├── .gitignore ├── .whitesource ├── dockerized ├── Dockerfile ├── README.md ├── wss_agent.bat └── wss_agent.sh └── standAlone ├── wss-unified-agent.config ├── wss_agent.sh ├── wss_agent_orb.sh └── wss_agent_scanner.sh /.gitignore: -------------------------------------------------------------------------------- 1 | *.iml 2 | .idea/ 3 | /dockerized/data/ 4 | /dockerized/wss/ 5 | -------------------------------------------------------------------------------- /.whitesource: -------------------------------------------------------------------------------- 1 | ########################################################## 2 | #### WhiteSource Integration configuration file #### 3 | ########################################################## 4 | 5 | # Configuration # 6 | #---------------# 7 | ws.repo.scan=true 8 | vulnerable.check.run.conclusion.level=failure 9 | -------------------------------------------------------------------------------- /dockerized/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | # Image containing: 4 | # base Ubuntu:18.04 5 | # 1. utility apps 6 | # 2. Java (1.8) 7 | # 3. Maven (3.5.4) 8 | # 4. Node.js (8.9.4) 9 | # 5. NPM (5.6.0) 10 | # 6. Yarn (1.5.1) 11 | # 7. Bower (1.8.2) 12 | # 8. Gradle (6.0.1) 13 | # 9. python 2.7 + 3.6 + pip + pip3 + pipenv 14 | # 10. [optional] python 3.7 15 | # 11. [optional] python 3.8 16 | # 12. Poetry (python) 17 | # 13. Ruby, rbenv and ruby-build 18 | # 14. Go (1.12.6) 19 | # 15. Scala 2.12.6, Sbt 1.1.6 20 | # 16. PHP (7.2) 21 | # 17. Composer 22 | # 18. PHP Plugins 23 | # 19. Mix, Hex, Erlang and Elixir 24 | # 20. Cocoapods (1.5.3) 25 | # 21. R + Packrat 26 | # 22. Haskel + Cabal 27 | # 23. Paket 28 | # 24. dotnet-sdk-2.2,dotnet cli and NuGet 29 | # 25. Cargo 30 | 31 | ENV DEBIAN_FRONTEND noninteractive 32 | ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64 33 | ENV PATH $JAVA_HOME/bin:$PATH 34 | ENV LANGUAGE en_US.UTF-8 35 | ENV LANG en_US.UTF-8 36 | ENV LC_ALL en_US.UTF-8 37 | 38 | 39 | ### Install wget, curl, git, unzip, gnupg, locales 40 | RUN apt-get update && \ 41 | apt-get -y install \ 42 | curl \ 43 | git \ 44 | gnupg \ 45 | locales \ 46 | unzip \ 47 | wget \ 48 | && locale-gen en_US.UTF-8 && \ 49 | apt-get clean && \ 50 | rm -rf /var/lib/apt/lists/* && \ 51 | rm -rf /tmp/* 52 | 53 | 54 | ### add a new group + user without root premmsions 55 | ENV WSS_GROUP wss-group 56 | ENV WSS_USER wss-scanner 57 | ENV WSS_USER_HOME=/home/${WSS_USER} 58 | 59 | RUN groupadd ${WSS_GROUP} && \ 60 | useradd --gid ${WSS_GROUP} --groups 0 --shell /bin/bash --home-dir ${WSS_USER_HOME} --create-home ${WSS_USER} && \ 61 | passwd -d ${WSS_USER} 62 | 63 | 64 | ### Install Java openjdk 8 65 | RUN echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu bionic main" | tee /etc/apt/sources.list.d/ppa_openjdk-r.list && \ 66 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DA1A4A13543B466853BAF164EB9B1D8886F44E2A && \ 67 | apt-get update && \ 68 | apt-get -y install openjdk-8-jdk && \ 69 | apt-get clean && \ 70 | rm -rf /var/lib/apt/lists/* && \ 71 | rm -rf /tmp/* 72 | 73 | 74 | ### Install Maven (3.5.4) 75 | ARG MAVEN_VERSION=3.5.4 76 | ARG MAVEN_VERSION_SHA=CE50B1C91364CB77EFE3776F756A6D92B76D9038B0A0782F7D53ACF1E997A14D 77 | ARG MAVEN_BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries 78 | ENV MAVEN_HOME /usr/share/maven 79 | ENV MAVEN_CONFIG ${WSS_USER_HOME}/.m2 80 | 81 | RUN mkdir -p /usr/share/maven /usr/share/maven/ref && \ 82 | curl -fsSL -o /tmp/apache-maven.tar.gz ${MAVEN_BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz && \ 83 | echo "${MAVEN_VERSION_SHA} /tmp/apache-maven.tar.gz" | sha256sum -c - && \ 84 | tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 && \ 85 | rm -f /tmp/apache-maven.tar.gz && \ 86 | ln -s /usr/share/maven/bin/mvn /usr/bin/mvn && \ 87 | mkdir -p -m 777 ${WSS_USER_HOME}/.m2/repository && \ 88 | chown -R ${WSS_USER}:${WSS_GROUP} ${WSS_USER_HOME}/.m2 && \ 89 | rm -rf /tmp/* 90 | 91 | 92 | ### Install Node.js (12.19.0) + NPM (6.14.8) 93 | RUN apt-get update && \ 94 | curl -sL https://deb.nodesource.com/setup_12.x | bash && \ 95 | apt-get install -y nodejs build-essential && \ 96 | apt-get clean && \ 97 | rm -rf /var/lib/apt/lists/* && \ 98 | rm -rf /tmp/* 99 | 100 | ### Install Yarn 101 | RUN npm i -g yarn@1.5.1 102 | 103 | #### Install Bower + provide premmsions 104 | #RUN npm i -g bower --allow-root && \ 105 | # echo '{ "allow_root": true }' > ${WSS_USER_HOME}/.bowerrc && \ 106 | # chown -R ${WSS_USER}:${WSS_GROUP} ${WSS_USER_HOME}/.bowerrc 107 | 108 | ARG GRADLE_VERSION=6.0.1 109 | 110 | ### Install Gradle 111 | RUN wget -q https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip && \ 112 | unzip gradle-${GRADLE_VERSION}-bin.zip -d /opt && \ 113 | rm gradle-${GRADLE_VERSION}-bin.zip 114 | 115 | ### Set Gradle in the environment variables 116 | ENV GRADLE_HOME /opt/gradle-${GRADLE_VERSION} 117 | ENV PATH $PATH:/opt/gradle-${GRADLE_VERSION}/bin 118 | 119 | 120 | ### Install all the python2.7 + python3.6 packages 121 | RUN apt-get update && \ 122 | apt-get install -y python3-pip python3.6-venv && \ 123 | apt-get install -y python-pip && \ 124 | pip3 install pipenv && \ 125 | apt-get clean && \ 126 | rm -rf /var/lib/apt/lists/* && \ 127 | rm -rf /tmp/* 128 | 129 | 130 | # python utilities 131 | RUN python -m pip install --upgrade pip && \ 132 | python3 -m pip install --upgrade pip && \ 133 | python -m pip install virtualenv && \ 134 | python3 -m pip install virtualenv 135 | 136 | 137 | #### optional: python3.7 (used with UA flag: 'python.path') 138 | #RUN apt-get update && \ 139 | # apt-get install -y python3.7 python3.7-venv && \ 140 | # python3.7 -m pip install --upgrade pip && \ 141 | # apt-get clean && \ 142 | # rm -rf /var/lib/apt/lists/* && \ 143 | # rm -rf /tmp/* 144 | 145 | 146 | #### optional: python3.8 (used with UA flag: 'python.path') 147 | #RUN apt-get update && \ 148 | # apt-get install -y python3.8 python3.8-venv && \ 149 | # python3.8 -m pip install --upgrade pip && \ 150 | # apt-get clean && \ 151 | # rm -rf /var/lib/apt/lists/* && \ 152 | # rm -rf /tmp/* 153 | 154 | 155 | ### Install Conda (python) 156 | #USER ${WSS_USER} 157 | #RUN cd ${WSS_USER_HOME} && \ 158 | # wget https://repo.anaconda.com/archive/Anaconda3-2021.05-Linux-x86_64.sh && \ 159 | # bash Anaconda3-2021.05-Linux-x86_64.sh -b && \ 160 | # rm Anaconda3-2021.05-Linux-x86_64.sh 161 | # 162 | #USER root 163 | #RUN echo '#!/usr/bin/env bash' >> /usr/bin/conda && \ 164 | # echo 'source ${WSS_USER_HOME}/anaconda3/etc/profile.d/conda.sh' >> /usr/bin/conda && \ 165 | # echo '${WSS_USER_HOME}/anaconda3/bin/conda "$@"' >> /usr/bin/conda && \ 166 | # chmod +x /usr/bin/conda 167 | 168 | 169 | #### Install Poetry (python) 170 | #### requires python3.X version matching the projects (defaults to python3.6) 171 | #### sed command sets the default selected python-executable used by poetry to be 'python3' 172 | #ENV POETRY_HOME ${WSS_USER_HOME}/.poetry 173 | #RUN curl -sSLO https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py && \ 174 | # sed -i 's/allowed_executa11bles = \["python", "python3"\]/allowed_executables = \["python3", "python"\]/g' get-poetry.py && \ 175 | # python3 get-poetry.py --yes --version 1.0.5 && \ 176 | # chown -R ${WSS_USER}:${WSS_GROUP} ${WSS_USER_HOME}/.poetry && \ 177 | # rm -rf get-poetry.py 178 | #ENV PATH ${WSS_USER_HOME}/.poetry/bin:${PATH} 179 | 180 | 181 | #### Install Ruby 182 | #RUN apt-get update && \ 183 | # apt-get install -y ruby ruby-dev ruby-bundler && \ 184 | # apt-get clean && \ 185 | # rm -rf /var/lib/apt/lists/* && \ 186 | # rm -rf /tmp/* 187 | 188 | 189 | #### Install rbenv and ruby-build 190 | ### or maybe be saved to /etc/profile instead of /etc/profile.d/ 191 | #RUN git clone https://github.com/sstephenson/rbenv.git ${WSS_USER_HOME}/.rbenv; \ 192 | # git clone https://github.com/sstephenson/ruby-build.git ${WSS_USER_HOME}/.rbenv/plugins/ruby-build; \ 193 | # ${WSS_USER_HOME}/.rbenv/plugins/ruby-build/install.sh && \ 194 | # echo 'eval "$(rbenv init -)"' >> /etc/profile.d/rbenv.sh && \ 195 | # echo 'eval "$(rbenv init -)"' >> ${WSS_USER_HOME}/.bashrc && \ 196 | # chown -R ${WSS_USER}:${WSS_GROUP} ${WSS_USER_HOME}/.rbenv ${WSS_USER_HOME}/.bashrc 197 | #ENV PATH ${WSS_USER_HOME}/.rbenv/bin:$PATH 198 | 199 | 200 | #### Install GO: 201 | # ARG GOLANG_VERSION=1.17.1 202 | #USER ${WSS_USER} 203 | #RUN mkdir -p ${WSS_USER_HOME}/goroot && \ 204 | # curl https://storage.googleapis.com/golang/go${GOLANG_VERSION}.linux-amd64.tar.gz | tar xvzf - -C ${WSS_USER_HOME}/goroot --strip-components=1 205 | ### Set GO environment variables 206 | #ENV GOROOT ${WSS_USER_HOME}/goroot 207 | #ENV GOPATH ${WSS_USER_HOME}/gopath 208 | #ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH 209 | ### Install package managers 210 | # 211 | #RUN go install github.com/tools/godep@latest 212 | #RUN go install github.com/LK4D4/vndr@latest 213 | #RUN go install github.com/kardianos/govendor@latest 214 | # 215 | ##All Deparacted/archived go package managers 216 | ## RUN go install github.com/gpmgo/gopm@latest 217 | ## RUN go install github.com/golang/dep/cmd/dep@latest 218 | ## RUN go install github.com/Masterminds/glide@latest 219 | ## RUN curl https://glide.sh/get | sh 220 | #USER root 221 | 222 | 223 | #### Important note ### 224 | #### uncomment for: 225 | #### Scala 226 | #### SBT 227 | #### Mix/ Hex/ Erlang/ Elixir 228 | #### dotnet/nuget cli's 229 | #RUN apt-get update && \ 230 | # apt-get install -y --force-yes build-essential && \ 231 | # apt-get install -y --force-yes zlib1g-dev libssl-dev libreadline-dev libyaml-dev libxml2-dev libxslt-dev && \ 232 | # apt-get clean && \ 233 | # rm -rf /var/lib/apt/lists/* && \ 234 | # rm -rf /tmp/* 235 | 236 | 237 | #### Install Scala 238 | # ARG SCALA_VERSION=2.12.6 239 | #RUN wget https://downloads.lightbend.com/scala/${SCALA_VERSION}/scala-${SCALA_VERSION}.deb --no-check-certificate && \ 240 | # dpkg -i scala-${SCALA_VERSION}.deb && \ 241 | # rm scala-${SCALA_VERSION}.deb 242 | ### Install SBT 243 | #RUN wget https://github.com/sbt/sbt/releases/download/v1.5.1/sbt-1.5.1.tgz && \ 244 | # tar xzvf sbt-1.5.1.tgz -C /usr/share/ && \ 245 | # update-alternatives --install /usr/bin/sbt sbt /usr/share/sbt/bin/sbt 9998 246 | #ENV SBT_HOME /usr/share/sbt/bin/ 247 | #ENV PATH $PATH:$SBT_HOME 248 | 249 | 250 | #### Install PHP 251 | #RUN apt-get update && \ 252 | # apt-get install -y php7.2 && \ 253 | # apt-get clean && \ 254 | # rm -rf /var/lib/apt/lists/* && \ 255 | # rm -rf /tmp/* 256 | ### Install Composer 257 | #RUN curl -s https://getcomposer.org/installer | php 258 | #RUN mv composer.phar /usr/local/bin/composer 259 | ### Install PHP Plugins 260 | #RUN apt-get update && \ 261 | # apt-get install -y php7.2-mbstring && \ 262 | # apt-get install -y php7.2-dom && \ 263 | # apt-get clean && \ 264 | # rm -rf /var/lib/apt/lists/* && \ 265 | # rm -rf /tmp/* 266 | 267 | 268 | #### Install Mix/ Hex/ Erlang/ Elixir 269 | #RUN wget https://packages.erlang-solutions.com/erlang-solutions_2.0_all.deb && \ 270 | # dpkg -i erlang-solutions_2.0_all.deb && \ 271 | # apt-get update && \ 272 | # apt-get install esl-erlang -y && \ 273 | # apt-get install elixir -y && \ 274 | # mix local.hex --force && \ 275 | # rm erlang-solutions_2.0_all.deb && \ 276 | # apt-get clean && \ 277 | # rm -rf /var/lib/apt/lists/* && \ 278 | # rm -rf /tmp/* 279 | 280 | 281 | #### Install Cocoapods 282 | #RUN gem install cocoapods -v 1.10.2 283 | #RUN adduser cocoapods 284 | #USER cocoapods 285 | #RUN pod setup 286 | #USER root 287 | 288 | 289 | #### Install R and Packrat 290 | #RUN apt-get update && \ 291 | # apt-get install -y r-base libopenblas-base r-base gdebi && \ 292 | # wget https://download1.rstudio.org/rstudio-xenial-1.1.419-amd64.deb && \ 293 | # gdebi rstudio-xenial-1.1.419-amd64.deb && \ 294 | # rm rstudio-xenial-1.1.419-amd64.deb && \ 295 | # R -e 'install.packages("packrat" , repos="http://cran.us.r-project.org");' && \ 296 | # apt-get