Version: ACE 5

How to fix whitesource issues

Whitesource is a solution that we use to make sure that solution that we build and deploy has no vulnerabilities in 3rd party dependencies that we are using.

Obtain `WSS_API_KEY` `WS_PRODUCTTOKEN` `WS_PROJECTTOKEN` from whitesource "Integrate" tab

Whitesource key

Make sure to get corresponding project tokens:

ACE-Designer(RnD) for ACE Designer
ACE(RnD) for sapiens-digital-journey-api repo
ACE-Flow-runner(RnD) for sapiens-digital-flow-runner repo
ACE-Cache-service for sapiens-digital-cache-service repo

Run whitesource build locally

WSS_API_KEY=KEY_OBTAINED_IN_A_PREVIOUS_STEP \
WS_PRODUCTTOKEN=KEY_OBTAINED_IN_A_PREVIOUS_STEP \
WS_PROJECTTOKEN=KEY_OBTAINED_IN_A_PREVIOUS_STEP \
./whitesource.sh

In case if whitesource build fails, check violations in the whitesource for a relevant project

Whitesource violations

Force load fixed dependency versions

In package.json add relevant resolutions

Once added run:

yarn install

Rerun whitesource build as described in the previous step and check the violations.

Obtain WSS_API_KEY WS_PRODUCTTOKEN WS_PROJECTTOKEN from whitesource "Integrate" tab​

Run whitesource build locally​

In case if whitesource build fails, check violations in the whitesource for a relevant project​

Force load fixed dependency versions​

Obtain `WSS_API_KEY` `WS_PRODUCTTOKEN` `WS_PROJECTTOKEN` from whitesource "Integrate" tab

Run whitesource build locally

In case if whitesource build fails, check violations in the whitesource for a relevant project

Force load fixed dependency versions