CodeFresh Integration

Overview

CodeFresh is a container-based CI/CD platform where each step in the pipeline is its own container. To scan your open-source packages with Mend as a part of your CodeFresh pipeline, go to the CodeFresh step marketplace and add the Mend step to your pipeline.

NOTE: Before you begin, make sure that the relevant package manager is installed. For details, see https://docs.mend.io/legacy-sca/latest/getting-started-with-the-unified-agent#GettingStartedwiththeUnifiedAgent-Prerequisites .

How CodeFresh Integration Works

The Mend step in the CodeFresh marketplace is built on an open-JDK Docker image. The step starts by running an install commands file (a file that runs package manager/dependency install commands) to ensure that all prerequisites are fulfilled before beginning the scan. Once the prerequisites are met, a Unified Agent scan is run and the results are uploaded to mend.

Adding the Mend Step

1. Go to your CodeFresh pipeline.

2. On the right side, click Steps. The Steps pane is displayed.

3. In the search box, enter mend. The Mend step is displayed in the marketplace.

4. Click once on the Mend step. The step's YAML is displayed.

5. From the bottom, click Insert Step. The step's YAML is inserted in your pipeline.

6. Populate the variables with your organization's relevant data. Refer here for details.

YAML Definitions

More Examples

Additional examples for CI/CD pipelines can be found at https://github.com/mend-toolkit/mend-examples/tree/main/CI-CD .