WhiteSource integration with TeamCity

WhiteSource is a tool which automatically detects all open source components in your code and also alerts if any of those components has security vulnerabilities.  This tool can be used to enforce your team complies with your organization open source software policies.  It scans the raw source code and generates comprehensive report of all open source components used in your code with all related license information.

There are different ways this tool can be used.  You can also integrate this with build tools like TeamCity or Jenkins.

In this article, I will show you the integration steps with TeamCity using WhiteSource Unified Agent(formally known as the File System Agent – FSA).   The Unified Agent is a simple Java command line tool which extracts descriptive information from your open source libraries located on your file system and integrates them with WhiteSource.

1) Download the WhiteSource Unified Agent.  You will need to download configuration file and whitesource-fs-agent jar file from this link.

2) There are various parameters in configuration file that you need to set based on your need.  At the bare minimum, you will need to set wss.url (I used cloud instance so this was cloud whitesource instance url), apiKey(generate the apikey under your profile and use the apikey).

3) Create a new project in TeamCity and add build step with runner type “PowerShell”.  Use below script command.

 

java -jar whitesource-fs-agent-18.8.1.jar -product “{#nameOfProduct}” -project “{#nameOfProject}” -d “{#SourceCodeDirectoryPath}” -scanComment “{#ContactPersonEmailAddress}”

This command scans the source code under a given directory path and then uploads the comprehensive report to whitesource cloud portal.

WhiteSource also has TeamCity Plugin.  Do not use that plugin.  It will be deprecated starting May 1st, 2019.

Hope this helps!

Posted in Microsoft Technology Tagged with:

Ads