Highest Voted 'whitesource' Questions

3

votes

1 answer

Is there any tool through which we can generate SBOM report ( SPDX / CycloneDX) for Windows programs?

Is there any tool through which we can generate SBOM report ( SPDX / CycloneDX) for Windows programs ? There are many tools available which can scan Linux OS packages and application packages ( e.g java , maven, .net) like Trivy,Syft,whitesource but…

security trivy whitesource

asked Sep 08 '22 at 11:08

Abdul Mohsin

105
7

2

votes

1 answer

How to fix vulnerability(CVE-2022-34169) in selenium:htmlunit-driver:3.62.0. It is coming from Xalan Java » 2.7.2 as a direct vulnerability

How to fix vulnerability(CVE-2022-34169) in selenium:htmlunit-driver:3.62.0. It is coming from Xalan Java » 2.7.2 as a direct vulnerability we are using org.seleniumhq.selenium:htmlunit-driver:3.62.0 in our karate framework. Whitesource scan is…

selenium xalan htmlunit-driver whitesource

asked Aug 04 '22 at 07:17

Swapnika Reddy

21
1
2

2

votes

1 answer

CVE-2020-36518 : Unable to resolve WhiteSource vulnerability for jackson-databind library

I have tried all the versions of jackson-databind (including version suggested on whitesource fix), but all the version for jackson-databind showing vulnerability on whitesource scan. Below is the description of the issue and we can also see the…

java spring-boot jackson jackson-databind whitesource

asked Mar 17 '22 at 13:05

Brajesh Jha

31
4

1

vote

0 answers

Configuration of Mend/WhiteSource per app in monorepo

We are planning to use Mend (WhiteSource) to scan our code in a monorepo. The way Mend works by default is to scan all code in a monorepo after a push to master branch. Is it possible to configure Mend per app in the monorepo and not scan all apps…

security sca whitesource

asked Nov 10 '22 at 16:36

F. K.

694
3
9
23

1

vote

1 answer

Run whitesource/mend scan via CLI: error: 5001 - User is not allowed to perform this action

I have an access to the whitesource/mend server and I have installed & configured whithesource-CLI according to this documentation Install ws Configure: ws configure Enter API URL, api key, user key, etc When I run ws scan -u, I'm receiving the…

command-line-interface whitesource

asked Oct 21 '22 at 08:04

Pavan Tatikonda

29
10

1

vote

1 answer

Release Notes not picked up my renovate bot

We are using [RenovateBot] (https://docs.renovatebot.com/) for automatic dependency management. We get the Pull requests created automatically, but the PRs don't show the release notes. Has anyone faced this issue?

renovate release-notes whitesource

asked Jun 23 '22 at 16:49

Aswani Ramaswamy

11
1

1

vote

0 answers

Whitesource CLI scan fails for python packages because of circular dependency

I have python projects that I wish to scan using Whitesource CLI in Azure Devops Pipeline. Here are the commands that are executed. These work for most python packages in my org, but for a few, it fails. cd $(Build.Repository.Name) python3 -m pip…

python azure-devops pip azure-pipelines whitesource

asked Feb 18 '22 at 11:58

Seeker

297
5
19

1

vote

1 answer

White Source Azure DevOps task exclude parameter not working

I have a White Source task in my Azure DevOps pipeline. The task looks like this: - task: WhiteSource@21 inputs: cwd: '$(System.DefaultWorkingDirectory)/sources/' configuration: | excludes=**/Examples/** …

whitesource

asked Aug 18 '21 at 12:57

Alexander Lysenko

166
10

0

votes

0 answers

Difference between Checkmarx and Whitesource(Mend) tools for third party code scan

Is it duplication if I use both Checkmarx and Whitesource tool for third party code scan to find vulnerability? If they are not same then how are they different when it comes to scanning third party code? I tried to scan third party code with both…

security checkmarx whitesource whitesource-bolt

asked Aug 29 '23 at 05:32

Sahil Butani

43
9

0

votes

0 answers

How to scan tesseract and Leptonica for open source vulnerabilities

We are using Tesseract and Leptonica installed on an Unix system to meet some requirements. Since both were termed to be open source, we were subjected to scan both for open source vulnerabilities. Repository…

sonarqube tesseract fortify veracode whitesource

asked Apr 15 '23 at 18:34

Wolf

116
9

0

votes

0 answers

Whitesource@21 error "##[error]Cannot read property 'orgToken' of undefined"

I am getting this error ##[error]Cannot read property 'orgToken' of undefined when I tried running this task in azure pipelines ` - task: WhiteSource@21 displayName: 'Task - Show Scan Results' inputs: cwd: '${{…

azure azure-devops azure-pipelines-yaml whitesource

asked Mar 10 '23 at 17:33

Ralph Lawrence Mira

1
1

0

votes

1 answer

Maven dependency - if both direct and transtive depedency of same artifact are present, which will be used

if both direct and transtive depedency of same artifact are present in pom.xml, which will be used Below is snippet from my pom.xml in the same order- com.browserstack …

maven mvn-repo blackduck whitesource

asked Aug 10 '22 at 17:55

sumit

91
1
1
5

0

votes

0 answers

unable resolve npm dependencies while whitesource scan in jenkins

I am running jenkinsfile where we are doing whitesource scan for node_modules directory and when scanning ,in resolving dependency step its trying to connect https://registry.npmjs.org for each package and i am getting timeout error while…

node.js jenkins npm whitesource

asked Jun 28 '22 at 09:40

Pkpk

7
2

0

votes

1 answer

Opennms-source-26.0.0.1 is violating our open source org policy

All- we scanned our internal code base with whitesource open source scan and it resulted in a policy violation for the opennms-26.0.0-1 and upon research it is found that this is coming from struts-JQuery-plug-in which is licensed under…

open-source struts2-jquery opennms whitesource

asked Nov 20 '21 at 14:43

Jughead1217

63
1
10

Questions tagged [whitesource]