Trigger repository scans manually with Mend for GitHub Enterprise global configuration
Overview
This feature enables users to manually trigger scans for specific repositories.
For each repository in the list, a scan will be triggered (in the latest commit of the specified branch), including the creation of the security check run.
Getting it done
The scan.json file
In order to trigger the manual scans, a file called scan.json needs to be pushed to the whitesource-config repo. The scan.json file contains a list of repositories and their branches to scan, as well is to enable scan logs to be saved. The repository list is limited to 10. If there are more than 10, no repositories will be scanned, and a check run will be created.
Generate logs from a manual scan
When triggering a manual scan, it is possible to save the scan logs as a single zip file to a dedicated repository. In order to review these scan logs, perform the following steps:
Create a
ws-logs
repository in your GitHub organization.Add the
ws-logs
repository you created to the Mend integration.Add the following parameter to the scan.json file;
uploadScannerLogs
, and set to true.
Example:
{
"repositories": [
{
"fullName": "orgName1/repoName1",
"branchName": "main",
"uploadScannerLogs": true,
"scanType": "sca"
}
]
}
NOTE:
Name of the zip file: scanner_logs_{SCAN_TOKEN}.zip
If the
ws-logs
repository does not exist, the manual scan will not run and a check run will explain why:
Reference
scan.json Parameters (repositories
)
Parameter | Type | Description |
---|---|---|
fullName | String | Required. Provide a list of specific repositories to trigger the manual scan on. For example:
CODE
|
branchName | String | Optional. Default Value: |
scanType* | String | Optional. By default, the scan.json file triggers manual SCA scans. Possible values are:
CODE
|
uploadScannerLogs | Boolean | Optional. Default Value:
|
* The “sast” scanType is not applicable in the Legacy SCA Application.