Set up a global configuration for Mend for Azure Repos
Overview
If you are working within an environment that hosts many Git repositories, Mend for Azure Repos provides a global configuration solution to apply parameters to multiple repositories with ease.
This article provides details and instructions on how to create and enable a global configuration that will affect all new repositories integrated using Mend for Azure Repos.
Use case
Using the global configuration, you are able to define a configuration that can be inherited by all future integrated repositories, as well as define an onboarding configuration for your integration. The three components of the global configuration are:
whitesource-config repository: The repository where your global-config.json and repo-config.json files are located. Integrated repositories' .whitesource files can point to this repository to inherit the configurations it houses.
global-config.json file: A JSON formatted configuration file where you can define how the onboarding flow will occur for your integrated repositories.
repo-config.json file: A JSON formatted configuration file that will be applied globally to each newly selected integrated repository. It is the global equivalent of the .whitesource file and provides the same configurable parameters for a Mend scan, organization-wide.
Note: All newly integrated repositories will inherit the configuration set in repo-config.json, unless explicitly overridden by a local .whitesource file in the relevant repository.
Getting it done
Prerequisites
You must have administrator privileges to your Azure DevOps Repos account and to the relevant repositories (owner credentials) in order to create and integrate the relevant repositories.
You have successfully installed Mend for Azure Repos following the instructions in our Install Mend for Azure Repos documentation.
Global Configuration Levels
Mend for Azure Repos supports two levels of global configuration due to Azure Repo's architectural design:
Azure Organization level configuration - Using the “whitesource-config” Azure project / “whitesource-config” repo. Configuration at this level will affect all projects integrated using Mend for Azure Repos.
Azure Project level configuration - Using the "YourProjectName" Azure project / “whitesource-config” repo. Configuration at this level will also affect projects integrated using Mend for Azure Repos but can be customized separately.
Note that configurations can be overridden depending on where they are placed:
.whitesource configuration (at the local repo level, aka the "integrated repo/repo to be scanned") will override the "top" and "middle" levels mentioned above.
repo-config.json configuration at the "middle" level will override whatever is set at the "top" level mentioned above, but will be overridden by the .whitesource file at the integrated repo level.
Setup
For Azure Organization level global configuration: Within your Azure DevOps Repos organization, create a new project named exactly “whitesource-config”.
For Azure Project level global configuration: Within your Azure DevOps Repos project, create a new repository named exactly “whitesource-config”.
Sync your Azure project by going into your Mend UI → Integrations tab → Azure Repos → Sync Projects.
Notes:
This will kick off the integration to check if there are any new repos that need to be onboarded (this being the "whitesource-config" repo you created in step 1).
To learn more about the synchronization process, please refer to the synchronization process.
The whitesource-config repository will now contain a README file and the two new configuration files (automatically created by the integration once the synchronization process is completed), repo-config.json and global-config.json. Configure these files with the Parameters provided in this documentation.
Add the repositories you wish to scan to the Mend for Azure Repos integration.
If you wish to migrate existing integrated repositories to the global configuration, visit our Migrate your existing repositories to Mend for Azure Repos global configuration documentation.
Note: The whitesource-config repository does not support changes to the configuration files done via pull requests. Any edits must be committed directly to the default branch of the repository. Due to this, branch protection rules should not be applied to the whitesource-config repository.
Reference
Parameters
global-config.json General Parameters
Note: The parameters below are exclusive to the repo-config.json file. The configuration parameters of the .whitesource file can be applied in the repo-config.json as well, but to be used globally.
Parameter | Type | Description |
---|---|---|
repoConfigMode | String | Required. Default Value:
Note: If the |
overrideConfigAllowList | Array | Optional. Default Value:
|
global-config.json - azureReposSettings
Note: When the configuration for the workitemType
or customFields
parameters is changed, all Mend-created work items will be updated after a valid push in the repository.
Parameter | Type | Description |
---|---|---|
workItemType | String | Optional. This parameter specifies the type of work item to be created for all Mend work items. Set this parameter to a string equal to the name of a work item type in your project. Note:
Defualt Value depends on the process type:
|
customFields | Object | Optional. Defualt Value: If a field with a matching name exists in the work item template and the value is a compatible data type, it will be added to the work item. Example of use:
CODE
Note:
|
ignoreSpecificVulnerabilities | Boolean | Optional. Default Value:
The format of ignored-vulnerabilities.txt is a list CVEs or WSs IDs separated by a new line:
CODE
Note:
|
global-config.json - Ignored Repos
Parameter | Type | Description |
---|---|---|
exactNames | Array | Optional. Defualt Value:
CODE
|
global-config.json - Included Repos
Parameter | Type | Description |
---|---|---|
exactNames | Array | Optional. Defualt Value:
CODE
Notes:
|