |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
serviceUrl¶
URL to the WhiteSource API endpoint.
Scope | Details |
---|---|
Aliases | - whitesourceServiceUrl - whitesource/serviceUrl (deprecated) |
Type | string |
Mandatory | no |
Default | https://saas.whitesourcesoftware.com/api |
Secret | no |
Configuration scope |
|
Resource references | none |
skipParentProjectResolution¶
Parameter for multi-module, multi-images projects to skip the parent project resolution for reporing purpose. Could be used if parent project is set as just a placeholder for scan and doesn't contain any dependencies.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
stashContent¶
Jenkins-specific: Used for proper environment setup.
Specific stashes that should be considered for the step execution.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | - buildDescriptor - opensourceConfiguration - checkmarx - checkmarxOne |
Secret | no |
Configuration scope |
|
Resource references | none |
timeout¶
Timeout in seconds until an HTTP call is forcefully terminated.
Scope | Details |
---|---|
Aliases | - |
Type | int |
Mandatory | no |
Default | 900 |
Secret | no |
Configuration scope |
|
Resource references | none |
useGlobalConfiguration¶
The parameter is applicable for multi-module mend projects. If set to true, the configuration file will be used for all modules. Otherwise each module will require its own configuration file in the module folder.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
userToken¶
User token to access WhiteSource. In Jenkins use case this is automatically filled through the credentials.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | yes |
Default | $PIPER_userToken (if set) |
Secret | yes |
Configuration scope |
|
Resource references | Jenkins credential id: id: userTokenCredentialsId Vault resource: name: whitesourceVaultSecret default value: whitesource Vault paths:
|
verbose¶
verbose output
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
version¶
Version of the WhiteSource product to be created and used for results aggregation. This is usually determined automatically based on the information in the buildTool specific build descriptor file.
Scope | Details |
---|---|
Aliases | - productVersion - whitesourceProductVersion - whitesource/productVersion (deprecated) |
Type | string |
Mandatory | no |
Default | $PIPER_version (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: artifactVersion |
versioningModel¶
The default project versioning model used in case projectVersion
parameter is empty for creating the version based on the build descriptor version to report results in Whitesource, can be one of 'major'
, 'major-minor'
, 'semantic'
, 'full'
Scope | Details |
---|---|
Aliases | defaultVersioningModel |
Type | string |
Mandatory | no |
Default | major |
Secret | no |
Configuration scope |
|
Resource references | none |
vulnerabilityReportFormat¶
Format of the file the vulnerability report is written to.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | xlsx |
Possible values | - xlsx - json - xml |
Secret | no |
Configuration scope |
|
Resource references | none |
vulnerabilityReportTitle¶
Title of vulnerability report written during the assessment phase.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | WhiteSource Security Vulnerability Report |
Secret | no |
Configuration scope |
|
Resource references | none |
userTokenCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Secret text' credentials ID containing Whitesource user token.
Scope | Details |
---|---|
Aliases | - whitesourceUserTokenCredentialsId - whitesource/userTokenCredentialsId (deprecated) |
Type | string |
Configuration scope |
|
orgAdminUserTokenCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Secret text' credentials ID containing Whitesource org admin token.
Scope | Details |
---|---|
Aliases | - whitesourceOrgAdminUserTokenCredentialsId - whitesource/orgAdminUserTokenCredentialsId (deprecated) |
Type | string |
Configuration scope |
|
dockerConfigJsonCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Secret file' credentials ID containing Docker config.json (with registry credential(s)). You can find more details about the Docker credentials in the Docker documentation.
Scope | Details |
---|---|
Aliases | dockerCredentialsId (deprecated) |
Type | string |
Configuration scope |
|
githubTokenCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Secret text' credentials ID containing token to authenticate to GitHub.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Configuration scope |
|
golangPrivateModulesGitTokenCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Username with password' credentials ID containing username/password for http access to your git repos where your go private modules are stored.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Configuration scope |
|
Exceptions¶
None
Examples¶
whitesourceExecuteScan script: this, buildTool: 'pip', productName: 'My Whitesource Product', userTokenCredentialsId: 'companyAdminToken', orgAdminUserTokenCredentialsId: 'orgAdminToken', orgToken: 'myWhitesourceOrganizationToken'