Migration Guide for Mend Developer Platform
Overview
The article outlines the migration steps and includes an appendix listing what is supported in the Mend Developer Platform compared to the legacy Mend repository integrations (Bitbucket Cloud and Azure DevOps Repos).
Difference between the two apps
Mend Developer Platform is a newer app with a convenient UI, but it is still in beta.
It will receive all of the new features, while the legacy one will be maintained for a while and will not prioritize new features.
Once the Mend Developer Platform is out of beta, Mend will devise a plan to deprecate the legacy integration.
Migration steps
It is not recommended to use both apps simultaneously; they may interfere with each other and cause unexpected results.
Users should delete one app before installing another.
All the items created in the repo (issues, PRs, build statuses) are not shared between the apps.
It is recommended that users delete whatever of those they have.
If not, they will just stay there and will never be updated.
Configuration is not migrated in any way.
To configure the desired parameters, you need to revisit the Mend Developer Platform UI and make the necessary changes.
Note that project/repo admins can configure everything themselves in the controlled repos without the help of the workspace admin (if the override parameter doesn’t block this).
There is no need for a global config repo and config files in the repos. They are better to be deleted, but keeping them will not interfere with the Mend Developer Platform in any way.
Migrating to the Mend Developer Platform offers access to enhanced features and functionality. By following these migration steps, you can ensure a seamless transition and fully take advantage of the new platform's capabilities.
Transitioning Configuration Options to Mend Developer Platform
This section outlines the changes between the legacy Mend repository integrations to the new Mend Developer Platform, ensuring a seamless transition for users familiar with our previous setup. From global configurations to repository-specific settings and security management, we clarify the adjustments and enhancements made in our new platform.
Note: Some of the parameters listed below are exclusive to a specific repo integration and not applicable to all Mend repository integrations.
Global Configuration (global-config.json)
Old Parameter | Details |
|---|---|
repoConfigMode | Obsolete. Mend no longer creates configuration files. Exception: Renovate may have its own configuration file if configured. |
repoConfigFileName | Obsolete. Mend does not create configuration files. |
settingsInheritedFrom | Settings applied on the Workspace settings page are automatically applied to all repositories. |
ignoreSpecificVulnerabilities | Not supported in the new Mend Developer Platform. |
ignoredRepos.exactNames | Controlled via the Installation Setup Wizard and Repository settings page. |
includedRepos.exactNames | Controlled via the Installation Setup Wizard and Repository settings page. |
workItemType | Currently not supported in the new Mend Developer Platform, but it is planned to be. |
.whitesource File and Repo Configuration (repo-config.json)
Scan Settings (scanSettings)
Old Parameter | Details |
|---|---|
configMode | Use the "UA custom configuration" parameter in the “Open-Source Security” settings. |
configExternalURL | Not supported in the new Mend Developer Platform. |
baseBranches | Use the "Base branches" parameter in the General settings on the Workspace level. |
enableLicenseViolations | Use the "Checks" parameter in the “Open-Source Licensing” settings. |
javaVersion | Not supported in the new Mend Developer Platform. |
repoNameSync | Not supported in the new Mend Developer Platform. |
skipScanningStage | Currently not supported in the new Mend Developer Platform, but it is planned to be. |
exploitability | Obsolete. If there is available exploitability data, it will be automatically applied to the findings. |
Build Settings (buildSettings)
Old Parameter | Details |
|---|---|
displayMode | Not supported in the new Mend Developer Platform. |
createBuildStatus | Use the "Checks" parameter in the “Open-Source Security” settings. |
failBuilds | Use the “Checks - Conclusion status” parameter of the “Open-Source Security” settings section. |
failLicenseBuilds | Use the “Checks - Conclusion status” parameter of the “Open-Source Licensing” settings section. |
showWsInfo | Not supported in the new Mend Developer Platform. |
strictMode | Currently not supported in the new Mend Developer Platform, but it is planned to be. |
Issue Settings (issueSettings)
Old Parameter | Details |
|---|---|
minSeverityLevel | Not supported in the new Mend Developer Platform. |
minVulnerabilityScore | Use the “Issues - Vulnerability range” parameter of the “Open-Source Security” settings section. |
maxVulnerabilityScore | Use the “Issues - Vulnerability range” parameter of the “Open-Source Security” settings section. |
displayLicenseViolations | Use the “Issues” parameter of the “Open-Source Licensing” settings section. |
issueType | Use the “Issues - Grouping rule” parameter of the “Open-Source Security” settings section. |
customFields | Currently not supported in the new Mend Developer Platform, but it is planned to be. |
customLabels | Currently not supported in the new Mend Developer Platform, but it is planned to be. |
Remediate Settings (remediateSettings)
Old Parameter | Details |
|---|---|
enableRenovate | Use the “Enable” parameter of the “Renovate” settings section. |
workflowRules | Use the “Remediation” parameter of the “Open-Source Security” settings section. |
Host Rules (hostRules)
The host rules are managed via “Credentials” in the settings section.