clean && \ 297 | # rm -rf /var/lib/apt/lists/* && \ 298 | # rm -rf /tmp/* 299 | 300 | 301 | #### Install Cabal 302 | # ARG HASKELL_GHC_VERSION=8.6.5 303 | # ARG CABAL_VERSION=3.2 304 | #RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 063DAB2BDC0B3F9FCEBC378BFF3AEACEF6F88286 && \ 305 | # echo "deb http://ppa.launchpad.net/hvr/ghc/ubuntu bionic main " | tee /etc/apt/sources.list.d/ppa_hvr_ghc.list && \ 306 | # apt-get update && \ 307 | # apt-get install -y ghc-${HASKELL_GHC_VERSION} cabal-install-${CABAL_VERSION} && \ 308 | # PATH="/opt/ghc/bin:${PATH}" && \ 309 | # cabal update && \ 310 | # apt-get clean && \ 311 | # rm -rf /var/lib/apt/lists/* && \ 312 | # rm -rf /tmp/* 313 | #ENV PATH /opt/ghc/bin:$PATH 314 | 315 | 316 | #### Install dotnet cli and Nuget 317 | #RUN wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb && \ 318 | # dpkg -i packages-microsoft-prod.deb && \ 319 | # apt-get update && \ 320 | # apt-get install -y apt-transport-https && \ 321 | # apt-get install -y dotnet-sdk-2.2 && \ 322 | # apt-get install -y dotnet-sdk-3.1 && \ 323 | # apt-get install -y dotnet-sdk-5.0 && \ 324 | # rm packages-microsoft-prod.deb && \ 325 | # apt-get clean && \ 326 | # rm -rf /var/lib/apt/lists/* && \ 327 | # rm -rf /tmp/* 328 | 329 | 330 | ### Install Mono 331 | #RUN apt-get update && \ 332 | # apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \ 333 | # apt-get install -y --no-install-recommends apt-transport-https ca-certificates && \ 334 | # echo "deb https://download.mono-project.com/repo/ubuntu bionic main" | tee /etc/apt/sources.list.d/mono-official-stable.list && \ 335 | # apt-get update && \ 336 | # apt-get install -y mono-devel && \ 337 | # apt-get clean && \ 338 | # rm -rf /var/lib/apt/lists/* && \ 339 | # rm -rf /tmp/* 340 | 341 | #### Install Nuget CLI 342 | #RUN TMP=/tmp/nuget && \ 343 | # LIB=/usr/local/lib && \ 344 | # BIN=/usr/local/bin && \ 345 | # rm -rf $TMP $LIB/nuget $BIN/nuget && \ 346 | # mkdir -p $TMP && \ 347 | # cd $TMP && \ 348 | # wget -O nuget.zip https://www.nuget.org/api/v2/package/NuGet.CommandLine/5.10.0 && \ 349 | # unzip nuget.zip && \ 350 | # install -d $LIB/nuget && \ 351 | # install ./tools/NuGet.exe $LIB/nuget/ && \ 352 | # echo '#!/usr/bin/env bash\nexec mono /usr/local/lib/nuget/NuGet.exe "$@"\n' > $BIN/nuget && \ 353 | # chmod a+x $BIN/nuget && \ 354 | # rm -rf $TMP 355 | 356 | 357 | ## Install Paket 358 | #RUN mozroots --import --sync && \ 359 | # TMP=/tmp/paket/src && \ 360 | # LIB=/usr/local/lib && \ 361 | # BIN=/usr/local/bin && \ 362 | # rm -rf $TMP && \ 363 | # mkdir -p $TMP && \ 364 | # cd $TMP && \ 365 | # wget -O paket.zip https://www.nuget.org/api/v2/package/Paket/5.257.0 && \ 366 | # unzip paket.zip && \ 367 | # rm -rf $LIB/paket && \ 368 | # install -d $LIB/paket && \ 369 | # install ./tools/paket.exe $LIB/paket/ && \ 370 | # rm -rf $BIN/paket && \ 371 | # echo '#!/usr/bin/env bash\nexec mono /usr/local/lib/paket/paket.exe "$@"\n' > $BIN/paket && \ 372 | # chmod a+x $BIN/paket 373 | 374 | 375 | #### Install Cargo 376 | #ENV HOME ${WSS_USER_HOME} 377 | #RUN curl https://sh.rustup.rs -sSf | sh -s -- -y && \ 378 | # chown -R ${WSS_USER}:${WSS_GROUP} ${WSS_USER_HOME}/.cargo && \ 379 | # chown -R ${WSS_USER}:${WSS_GROUP} ${WSS_USER_HOME}/.rustup && \ 380 | # rm -rf /tmp/* 381 | #ENV PATH $HOME/.cargo/bin:$PATH 382 | #ENV HOME /root 383 | 384 | ### Switch User ### 385 | ENV HOME ${WSS_USER_HOME} 386 | WORKDIR ${WSS_USER_HOME} 387 | USER ${WSS_USER} 388 | 389 | ### copy data to the image 390 | # COPY wss wss 391 | # COPY Data 392 | 393 | ### base command 394 | # CMD java -jar ./wss/wss-unified-agent.jar -c ./wss/wss-unified-agent.config -d ./Data` -------------------------------------------------------------------------------- /dockerized/README.md: -------------------------------------------------------------------------------- 1 | # Dockerized Unifed-Agent 2 | 3 | **IMPORTANT:** The Dockerized Unified Agent is no longer supported. We recommend using the stand-alone Unified Agent or one of the [Mend developer integrations.](https://docs.mend.io/bundle/integrations/page/developer_integrations.html) 4 | 5 | ## About 6 | The Dockerized Unifed-Agent project provides a Dockerfile template containing different package managers (e.g. maven, npm...). 