Skip to main content
Skip table of contents

Configure Mend for GitLab Server Repos for IaC

Overview

Mend for GitLab Server Repos offers several parameters to configure your IaC scans, checks, and issues.

Getting it Done

Note: IaC scans can only be performed on base branches.

Configuration at the local repository level is done via the .whitesource file. To set up your configuration file for IaC scans, see the Parameters section provided in this documentation. Below is an example of fine-tuning an IaC scan within a repository’s .whitesource file:

CODE
{
  "scanSettings": {
    "enableIaC": true,
    "baseBranches": ["integration"]
  },
  "checkRunSettings": {
    "useMendCheckNames": true
  }
}

Note: For global configuration, parameters are set via the repo-config.json file. See our Set up a global configuration Mend for GitLab Server documentation for more information.

Reference

Parameters

Scan Settings (scanSettings)

Parameter

Type

Description

enableIaC

Boolean

When enabled, a new Mend IaC Check will be generated for each valid push. This will scan cloud infrastructure configurations to find misconfigurations before they are deployed, and alert on these via the creation of a Work item.

NOTES:

  • When enabled, after every valid push, a branch (ws-iac-scan-results/{mend_scan_token}) is temporarily created and deleted after the scan has completed.

  • When an IaC issue is closed it will not be detected in the future scans.

  • IaC issues are meant to be opened for the default branch only and if they are opened for additional baseBranches then the branch name will not be shown.

baseBranches

Array

Optional. Default Value: Your Gitlab Server "default" branch. Adds the ability to specify one or more base branches to be scanned by Mend for Bitbucket Server and Data Center.

Example usage: 

CODE
"baseBranches": ["master", “integration"]

This will set both master and integration branches as base branches.

Note: For each specified branch, a Mend project will be created. The name of the project will contain a suffix "_branchname". For example, MyApp_dev. This suffix will not apply to the default branch.

Status Name Settings

Parameter

Type

Description

useMendStatusNames

Boolean

Optional. Default Value: false. The available parameter values are:

  • true - Name of the check will be named after Mend. For example: Mend IaC Check.

  • false - Names of the check will be named after WhiteSource. For example: WhiteSource IaC Check.

Note: When a .whitesource file is created, the value of useMendCheckNames is true.

Supported Environments

The following IaC environments and their configuration files are supported:

  • Terraform

  • Bicep

  • CloudFormation

  • Kubernetes

  • ARM Templates

  • Serverless

  • Helm

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.