Trigger repository scans manually with Mend for Bitbucket Data Center global configuration
Overview
This feature enables users to manually trigger scans for specific repositories.
For each repository in the list, a scan will be triggered (in the latest commit of the specified branch), including the creation of the security check run.
Getting It Done
The scan.json file
In order to trigger the manual SCA scans, a file called scan.json needs to be pushed to the whitesource-config repo. The scan.json file contains a list of repositories and their branches to scan, and can also be configured to save the scan logs to a defined ws-logs
repository. More information on these features is included in the sub-sections below.
Note:
The
repositories
list is limited to ten. If there are more than ten repositories included in the scan.json file, no repositories will be scanned, and a check run will be created.If a branch name is not specified, the default branch will be scanned.
The scan.json file is automatically deleted once a successful scan trigger is created in the white-config repository.
To view the results of a manual scan, please navigate to the target repository and view the latest
Mend Security Check (SCA).
Trigger Mend for Bitbucket Data Center SCA manual scans with the scan.json file
To trigger a manual Mend for Bitbucket Data Center SCA scan for a defined repository, push a scan.json file to the whitesource-config global configuration repo with the following settings:
{
"repositories": [
{
"fullName": "projectName1/repoName1",
"branchName": "main"
}
]
}
Generate Mend for Bitbucket Data Center manual scan logs with the scan.json file
When triggering a manual scan, it is possible to save the scan logs as a single zip file to a dedicated repository. In order to review these scan logs, perform the following steps:
Create a
ws-logs
repository in your Bitbucket Data Center deployment.Add the
ws-logs
repository you created to the Mend integration.Add the following parameter to the scan.json file;
uploadScannerLogs
, and set it to true. For example:
{
"repositories": [
{
"fullName": "projectName1/repoName1",
"branchName": "main",
"uploadScannerLogs": true
}
]
}
Note
The format of the scanZIP file name is
scanner_logs_{SCAN_TOKEN}.zip
.If the
ws-logs
repository does not exist, the manual scan will not run and the following check run will be created, explaining the reason:
Reference
scan.json Parameters (repositories
)
Parameter | Type | Description |
---|---|---|
fullName | Array | Required. Provide a list of specific repositories to trigger the manual scan on. For example:
CODE
|
branchName | Array | Optional. Default Value: |
scanType | Array | Optional. By default, the scan.json file only triggers manual SCA scans.
CODE
|
uploadScannerLogs | Boolean | Optional. Default Value:
|