7 | The file includes installation commands that allow creating a more suitable and customizable run environment for scanning projects/files. 8 | 9 | The user has the ability to add/remove package managers according to his needs just by commenting/uncommenting 10 | relevant lines from the Dockerfile. 11 | 12 | ## Available in Dockerfile 13 | 0. Ubuntu:18.04 (base image) 14 | 1. required utility apps 15 | 2. Java (1.8) 16 | 3. Maven (3.5.4) 17 | 4. Node.js (8.9.4) 18 | 5. NPM (5.6.0) 19 | 6. Yarn (1.5.1) 20 | 7. Bower (1.8.2) 21 | 8. Gradle (6.0.1) 22 | 9. python 2.7 + 3.6 + pip + pip3 + pipenv 23 | 10. python 3.7 24 | 11. python 3.8 25 | 12. Poetry (python) 26 | 13. Ruby, rbenv and ruby-build 27 | 14. Go (1.12.6) 28 | 15. Scala 2.12.6, Sbt 1.1.6 29 | 16. PHP (7.2) 30 | 17. Composer 31 | 18. PHP Plugins 32 | 19. Mix, Hex, Erlang and Elixir 33 | 20. Cocoapods (1.5.3) 34 | 21. R + Packrat 35 | 22. Haskel + Cabal 36 | 23. Paket 37 | 24. dotnet-sdk-2.2,dotnet cli and NuGet 38 | 25. Cargo 39 | 40 | ## Files 41 | #### wss_agent.sh / wss_agent.bat 42 | - creates a directory `wss` 43 | - downloads the latest `wss-unified-agent.config` configuration template file (requires editing after being downloaded) 44 | - downloads the latest `wss-unified-agent.jar` 45 | 46 | #### Dockerfile 47 | The Dockerfile contains a list of languages and package managers installations. 48 | 49 | Default installations are: 50 | - utility apps 51 | - java 1.8 52 | - maven 53 | - npm/ nodejs/ yarn 54 | - gradle 55 | - python 2.7, python3.6 56 | 57 | ## Running the dockerized agent 58 | 1. run `wss_agent.*` script to download the agent jar and configurations template file 59 | 2. edit the configuration `./wss/wss-unified-agent.config` 60 | 3. select the directory to scan (let's call it `Data`) 61 | 4. build the docker image according to below options 62 | 63 | #### Option 1: 64 | Using the docker volume mounts: 65 | example command: 66 | `docker run 67 | --mount type=bind,source="$(pwd)"/wss,target=/home/wss-scanner/wss 68 | --mount type=bind,source="$(pwd)"/data/,target=/home/wss-scanner/Data/ 69 | : 70 | java -jar ./wss/wss-unified-agent.jar -c ./wss/wss-unified-agent.config -d ./Data` 71 | 72 | #### Option 2: 73 | Add the config file, the agent jar and the Data to the image (using docker `COPY` or `ADD` commands in the Dockerfile, 74 | this option requires a new image build each time. 75 | 76 | #### Option 3: 77 | Combine both options, like adding the `wss/*` to the image and use mounting for the `Data` directory 78 | 79 | 80 | ## Tips 81 | It's possible to use the [Whitesource Unified-Agent configuration](https://whitesource.atlassian.net/wiki/spaces/WD/pages/804814917/Unified+Agent+Configuration+File+and+Parameters) 82 | properties: `whiteSourceFolderPath` and `log.files.path` 83 | To save scan results and logs outside of the running container with combination of docker volume mounts. 84 | -------------------------------------------------------------------------------- /dockerized/wss_agent.bat: -------------------------------------------------------------------------------- 1 | mkdir wss 2 | cd wss 3 | curl -LJO https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss-unified-agent.config 4 | curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar 5 | -------------------------------------------------------------------------------- /dockerized/wss_agent.sh: -------------------------------------------------------------------------------- 1 | mkdir wss 2 | cd wss 3 | curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar 4 | curl -LJO https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss-unified-agent.config -------------------------------------------------------------------------------- /standAlone/wss-unified-agent.config: -------------------------------------------------------------------------------- 1 | ############################################################### 2 | # WhiteSource Unified-Agent configuration file 3 | ############################################################### 4 | # GENERAL SCAN MODE: Files and Package Managers 5 | ############################################################### 6 | # Organization vitals 7 | ###################### 8 | 9 | apiKey= 10 | #userKey is required if WhiteSource administrator has enabled "Enforce user level access" option 11 | #userKey= 12 | #requesterEmail=user@provider.com 13 | 14 | projectName= 15 | projectVersion= 16 | projectToken= 17 | #projectTag= key:value 18 | 19 | productName= 20 | productVersion= 21 | productToken= 22 | 23 | #projectPerFolder=true 24 | #projectPerFolderIncludes= 25 | #projectPerFolderExcludes= 26 | 27 | #wss.connectionTimeoutMinutes=60 28 | 29 | # Change the below URL to your WhiteSource server. 30 | # Use the 'WhiteSource Server URL' which can be retrieved 31 | # from your 'Profile' page on the 'Server URLs' panel. 32 | # Then, add the '/agent' path to it. 33 | wss.url=https://saas.whitesourcesoftware.com/agent 34 | #wss.url=https://app.whitesourcesoftware.com/agent 35 | #wss.url=https://app-eu.whitesourcesoftware.com/agent 36 | #wss.url=https://saas-eu.whitesourcesoftware.com/agent 37 | 38 | ############ 39 | # Policies # 40 | ############ 41 | checkPolicies=false 42 | forceCheckAllDependencies=false 43 | forceUpdate=false 44 | forceUpdate.failBuildOnPolicyViolation=false 45 | #updateInventory=false 46 | 47 | ########### 48 | # General # 49 | ########### 50 | #offline=true 51 | #updateType=APPEND 52 | #scanComment= 53 | #failErrorLevel=ALL 54 | #requireKnownSha1=false 55 | #fileSystemScan=false 56 | #showProgressBar=false 57 | #commandTimeout=900 58 | 59 | #generateProjectDetailsJson=true 60 | #generateScanReport=true 61 | #scanReportTimeoutMinutes=10 62 | #scanReportFilenameFormat= 63 | 64 | #analyzeFrameworks=true 65 | #analyzeFrameworksReference= 66 | 67 | #updateEmptyProject=false 68 | 69 | #log.files.level= 70 | #log.files.maxFileSize= 71 | #log.files.maxFilesCount= 72 | #log.files.path= 73 | 74 | ######################################## 75 | # Package Manager Dependency resolvers # 76 | ######################################## 77 | #resolveAllDependencies=false 78 | #excludeDependenciesFromNodes=.*commons-io.*,.*maven-model 79 | 80 | #npm.resolveDependencies=false 81 | #npm.ignoreSourceFiles=false 82 | #npm.includeDevDependencies=true 83 | #npm.runPreStep=true 84 | #npm.ignoreNpmLsErrors=true 85 | #npm.ignoreScripts=true 86 | #npm.yarnProject=true 87 | #npm.accessToken= 88 | #npm.identifyByNameAndVersion=true 89 | #npm.yarn.frozenLockfile=true 90 | #npm.resolveMainPackageJsonOnly=true 91 | #npm.removeDuplicateDependencies=false 92 | #npm.resolveAdditionalDependencies=true 93 | #npm.failOnNpmLsErrors = 94 | #npm.projectNameFromDependencyFile = true 95 | #npm.resolveGlobalPackages=true 96 | #npm.resolveLockFile=false 97 | 98 | #bower.resolveDependencies=false 99 | #bower.ignoreSourceFiles=true 100 | #bower.runPreStep=true 101 | 102 | #nuget.resolveDependencies=false 103 | #nuget.runPreStep=true 104 | #nuget.resolvePackagesConfigFiles=false 105 | #nuget.resolveCsProjFiles=false 106 | #nuget.resolveNuspecFiles=false 107 | #nuget.resolveAssetsFiles=true 108 | #nuget.preferredEnvironment= 109 | #nuget.packagesDirectory= 110 | #nuget.ignoreSourceFiles=false 111 | 112 | #python.resolveDependencies=false 113 | #python.ignoreSourceFiles=false 114 | #python.ignorePipInstallErrors=true 115 | #python.installVirtualenv=true 116 | #python.resolveHierarchyTree=false 117 | #python.requirementsFileIncludes=requirements.txt 118 | #python.resolveSetupPyFiles=true 119 | #python.runPipenvPreStep=true 120 | #python.pipenvDevDependencies=true 121 | #python.IgnorePipenvInstallErrors=true 