Configuring WhiteSource with a single WhiteSource product
In the Connectors page, click on Add a Connector
Click on the WhiteSource connector
Fill in the relevant field:
You can get the API URL by navigating to User's profile --> Server URLs --> and copy the API Base URL:
User Key - Identifier for user in WhiteSource.
You can get the relevant key by navigating to User's profile --> User Keys --> Copy key
Product Token - Unique identifier for your product in WhiteSource.
You can get your relevant token by navigating to Home --> Products --> Select product --> Click on cog wheel --> Copy Product Token.
Configuring WhiteSource with several WhiteSource products
In the case of the use of several WhiteSource products, it is recommended to aggregate all the data into one aggregated product, and then to create single integration of WhiteSource into Vulcan by the following steps:
First, create the WhiteSource connector and insert the "User key":
User Key - Identifier for the user in WhiteSource.
You can get the relevant key by navigating to User's profile --> User Keys --> Copy keyTo create the aggregated Product, go to "Products"-->"Admin products":
Choose all the active projects you want to aggregate into a single product and create a new aggregated product.
On the newly created product, go to settings and copy the API token and insert it
into Vulcan.
(Go to the newly created product --> Settings --> Product Token).
Hit "Create".
Viewing data from WhiteSource in Vulcan
Vulcan provides the option to remediate vulnerabilities from 2 different angles:
Assets
Vulnerabilities
Assets
The data from WhiteSource will be displayed under Code Projects - This tab gathers all data that came from SAST and SCA tools. To filter only WhiteSource data, simply use the Search Bar.
The Project column will display the projects you have in WhiteSource
The Last Report column will display the last plugin update in WhiteSource
The Top Risk column will display the highest risk-value from all risks that exist in a project.
The Vulnerabilities column will display the number of vulnerabilities that exist in a project.
The Tags column will display all the tags related to a project.
Clicking on each project will open its Asset Card where you can view in detailed the project's data, including - All related vulnerabilities, affected libraries and packages, details of projects and correlated data from other sources.
If you want to view specific vulnerability, click on it and you will get a representation of that vulnerability and its details.
Vulnerabilities
You can view all data from WhiteSource under Vulnerabilities. To filter only WhiteSource data, simply use the Search Bar.
You can start remediation flow by clicking on a vulnerability and viewing all details pulled from your WhiteSource account.
All relevant data from WhiteSource, including description, offered solutions, available fixes and more, are all in Vulcan.
Click on Take Action if you wish to open a ticket and assign it to a specific team or share your findings via Slack channels or emails.
FAQ
Q: Which WhiteSource API base URL types does Vulcan support?
A: Vulcan supports the following API URLs: