Whitesource scanning fix

[robmoffat]

This is a suggestion from Whitesource in response to this https://whitesourcesoftware.force.com/SupportPortal/s/case/5005p00002h2qKeAAI/spring-bot-project

Hi Rob,

I hope you are doing well! Thank you for allowing me the time to review this.

Regarding the option to see the source of the files, we have an open feature request to provide this, please let me know if you would like me to add you as a requestor.

Regarding this project, I was indeed able to build the project successfully now, and I did some testing including cloning and scanning the project locally and forking and using the WhiteSource GitHub integration.
The issue here stems from the fact that WhiteSource is scanning the project before it is built which results in missing dependencies.

In order to make sure that WhiteSource has all the dependencies available during the scan, we can add a step that would have WhiteSource build the project.

This can be achieved by changing the scan configuration and enabling the Maven pre-step.
To do that, please perform the following steps:
1. Create a whitesource.config file either in the repo or in an external location and make sure it is accessible from your repo. This file will be used to change the scan configuration.
2. This file should contain all the settings that are required for the scan, you can use the attached file I added to this case. The reason for adding all these additional settings and not just the maven.runPreStep=true parameter is that once we change any scan settings, the configuration defaults to the settings of the unified agent, which are not the most suited for the repo scan.
3. Navigate to the .whitesource file in your repo and change the "configMode" to be either “LOCAL” or "EXTERNAL" based on where you selected to place the whitesource.config file. If you choose "EXTERNAL" set the “configExternalURL” to point to the file you created.
For more information about the external/local configuration, refer here: https://whitesource.atlassian.net/wiki/spaces/WD/pages/697696422/WhiteSource+for+GitHub.com#Scan-Settings-(scanSettings)

Feel free to review this forked repo for the expected result: https://github.com/Gal-Doron/spring-bot

I hope you find this useful, please let me know if you have any questions.

Best,
Gal

It should fix our white source scanning

[linux-foundation-easycla[bot]]

• :x: - login: @Gal-Doron . The commit (6b0ef7972b4c72f250d5643f164bfdffbcc16725, 69278f3f49af87ab3c41559dbed7b5cfafd3d2da, 09d7d2f86aef58fae0ed56051fed6b7320494d67, 4c926df5c2b0cc60c55ef1b2c4f18aa1a7bb9dd9, ce9d808ef6c19912def6f30188f12013570a5897, 9b4ff11f230714e3f52d2bcc6fa8ae76eb24a5e9, ed0600bff927043fb654f20d186862b243858437, 6866b73f281ca08d15854ae18b17744dbad89a81) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.