Skip to main content
Skip table of contents

Trigger repository scans manually with Mend for GitHub.com global configuration

Overview

This feature enables users to manually trigger scans for specific repositories.

For each repository in the list, a scan will be triggered (in the latest commit of the specified branch), including the creation of the security check run.

Getting it done

The scan.json file

In order to trigger the manual scans, a file called scan.json needs to be pushed to the whitesource-config repository. The scan.json file contains a list of repositories and their branches to scan, as well as a parameter to enable saving of scan logs. The repository list is limited to 10. If there are more than 10, no repositories will be scanned, and a check run will be created. The default scan type that will be triggered for the configured repositories and branches is SCA. To trigger a SAST scan, add "scanType": "SAST" to the scan.json file.

Note: SAST manually triggered scans can only run on the default branch.

Generate logs from a manual scan

When triggering a manual scan, it is possible to save the scan logs as a single zip file to a dedicated repository. In order to review these scan logs, perform the following steps:

  1. Create a ws-logs repository in your GitHub organization.

  2. Add the ws-logs repository you created to the Mend integration.

  3. Add the following parameter to the scan.json file;uploadScannerLogs, and set to true.

Example:

CODE 
{
  "repositories": [
    {
      "fullName": "orgName1/repoName1",
      "branchName": "main",
      "uploadScannerLogs": true
    }
  ]
}

NOTE:

  • Name of the zip file: scanner_logs_{SCAN_TOKEN}.zip

  • If the ws-logs repository does not exist, the manual scan will not run and a check run will explain why:

Reference

scan.json Parameters (repositories)

Parameter

Type

Description

fullName

String

Required. Provide a list of specific repositories to trigger the manual scan on. For example:

CODE 
"fullName": "orgName1/repoName1"

branchName

String

Optional. The branch must be set as the repository’s default branch in order to be scanned.

Default Value: Your GitHub.com "default" branch.

scanType

String

Optional. The available parameter values are:

  • SAST - setting this value will enable manually triggering a SAST scan instead of SCA.

Default Value: None - which results in running an SCA scan.

uploadScannerLogs

Boolean

Optional. Default Value: false. The available parameter values are:

  • true - Save the logs from the triggered scan as a single zip folder in the dedicated ws-logs repository

  • false - No logs are saved for the triggered scan

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close