122 | #python.resolveGlobalPackages=true 123 | #python.localPackagePathsToInstall=/path/to/local/dependency.egg, /path/to/local/dependency.zip 124 | #python.resolvePipEditablePackages 125 | #python.path=/path/to/python 126 | #python.pipPath=/path/to/pip 127 | #python.runPoetryPreStep=true 128 | #python.includePoetryDevDependencies=true 129 | 130 | #maven.ignoredScopes=test provided 131 | #maven.resolveDependencies=false 132 | #maven.ignoreSourceFiles=true 133 | #maven.aggregateModules=true 134 | #maven.ignorePomModules=false 135 | #maven.runPreStep=true 136 | #maven.ignoreMvnTreeErrors=true 137 | #maven.environmentPath= 138 | #maven.m2RepositoryPath= 139 | #maven.downloadMissingDependencies=false 140 | #maven.additionalArguments= 141 | #maven.projectNameFromDependencyFile=true 142 | 143 | #gradle.resolveDependencies=false 144 | #gradle.ignoreSourceFiles=true 145 | #gradle.aggregateModules=true 146 | #gradle.preferredEnvironment=wrapper 147 | #gradle.wrapperPath= 148 | #gradle.additionalArguments= 149 | #gradle.excludeModules= 150 | #gradle.includeModules= 151 | #gradle.includedConfigurations= 152 | #gradle.ignoredConfigurations= 153 | #gradle.innerModulesAsDependencies=false 154 | 155 | #paket.resolveDependencies=false 156 | #paket.ignoredGroups= 157 | #paket.ignoreSourceFiles=false 158 | #paket.runPreStep=true 159 | #paket.exePath= 160 | 161 | #go.resolveDependencies=false 162 | #go.collectDependenciesAtRuntime=true 163 | #go.dependencyManager= 164 | #go.ignoreSourceFiles=true 165 | #go.glide.ignoreTestPackages=false 166 | #go.gogradle.enableTaskAlias=true 167 | 168 | #go.modules.resolveDependencies=true 169 | #go.modules.ignoreSourceFiles=false 170 | #go.modules.removeDuplicateDependencies=false 171 | #go.modules.includeTestDependecies=true 172 | 173 | #ruby.resolveDependencies=false 174 | #ruby.ignoreSourceFiles=false 175 | #ruby.installMissingGems=true 176 | #ruby.runBundleInstall=true 177 | #ruby.overwriteGemFile=true 178 | 179 | #sbt.resolveDependencies=false 180 | #sbt.ignoreSourceFiles=true 181 | #sbt.aggregateModules=true 182 | #sbt.runPreStep=true 183 | #sbt.includedScopes= 184 | 185 | #php.resolveDependencies=false 186 | #php.runPreStep=true 187 | #php.includeDevDependencies=true 188 | #php.removeDuplicateDependencies=false 189 | #php.ignoreSourceFiles=false 190 | 191 | #html.resolveDependencies=false 192 | 193 | #cocoapods.resolveDependencies=false 194 | #cocoapods.runPreStep=true 195 | #cocoapods.ignoreSourceFiles=false 196 | 197 | #hex.resolveDependencies=false 198 | #hex.runPreStep=true 199 | #hex.ignoreSourceFiles=false 200 | #hex.aggregateModules=true 201 | 202 | #ant.resolveDependencies=false 203 | #ant.pathIdIncludes=.* 204 | #ant.external.parameters= 205 | 206 | #r.resolveDependencies=false 207 | #r.runPreStep=true 208 | #r.ignoreSourceFiles=false 209 | #r.cranMirrorUrl= 210 | #r.packageManager=None 211 | 212 | #cargo.resolveDependencies=false 213 | #cargo.runPreStep=true 214 | #cargo.ignoreSourceFiles=false 215 | 216 | #haskell.resolveDependencies=false 217 | #haskell.runPreStep=true 218 | #haskell.ignoreSourceFiles=false 219 | #haskell.ignorePreStepErrors=true 220 | 221 | #ocaml.resolveDependencies=false 222 | #ocaml.runPrepStep=true 223 | #ocaml.ignoreSourceFiles=false 224 | #ocaml.switchName= 225 | #ocaml.ignoredScopes=none 226 | #ocaml.aggregateModules=true 227 | 228 | #bazel.resolveDependencies=false 229 | #bazel.runPrepStep=true 230 | 231 | #conda.resolveDependencies=false 232 | 233 | ########################################################################################### 234 | # Includes/Excludes Glob patterns - Please use only one exclude line and one include line # 235 | ########################################################################################### 236 | #includes=**/*.c **/*.cc **/*.cp **/*.cpp **/*.cxx **/*.c++ **/*.h **/*.hpp **/*.hxx 237 | #includes=**/*.m **/*.mm **/*.js **/*.php 238 | #includes=**/*.jar 239 | #includes=**/*.gem **/*.rb 240 | #includes=**/*.dll **/*.cs **/*.nupkg 241 | #includes=**/*.tgz **/*.gzip **/*.tar.bz2 242 | #includes=**/*.zip **/*.tar.gz **/*.egg **/*.whl **/*.py 243 | 244 | #Exclude file extensions or specific directories by adding **/*. or **//** 245 | #excludes=**/.