/ws-gitlab-integration

WhiteSource GitLab Integration

Primary LanguagePythonApache License 2.0Apache-2.0

Logo License Docker Image Version (latest by date)

WhiteSource GitLab Integration

WhiteSource lightweight Integration to populate Security and License data from WhiteSource Into GitLab

Prerequisites

  • GitLab Ultimate
  • Auto DevOps enabled

Usage

  1. For each project define WS_PROJ_TOKEN and WS_USER_KEY variables in Projects's Settings -> CI/CD -> Variables where:

    • WS_PROJ_TOKEN - WhiteSource Project Token.
    • WS_USER_KEY - WhiteSource User Key.
    • (Optional) WS_URL - WhiteSource URL (Default: saas). For non-default, add to the syntax below -a url (e.g. saas-eu, app, app-eu, url.full.path)
    • To create Vulnerabilities based on WhiteSource Alerts, replace -t dependency with -t dependency_alert_based

  2. Create GitLab pipeline job that consists:

include:
  - template: License-Scanning.gitlab-ci.yml

license_scanning:
  image:
    name: "docker.io/whitesourcetools/ws-gl-int:latest"
  script:
    - python3 /opt/ws_gl_int/gitlab_integration/ws2gl_format_convertor.py -k $WS_PROJ_TOKEN -u $WS_USER_KEY -t license -o $CI_PROJECT_DIR/

dependency_scanning:
  image:
    name: docker.io/whitesourcetools/ws-gl-int:latest
    entrypoint: [""]
  script:
    - python3 /opt/ws_gl_int/gitlab_integration/ws2gl_format_convertor.py -k $WS_PROJ_TOKEN -u $WS_USER_KEY -t dependency -o $CI_PROJECT_DIR/
  artifacts:
    reports:
      dependency_scanning: gl-dependency-scanning-report.json