Skip to main content
Skip table of contents

Trigger repository scans manually with Mend for GitHub.com global configuration

Overview

This feature enables users to manually trigger scans for specific repositories.

For each repository in the list, a scan will be triggered (in the latest commit of the specified branch), including the creation of the security check run.

Getting It Done

The scan.json file

In order to trigger the manual SCA or SAST scans, a file called scan.json needs to be pushed to the whitesource-config repo. The scan.json file contains a list of repositories and their branches to scan, and can also be configured to save the scan logs to a defined ws-logs repository. More information on these features is included in the sub-sections below.

Note:

  • The repositories list is limited to ten. If there are more than ten repositories included in the scan.json file, no repositories will be scanned, and a check run will be created.

  • If a branch name is not specified, the default branch will be scanned.

  • The scan.json file is automatically deleted once a successful scan trigger is created in the white-config repository.

  • To view the results of a manual scan, please navigate to the target repository and view the latest

    Mend Security Check (SCA) or Mend Code Security Check (SAST) check runs.

Trigger Mend for GitHub.com SCA manual scans with the scan.json file

To trigger a manual Mend for GitHub.com SCA scan for a defined repository, push a scan.json file to the whitesource-config global configuration repo with the following settings:

CODE 
{
  "repositories": [
    {
      "fullName": "orgName1/repoName1",
      "branchName": "main"
    }
  ]
}

Trigger Mend for GitHub.com SAST manual scans with the scan.json file

To trigger a manual Mend for GitHub.com SAST scan for a defined repository, push a scan.json file to the whitesource-config global configuration repo with the following settings:

CODE 
{
  "repositories": [
    {
      "fullName": "org-name/repo-name",
      "branchName": "main",
      "scanType": "sast"
    }
  ]
}

Generate Mend for GitHub.com manual scan logs with the scan.json file

When triggering a manual scan, it is possible to save the scan logs as a single zip file to a dedicated repository. In order to review these scan logs, perform the following steps:

  1. Create a ws-logs repository in your GitHub organization.

  2. Add the ws-logs repository you created to the Mend integration.

  3. Add the following parameter to the scan.json file;uploadScannerLogs, and set it to true. For example:

CODE 
{
  "repositories": [
    {
      "fullName": "orgName1/repoName1",
      "branchName": "main",
      "uploadScannerLogs": true
    }
  ]
}

Note

  • The format of the scanZIP file name is scanner_logs_{SCAN_TOKEN}.zip.

  • If the ws-logs repository does not exist, the manual scan will not run and the following check run will be created, explaining the reason:

Reference

scan.json Parameters (repositories)

Parameter

Type

Description

fullName

String

Required. Provide a list of specific repositories to trigger the manual scan on. For example:

CODE 
"fullName": "orgName1/repoName1"

branchName

String

Optional. Default Value: Your GitHub.com "default" branch. Specify the branch(es) to be scanned.

scanType

Array

Optional. By default, the scan.json file only triggers manual SCA scans. However, by including the scanType parameter and setting it to sast:

CODE 
"scanType": "sast"

You can initiate manual Mend for GitHub.com SAST scans at the global configuration level.

uploadScannerLogs

Boolean

Optional. Default Value: false. The available parameter values are:

  • true - Save the logs from the triggered scan as a single zip folder in the dedicated ws-logs repository

  • false - No logs are saved for the triggered scan

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close