Doing things manually can take lots of time for development. So for the time purposes we tend to use some eternal libraries in our projects. But as much as they easy and helpful, are we always sure that the external packages are completely safe? Using WhiteSource Bolt tool we can easily detect vulnerabilities in our code. In this post I will show you how to make your project more secure by just adding two more additional tasks in your Azure DevOps pipeline.
Before we start with the usage of the WhiteSource Bolt extension we will have to install the extension inside our organization in Azure DevOps. You can navigate to Microsoft Visual Studio Marketplace and get the extension. Don’t forget to set it up after getting it from the Marketplace, by navigation to your project in Azure DevOps > Pipelines > WhiteSouce Bolt. For more details on the setup and usage you can use the official WhiteSource Bold Documentation.
Set up WhiteSource Bolt in Azure DevOps pipeline
Open an existing pipeline where you build your project or choose an empty job. Once that is done add the following tasks.
Npm install
- Click on the plus icon in the agent job to add task
- Search for npm and select the npm task
- In the Display name add representative name for your task
- In the Command by default install will be selected
If you are using self hosted agent and npm is already installed on your machine you can skip the step above.
WhiteSource Bolt task
- Click on the plus icon in the agent job to add task
- Search for WhiteSource Bolt task
- In the Display name add representative name for your task
- For Root working directory by clicking on the three dots select the root of your project
Once this is set up Save & Queue. After the is job successfully finish at the top next to the Summary tab you can see the WhiteSource Build Report. By navigating there you can explore the vulnerabilities and the recommendations provided.
Stefanija Popovska 