Whitesource - Automated Data Load

ZeroNorth Experts
,
1

While ZeroNorth provides an easy and convenient way to orchestrate Whitesource scans of your build artifacts, sometimes it is necessary or more practical to take the results from an existing Whitesource scan and then load that into ZeroNorth, still benefiting from ZeroNorth’s dashboarding and analytics. This article describes the set-up and procedure for importing existing Whitesource scan results into ZeroNorth.

Overview

The Whitesource scan import process uses the Whitesource API to extracts the results directly from your Whitesource account and then loads the results into your ZeroNorth account:

  1. Obtain the Product Name and the Project Name of the desired Whitesource scan.
  2. Add a Whitesource Scan Policy in ZeroNorth.
  3. Run the ZeroNorth Scan Policy to import the Whitesource scan results directly from your Whitesource account.

1. Whitesource Product Name and Project Name

A scan in Whitesource is identified by a Product Name and a Project Name. A Product represents, for example, your application’s nightly build artifact which you scan with Whitesource . A Project then represents the specific scan (e.g today’s scan vs. yesterday’s scan).

You might have these two pieces of information already, or you can obtain it from the Whitesource web UI using your account credentials.

2. Add a ZeroNorth Scan Policy

Start by adding a ZeroNorth Scan Policy in a standard manner, making sure of the following:

  • The Target must be of type “Artifact”.
  • The Whitesource Scenario for the Scan Policy must have been activated with credentials that have access to the desired scan results.

Then, in the WhiteSource Application Parameters section of the Scan Policy definition:

image
image712×498 24.9 KB

  • Set Application Lookup Strategy to “Find existing application by Product and Project name”.
  • Enter the Product Name .
  • Enter the Project Name .

3. Run the ZeroNorth Scan Policy

The ZeroNorth Scan Policy you just created can be run in one of two ways.

From the UI

  • Sign in to the ZeroNorth UI at https://fabric.zeronorth.io
  • Go to znOPS > Policies .
  • Locate the Policy you just created.
  • Click on the menu and then select Run Now .

Via the ZeroNorth API

Use a curl (or similar) call like this:

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: <API Key>' 'https://api.zeronorth.io/v1/policies/<policy ID>/run'

where,

  • Replace <API Key> with your ZeroNorth API key (see this KB article ).
  • Replace <policy ID> with the ID of the Scan Policy you created for this.

The import process should take under a minute.