Set up a global configuration for Mend for Bitbucket Data Center
Overview
If you are working within an environment that hosts many Bitbucket Data Center repositories, Mend for Bitbucket Data Center provides a global configuration solution to apply parameters to multiple repositories with ease.
This article provides details and instructions on how to create and enable a global configuration that will affect all new repositories integrated using Mend for Bitbucket Data Center.
Use Case
Using the global configuration, you are able to define a configuration that can be inherited by all future integrated repositories, as well as define an onboarding configuration for your integration. The three components of the global configuration are:
whitesource-config repository: The repository where your global-config.json and repo-config.json files are located. Integrated repositories' .whitesource files can point to this repository to inherit the configurations it houses.
global-config.json file: A JSON formatted configuration file where you can define how the onboarding flow will occur for your integrated repositories.
repo-config.json file: A JSON formatted configuration file that will be applied globally to each newly selected integrated repository. It is the global equivalent of the .whitesource file and provides the same configurable parameters for a Mend scan, organization-wide.
Note: All newly integrated repositories will inherit the configuration set in repo-config.json, unless explicitly overridden by a local .whitesource file in the relevant repository.
Getting it done
Prerequisites
You must have administrator permissions to your Bitbucket Data Center account and to the relevant repositories (owner credentials) in order to create and integrate the relevant repositories.
Setup
Within your Bitbucket Data Center organization, create a new repository named exactly whitesource-config.
Add the new whitesource-config repository to your Mend for Bitbucket Data Center integration.
The whitesource-config repository will now contain a README file and the two new configuration files (automatically created by the integration), repo-config.json and global-config.json. Configure these files with the Parameters provided in this documentation.
Add the repositories you wish to scan to the Mend for Bitbucket Data Center integration.
If you wish to migrate existing integrated repositories to the global configuration, visit our Migrate your existing repositories to Mend for Bitbucket Server and Data Center global configuration documentation.
Note: The whitesource-config repository does not support changes to the configuration files done via pull requests. Any edits must be committed directly to the default branch of the repository. Due to this, branch protection rules should not be applied to the whitesource-config repository.
Reference
Parameters
repo-config.json Parameters
Note: The parameters below are exclusive to the repo-config.json file. The configuration parameters of the .whitesource file can be applied in the repo-config.json as well, but to be used globally.
Parameter | Type | Description |
---|---|---|
overrideConfigAllowList | Array | Optional. Default Value:
|
global-config.json - General Parameters
Parameter | Type | Description |
---|---|---|
settingsInheritedFrom | String | Optional. Default Value: NOTE: You can override specific parameters that are relevant only in the specific repository by adding these after this parameter. Parameters with type of array do not override the value from global configuration, but only add new values. Examples: Using only values defined in the global configuration:
CODE
Using values defined in the global configuration and overriding the scan settings parameters:
CODE
|
repoConfigMode | String | Required. Default Value:
Note: If the |
repoConfigFileName | String | Optional. Default Value: Note:
|
CVSSv3 | Boolean | Optional. Default Value:
Notes:
|
ignoreSpecificVulnerabilities | Boolean | Optional. Default Value:
The format of ignored-vulnerabilities.txt is a list CVEs or WSs IDs separated by a new line:
CODE
Note:
|
global-config.json - Ignored Repos (ignoredRepos
)
Parameter | Type | Description |
---|---|---|
exactNames | Array | Optional. Default Value: N/A. Provide a list of specific repositories to ignore from the integration. For example:
CODE
|