Questions tagged [whitesource-bolt]

Whitesource Bolt is an OSS dependency scan service that finds security and licensing issue with open source dependencies

Bolt is a service offered by Whitesource Software, providing scan of open source dependencies in projects. It supports multiple frameworks such as NPM, Maven, .NET and provides the user with a report of existing security vulnerabilities (CVEs) and potential licensing issues.

It is available as CI/CD plugin for most known DevOps services (Atlassian Bamboo/BitBucket, Azure DevOps, Jenkins...)

https://www.whitesourcesoftware.com

6 questions

votes

1 answer

Whitesource Bolt Azure DevOps plugin takes long time (and is too chatty)

This happened since yesterday. In the past months, I have integrated Whitesource Bolt scan (a free alternative to the popular Snyk) into our DevOps projects. It normally took a couple of minutes to scan our packages, and we wew happy with the…

asked Jul 06 '21 at 08:47

usr-local-ΕΨΗΕΛΩΝ

26,101
30
154
305

votes

1 answer

WhiteSource was unable to scan your repository. Please connect to your WhiteSource account by navigating to Organization settings > WhiteSource tab

I cloned the repo: https://github.com/HoussemDellai/WebAppWithDatabaseDemo.git to Azure Dev Ops project and created a CI-CD pipeline. In the pipeline I added a task for WhiteSource Bolt based on the instructions mentioned at :…

azure-devops azure-pipelines whitesource-bolt

asked Oct 11 '21 at 20:31

santosh kumar patro

7,231
22
71
143

vote

0 answers

Is there a way to fail an Azure DevOps pipeline build on WhiteSource report results?

I have a step in my Azure DevOps build pipeline to generate a WhiteSource Bolt report - task: WhiteSource Bolt@20 displayName: "WhiteSource Bolt" Does anyone know if there is a way to fail the build based on the report find vulnerabilities at a…

security azure-devops yaml azure-pipelines whitesource-bolt

asked Feb 17 '22 at 15:42

t.c.

votes

0 answers

Difference between Checkmarx and Whitesource(Mend) tools for third party code scan

Is it duplication if I use both Checkmarx and Whitesource tool for third party code scan to find vulnerability? If they are not same then how are they different when it comes to scanning third party code? I tried to scan third party code with both…

security checkmarx whitesource whitesource-bolt

asked Aug 29 '23 at 05:32

Sahil Butani

votes

0 answers

Mend(WhiteSource) Bolt not generating Vulnerability Report in Azure DevOps

Mend Bolt free version. I have added a Mend Bolt task in my Build pipeline. It generates the report for one of the build pipelines. But for the 2nd Build pipeline, it shows following: The repo is a node.js project & there are packages being…

azure-devops whitesource-bolt

asked Aug 04 '22 at 05:31

Ajinkya Bapat

votes

1 answer

Whitesource Bolt fails to generate reports

I have integrated Whitesource Bolt to Azure Pipelines but its failing to generate the reports.I have entered the activation codes and the process runs in the pipeline as well .Also the Whitesource Bolt tab is not showing up on my project sidebar.…

azure azure-devops azure-pipelines whitesource-bolt

asked Oct 21 '21 at 12:33

lp_nave