Versions Compared

Old Version 3

changes.mady.by.user Maurizio Pillitu

Saved on

compared with

New Version 4

changes.mady.by.user Peter Monks

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents

NPM integration

The NPM integration allows to perform the tasks mentioned above for Javascript projects.

...

  • Make sure you have npm installed on commandline
  • Edit your package.json
    • add whitesource: 1.0.9, below devDependencies
    • add whitesource: node node_modules/whitesource/bin/whitesource.js run, below scripts

  • Run npm install from the root project folder

Below is how your package.json file should look like.

Code Block
titlepackage.json
{
  ...
  "scripts": {
    ...
    "whitesource": "node node_modules/whitesource/bin/whitesource.js run"
  },
  "devDependencies": {
    ...
    "whitesource": "1.0.9"
  },
  ...
}

...

productName and projectName are self-explainatory (see WhiteSource plugins)explanatory; if no productName/projectName exists in the Foundation WhiteSource dashboard, a new one will be created; as such, these values should never be changed, unless the names are changed from the WhiteSource dashboard first.

...

Try to add scrollreveal: 4.0.0-beta.14 (a package released under GPL-3.0 license) under dependency, in your package.json, then follow the instructions below.

...

If checkPolicies is set to true and policy violations are found, a file called ws-log-policy-violations.json will be created in the root project folder; an example of the file content is reported below.

...

Please note that Travis restricts access to the (encrypted) WhiteSource API Key for security reasons; as such, any Pull Request (PR) coming from other forks cannot run the WhiteSource integration. In order to enforce WhiteSource policies within the PR review mechanism, it is necessary to introduce an intermediate branch, hosted in the repository (ie. whitesource-validation), where PRs are merged - assuming they pass all other validations - before being merged to the final (ie master) branch.

...

Foundation Parent POM (Maven)

...

Java projects that are using Apache Maven as the build tool can specify ssf-parent-pom as parent POM and inherit a whitesource build profile that takes care of submitting metrics at build time; other than that, the project pom.xml doesn't need any further change.

By default, thw the WhiteSource Maven plugin excludes all dependencies with <scope> equal to test or provided.

...

If any policy violation is found locally, the build will fail and a report will be generated on target/site/whitesource/index.html.

Override to enable certain scopes (see example below).
The following parameters can be passed to the mvn commandline:

...

If you're managing a (Foundation) project that uses multiple github GitHub repositories, you may want to use the same WhiteSource productName across the different project build configurations, by setting a product token.

...