In this article you will find:

  1. How to configure WhiteSource connector
  2. How to view data from WhiteSource in Vulcan

1. Configuring WhiteSource

In the Connectors page, click on Add a Connector

Click on the WhiteSource connector

Fill in the relevant field:
User Key -  Identifier for user in WhiteSource.
You can get the relevant key by navigating to  User's profile --> User Keys --> Copy key

Product Token - Unique identifier for your product in WhiteSource.
You can get your relevant token by navigating to Home --> Products --> Select product  --> Click on cog wheel --> Copy Product Token.

Click on Create

2. Viewing data from WhiteSource in Vulcan

Vulcan provides the option to remediate vulnerabilities from 2 different angles:

  • Assets
  • Vulnerabilities

The data from WhiteSource will be displayed under Code Projects  - This tab gathers all data that came from SAST and SCA tools. To filter only WhiteSource data, simply use the Search Bar.

The Project column will display the projects you have in WhiteSource
The Last Report column will display the last plugin update in WhiteSource
The Top Risk column will display the highest risk-value from all risks that exist in a project.
The Vulnerabilities column will display the number of vulnerabilities that exist in a project.
The Tags column will display all the tags related to a project. 

Clicking on each project will open its Asset Card where you can view in detailed the project's data, including - All related vulnerabilities, affected libraries and packages, details of projects and correlated data from other sources.

If you want to view specific vulnerability, click on it and you will get a representation of that vulnerability and its details.

You can view all data from WhiteSource under Vulnerabilities. To filter only WhiteSource data, simply use the Search Bar.

You can start remediation flow by clicking on a vulnerability and viewing all details pulled from your WhiteSource account.
All relevant data from WhiteSource, including description, offered solutions, available fixes and more, are all in Vulcan.

Click on Take Action if you wish to open a ticket and assign it to a specific team or share your findings via Slack channels or emails.

Did this answer your question?