Filters

CLEAR ALL

Search Results ()

Filter Icon

Search Results ()

    All Plugins (171)

    Filter Icon

    Quick Info

    Product icon
    Product
    DevOps Velocity (HCL Accelerate)
    Plugin type icon
    Type
    plugin
    Compatibility icon
    Compatibility
    HCL DevOps Velocity version 2.0 or later
    created by icon
    Created by
    HCL Software
    Website icon
    Website
    Published Date
    February 9th, 2021
    Last Updated
    March 29th, 2024

    Media

    What’s New?

    Plugin will work as a scheduled event.

    Description

    WhiteSource provides for the management of open source components security, licenses, and maintenance throughout a software development cycle. It identifies the open source components within a software development lifecycle with security or compliance issues. When issues are detected alerts and remediation assistance is provided. The WhiteSource plugin integrates with WhiteSource to retrieves license risks and security vulnerabilities data from WhiteSource scan results to include in an HCL DevOps Velocity metric.

    Quick Info

    Product icon
    Product
    DevOps Velocity (HCL Accelerate)
    Plugin type icon
    Type
    plugin
    Compatibility icon
    Compatibility
    HCL DevOps Velocity version 2.0 or later
    created by icon
    Created by
    HCL Software
    Website icon
    Website
    Published Date
    February 9th, 2021
    Last Updated
    March 29th, 2024

    ucv-ext-whitesource:2.0.15.tar

    Uploaded: 29-Mar-2022 06:28

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-whitesource:2.0.15

    Release Notes

  • Converted to scheduled event plugin
  • Added custom field mapping for pipeline
  • Works on product and project level
  • ucv-ext-whitesource:1.0.14.tar

    Uploaded: 27-Jan-2022 12:18

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-whitesource:1.0.14

    Release Notes

  • User Access Key Related Changes
  • ucv-ext-whitesource:1.0.10.tar

    Uploaded: 28-May-2021 06:14

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-whitesource:1.0.10

    Release Notes

  • Bug fix
  • ucv-ext-whitesource:1.0.3.tar

    Uploaded: 08-Mar-2021 10:14

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-whitesource:1.0.3

    Release Notes

  • Initial release
  • Summary

    WhiteSource identifies all open source components and their dependencies in software. WhiteSource secures software from vulnerabilities and enforces license policies throughout the software development lifecycle.

    The WhiteSource plug-in retrieves WhiteSource scan results and displays the License Risks and Security Vulnerabilities in HCL DevOps Velocity metric displays.

    WhiteSource scan results in HCL DevOps Velocity

    History

    The following table describes the changes made in each plugin version.

    Plugin history details
    Version Description
    2.0.15 Converted to a scheduled event plugin.
    1.0.14 User Access Key Related Changes.
    1.0.10 Bug Fix.
    1.0.3 Initial Release.

    Usage

    To use the WhiteSource plugin, the plugin must be loaded and an instance created before you can configure the plugin integration. You define configuration properties in the user interface or in a JSON file.

    Integration type

    The WhiteSource plugin supports Scheduled Event integration which is listed in the following table.

    Scheduled events
    Name Description
    Sync WhiteSource Data WhiteSource data request that will occur on a timer

     

    Integration

    There are two methods to integrate the plugin:

    • Using the user interface
    • Using a JSON file

    Using the user interface

    1. From the Plugins page, click Settings > Integrations > Plugins.
    2. Under the Action column for the plugin, click Add Integration.
    3. On the Add Integration page enter values for the fields used to configure the integration and define communication.
    4. Click Save.
    WhiteSource plugin integration

    Using a JSON file

    The JSON file contains the information for creating a value stream and integrating with the WhiteSource server. The following table describes the information for the creating a HCL DevOps Velocity value stream map.

    1. From a value stream page, download the value stream map. The value stream map is a JSON file used to define integrations.
    2. Edit the JSON file to include the plugin configuration properties.
    3. Save and upload the JSON file. This replaces the current JSON file with the new content.
    4. View the new integration on the Integrations page.

    Configuration Properties

    Configuration properties

    The following tables describe the properties used to configure the integration. Each table contains the field name when using the user interface and the property name when using a JSON file.

    • The General Configuration Properties table describes configuration properties used by all plugin integrations.
    • The WhiteSource Configuration Properties table describes the configuration properties that define the connection and communications with the WhiteSource server. When using the JSON method to integrate the plugin these properties are coded within the properties configuration property.

    Some properties might not be displayed in the user interface, to see all properties enable the Show Hidden Properties field.

    General Configuration Properties
    Name Description Required Property Name
    NA The version of the plugin that you want to use. To view available versions, click the Version History tab. If a value is not specified, the version named latest is used. No image
    Integration Name An assigned name to the value stream. Yes name
    Logging Level The level of Log4j messages to display in the log file. Valid values are: all, debug, info, warn, error, fatal, off, and trace. No loggingLevel
    NA List of plugin configuration properties used to connect and communicate with the WhiteSource server. Enclose the properties within braces. Yes properties
    The name of the tenant. Yes tenant_id
    NA Unique identifier assigned to the plugin. The value for the WhiteSource plugin is ucv-ext-whitesource Yes type
    Product tokens Add product tokens from whitesource on which we want to run scan Yes type
    Project Names Add project names within the product to make it run at project level No type
    Custom field mapping Add custom field mapping to map image tags with the application name for pipeline No type
    WhiteSource Configuration Properties
    Name Type Description Required Property Name
    WhiteSource API URL String The base URL of the WhiteSource API. Yes wsUrl
    WhiteSource UserKey String UserKey for authentication with WhiteSource. URL to get a UserKey for WhiteSource: https://saas.whitesourcesoftware.com/Wss/WSS.html#!userProfile Yes userKey
    WhiteSource Product tokens (Line separated) Multiline Product token for authentication with WhiteSource. URL to get a Product token for WhiteSource: https://saas.whitesourcesoftware.com/Wss/WSS.html#!userProfile Yes productToken
    Project Names (Line separated) Multiline Provide project names as line separated No projectName
    Custom Field Mapping Multiline Map whitesource fields to Accelerate as a JSON Object. Mapping – {“application.name”: “image.name”, “application.externalId”: “image.id”, “buildUrl”: “image.buildUrl”, “environment”:”image.environment”} No fieldMapping
    User Key String User Key for authentication with WhiteSource. Yes userKey
    URL String The base URL of the WhiteSource API. Yes asocUrl
    HCL DevOps Velocity User Access Key Secure User access key for authentication with HCl DevOps Velocity. No keySecret

    JSON code example

    The following sample code can be used as a template to define the integration within the JSON file for a value stream. Copy and paste the template into the JSON file Integration section and make the appropriate changes.

    
     {
        "type": "ucv-ext-whitesource",
        "tenant_id": "<my-tenant-id>,
        "name": "<integration-name>,
        "properties":{
          "ucvAccessKey": "<my-ucv-user-access-key>,
          "userKey" : "<my-user-key>",
          "productToken" : "<product tokens>",
          "projectName" : "<project names>",
          "fieldMapping" : {"application.name": "image.name", "application.externalId": "image.id", "buildUrl": "image.buildUrl", "environment":"image.environment"}
    
        }
      }
    ]