Whitesource Configuration for GitLab Pipeline

The following configuration derives values from predefined GitLab Variables

whitesource.conf
# Providing project information from GitLab CI
wss_project_name="$CI_PROJECT_NAME"
wss_project_version="$CI_JOB_ID"
wss_project_tag="$CI_COMMIT_TAG"

# Providing product information
wss_product_name="The Product Name"
wss_product_version="$POM_VERSION"

# Analyze the Maven POM and its transitive dependencies only, no file-system check
# Use this only if you don't have any extra checked in jar-files or stuff like that!
fileSystemScan=false
includes=pom.xml

# Only scanning the Maven project
resolveAllDependencies=false
maven.resolveDependencies=true

The $POM_VERSION may be resolved using the maven-help-plugin like this:

export POM_VERSION=$(mvn org.apache.maven.plugins:maven-help-plugin:3.1.0:evaluate -Dexpression=project.version -q -DforceStdout)