CodeFresh Integration
Overview
CodeFresh is a container-based CI/CD platform where each step in the pipeline is its own container. To scan your open-source packages with Mend as a part of your CodeFresh pipeline, go to the CodeFresh step marketplace and add the Mend step to your pipeline.
NOTE: Before you begin, make sure that the relevant package manager is installed. For details, see https://docs.mend.io/legacy-sca/latest/getting-started-with-the-unified-agent#GettingStartedwiththeUnifiedAgent-Prerequisites .
How CodeFresh Integration Works
The Mend step in the CodeFresh marketplace is built on an open-JDK Docker image. The step starts by running an install commands file (a file that runs package manager/dependency install commands) to ensure that all prerequisites are fulfilled before beginning the scan. Once the prerequisites are met, a Unified Agent scan is run and the results are uploaded to mend.
Adding the Mend Step
Go to your CodeFresh pipeline.
On the right side, click Steps. The Steps pane is displayed.
In the search box, enter mend. The Mend step is displayed in the marketplace.
Click once on the Mend step. The step's YAML is displayed.
From the bottom, click Insert Step. The step's YAML is inserted in your pipeline.
Populate the variables with your organization's relevant data. Refer here for details.
YAML Definitions
Argument | Description | Example |
---|---|---|
API_KEY | A unique identifier of your Mend organization. It can be retrieved from the Integrate tab in the WS UI. |
0a35f1e07d0e4lfdaaf02fc97073d536fac71465eae8470180b92876f85utgjd
|
INSTALL_COMMANDS | The path to the 'install-commands.sh' file. This file contains the package manager and other dependency installation commands. NOTE: This file must be an executable. | example/install-commands.sh |
CONFIG_FILE | The Mend Unified Agent configuration file. The default value is wss-unified-agent.config. | wss-unified-agent.config |
PROJECT_DIRECTORY | A comma-delimited list of directories and/or files to scan. | your/project/dir |
More Examples
Additional examples for CI/CD pipelines can be found at https://github.com/mend-toolkit/mend-examples/tree/main/CI-CD .