Whitelisting and Score list features are discontinued from Workbench 25.1 onward.
As of FossID 20.2 whitelisting is not enabled by default. To enable it, add the following parameters to webapp_cli_command in fossid.conf: --fields +mid. Also the WHITE_LIST_ADMIN permission is required in order to access the whitelist administration.
Note that files that were already scanned before whitelisting was enabled will have to be re-scanned in order for adding whitelisting rules from those files to work.
The FossID Workbench allows users to whitelist partial matches which prevents those matches from being presented in future scans. An auditor might find matches they consider to be irrelevant, such as auto-generated code or very common code structures. Whitelisting makes auditing more effective by giving the auditor control over which matches that are to be considered as uninteresting in future scans.
Whitelisting rules can be created when a partial file match is selected by clicking on the “Add whitelisting rule” button:
Note that these rules can only be applied to partial file matches. For full file matches considered as irrelevant, you can follow the regular identification-reuse approach.
Whitelisting rules are applicable on the project level. This means that whitelisting rules affect all scans inside a specific project. You can access the whitelisting administration interface from the projects list. There you can inspect and delete any active whitelisting rules for each project.
Whitelists are associated with the FossID Workbench server name (webapp_server_name in fossid.conf). If the server
name is changed all whitelists will be deleted.