Set up a global configuration for Mend for Bitbucket Cloud
This integration is for Legacy SCA organizations. Organizations in the Mend AppSec Platform should use the designated Developer Platform integration for Bitbucket Cloud.
Overview
If you are working within an environment that hosts many Bitbucket Cloud repositories, Mend for Bitbucket Cloud provides a global configuration solution to apply parameters to multiple repositories with ease.
This article provides details and instructions on how to create and enable a global configuration that will affect all new repositories integrated using Mend for Bitbucket Cloud.
Use Case
Using the global configuration, you are able to define a configuration that can be inherited by all future integrated repositories, as well as define an onboarding configuration for your integration. The three components of the global configuration are:
whitesource-config repository: The repository where your global-config.json and repo-config.json files are located. Integrated repositories' .whitesource files can point to this repository to inherit the configurations it houses.
global-config.json file: A JSON formatted configuration file where you can define how the onboarding flow will occur for your integrated repositories.
repo-config.json file: A JSON formatted configuration file that will be applied globally to each newly selected integrated repository. It is the global equivalent of the .whitesource file and provides the same configurable parameters for a Mend scan, organization-wide.
Note: All newly integrated repositories will inherit the configuration set in repo-config.json, unless explicitly overridden by a local .whitesource file in the relevant repository.
Getting It Done
Prerequisites
You must have administrator permissions to your Bitbucket Cloud account and to the relevant repositories (owner credentials) in order to create and integrate the relevant repositories.
Setup
Within your Bitbucket Cloud organization, create a new repository named exactly whitesource-config.
Add the new whitesource-config repository to your Mend for Bitbucket Cloud integration.
The whitesource-config repository will now contain a README file and the two new configuration files (automatically created by the integration), repo-config.json and global-config.json. Configure these files with the Parameters provided in this documentation.
Add the repositories you wish to scan to the Mend for Bitbucket Cloud integration.
If you wish to migrate existing integrated repositories to the global configuration, visit our Migrate your existing repositories to Mend for Bitbucket Cloud global configuration documentation.
Note: The whitesource-config repository does not support changes to the configuration files done via pull requests. Any edits must be committed directly to the default branch of the repository. Due to this, branch protection rules should not be applied to the whitesource-config repository.
Reference
Parameters
repo-config.json Parameters
Note: The parameters below are exclusive to the repo-config.json file. The configuration parameters of the .whitesource file can be applied in the repo-config.json as well, but to be used globally.
Parameter | Type | Description |
---|---|---|
overrideConfigAllowList | Array | Optional. Default Value:
|
global-config.json - General Parameters
Parameter | Type | Description |
---|---|---|
settingsInheritedFrom | String | Optional. Default Value: NOTE: You can override specific parameters that are relevant only in the specific repository by adding these after this parameter. Parameters with type of array do not override the value from global configuration, but only add new values. Examples: Using only values defined in the global configuration:
CODE
Using values defined in the global configuration and overriding the scan settings parameters:
CODE
|
repoConfigMode | String | Required. Default Value:
Note: If the |
repoConfigFileName | String | Optional. Default Value: Note:
|
CVSSv3 | Boolean | Optional. Default Value:
Notes:
|
ignoreSpecificVulnerabilities | Boolean | Optional. Default Value:
The format of ignored-vulnerabilities.txt is a list CVEs or WSs IDs separated by a new line:
CODE
Note:
|
global-config.json - Ignored Repos (ignoredRepos
)
Parameter | Type | Description |
---|---|---|
exactNames | Array | Optional. Default Value: N/A. Provide a list of specific repositories to ignore from the integration. For example:
CODE
|