WhiteSource Bolt + Azure Pipelines
Till now we have seen how to create Pipelines in Azure DevOps and how to Integrate Sonar Scanning in our Build Pipelines.
Open Source Libraries can be very handy and can help in achieving the functionality very fast but managing multiple libraries used in our code can be a tedious task. For this problem, there is a tool named WhiteSource Bolt which can be integrated with our Azure DevOps Pipeline and it will generate a report of Open Source Libraries used, the Licenses, and the vulnerabilities in the libraries.
Integrate WhiteSource in Azure Pipelines
We just need to follow the below small steps and WhiteSource integration will be done:
1. Install WhiteSource Bolt Plugin from the Marketplace
- Go to Marketplace and search for WhiteSource bolt
Just click on Get It Free to install the Extention to your Azure DevOps Organisation.
2. Setup WhiteSource Bolt Plugin
- For setting up the WhiteSource plugin, Go to WhiteSource Tab under Pipelines in any project. ( This tab will be shown only if WhiteSourceBolt Plugin is installed)
- Just fill the required details and click Get Started.
- Once you click on Get Started, The below screen will be shown.
That’s it! WhiteSource has been configured.
3. Integrating WhiteSource Scanner into Azure Pipelines
- Goto Pipeline Definition, and add a task for WhiteSource Bolt in the YAML file.
I have removed the Sonar Integration from the YAML just for the Demo purpose but it should be present with the WhiteSource Scanner.
4. Execute the Pipeline and get the Report
Once the Pipelines execution is completed, WhiteSource Report will be available under Pipelines -> WhiteSource Tab.
This report will show all the Vulnerabilities present in the OpenSource Libraries used in the Project.
Also, We can export this report in various formats like HTML, pdf, JSON and excel.
Voila!! Our WhiteSource Integration in Azure Pipelines has been done.
Thanks for reading this blog. If you like this blog then please leave a comment and a Clap as it motivates me to write more.
If you have any queries, please write to me at [email protected], I will be happy to answer your questions.