* **/node_modules **/src/test **/testdata **/*sources.jar **/*javadoc.jar 246 | 247 | case.sensitive.glob=false 248 | followSymbolicLinks=true 249 | 250 | ###################### 251 | # Archive properties # 252 | ###################### 253 | #archiveExtractionDepth=2 254 | #archiveIncludes=**/*.war **/*.ear 255 | #archiveExcludes=**/*sources.jar 256 | 257 | ############## 258 | # SCAN MODES # 259 | ############## 260 | 261 | # Docker images 262 | ################ 263 | #docker.scanImages=true 264 | #docker.includes=.*.* 265 | #docker.excludes= 266 | #docker.pull.enable=true 267 | #docker.pull.images=.*.* 268 | #docker.pull.maxImages=10 269 | #docker.pull.tags=.*.* 270 | #docker.pull.digest= 271 | #docker.delete.force=true 272 | #docker.login.sudo=false 273 | #docker.projectNameFormat={repositoryNameAndTag|repositoryName|default} 274 | #docker.scanTarFiles=true 275 | 276 | #docker.aws.enable=true 277 | #docker.aws.registryIds= 278 | 279 | #docker.azure.enable=true 280 | #docker.azure.userName= 281 | #docker.azure.userPassword= 282 | #docker.azure.registryNames= 283 | #docker.azure.authenticationType=containerRegistry 284 | #docker.azure.registryAuthenticationParameters=: : 285 | 286 | #docker.gcr.enable=true 287 | #docker.gcr.account= 288 | #docker.gcr.repositories= 289 | 290 | #docker.artifactory.enable=true 291 | #docker.artifactory.url= 292 | #docker.artifactory.pullUrl= 293 | #docker.artifactory.userName= 294 | #docker.artifactory.userPassword= 295 | #docker.artifactory.repositoriesNames= 296 | #docker.artifactory.dockerAccessMethod= 297 | 298 | #docker.hub.enabled=true 299 | #docker.hub.userName= 300 | #docker.hub.userPassword= 301 | #docker.hub.organizationsNames= 302 | 303 | # Docker containers 304 | #################### 305 | #docker.scanContainers=true 306 | #docker.containerIncludes=.*.* 307 | #docker.containerExcludes= 308 | 309 | # Linux package manager settings 310 | ################################ 311 | #scanPackageManager=true 312 | 313 | # Serverless settings 314 | ###################### 315 | #serverless.provider= 316 | #serverless.scanFunctions=true 317 | #serverless.includes= 318 | #serverless.excludes= 319 | #serverless.region= 320 | #serverless.maxFunctions=10 321 | 322 | # Artifactory settings 323 | ######################## 324 | #artifactory.enableScan=true 325 | #artifactory.url= 326 | #artifactory.accessToken= 327 | #artifactory.repoKeys= 328 | #artifactory.userName= 329 | #artifactory.userPassword= 330 | 331 | ################## 332 | # Proxy settings # 333 | ################## 334 | #proxy.host= 335 | #proxy.port= 336 | #proxy.user= 337 | #proxy.pass= 338 | 339 | ################ 340 | # SCM settings # 341 | ################ 342 | #scm.type= 343 | #scm.user= 344 | #scm.pass= 345 | #scm.ppk= 346 | #scm.url= 347 | #scm.branch= 348 | #scm.tag= 349 | #scm.npmInstall= 350 | #scm.npmInstallTimeoutMinutes= 351 | #scm.repositoriesFile= 352 | -------------------------------------------------------------------------------- /standAlone/wss_agent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar 4 | 5 | curl -LJO https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss-unified-agent.config 6 | 7 | java -jar wss-unified-agent.jar "$@" 8 | -------------------------------------------------------------------------------- /standAlone/wss_agent_orb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar 4 | 5 | java -jar wss-unified-agent.jar "$@" -------------------------------------------------------------------------------- /standAlone/wss_agent_scanner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar 4 | 5 | java -jar wss-unified-agent.jar "$@" 6 | --------------------------------------------------------------------------------