Skip to main content
Skip table of contents

Trigger repository scans manually with Mend for GitHub.com global configuration

Overview

This feature enables users to manually trigger scans for specific repositories.

For each repository in the list, a scan will be triggered (in the latest commit of the specified branch), including the creation of the security check run.

Getting it done

The scan.json file

In order to trigger the manual scans, a file called scan.json needs to be pushed to the whitesource-config repo. The scan.json file contains a list of repositories and their branches to scan, as well is to enable scan logs to be saved. The repository list is limited to 10. If there are more than 10, no repositories will be scanned, and a check run will be created.

Generate logs from a manual scan

When triggering a manual scan, it is possible to save the scan logs as a single zip file to a dedicated repository. In order to review these scan logs, perform the following steps:

  1. Create a ws-logs repository in your GitHub organization.

  2. Add the ws-logs repository you created to the Mend integration.

  3. Add the following parameter to the scan.json file;uploadScannerLogs, and set to true.

Example:

CODE
{
  "repositories": [
    {
      "fullName": "orgName1/repoName1",
      "branchName": "main",
      "uploadScannerLogs": true
    }
  ]
}

NOTE:

  • Name of the zip file: scanner_logs_{SCAN_TOKEN}.zip

  • If the ws-logs repository does not exist, the manual scan will not run and a check run will explain why:

Reference

scan.json Parameters (repositories)

Parameter

Type

Description

fullName

String

Required. Provide a list of specific repositories to trigger the manual scan on. For example:

CODE
"fullName": "orgName1/repoName1"

branchName

String

Optional. Default Value: Your GitHub.com "default" branch. Specify the branch(es) to be scanned.

uploadScannerLogs

Boolean

Optional. Default Value: false. The available parameter values are:

  • true - Save the logs from the triggered scan as a single zip folder in the dedicated ws-logs repository

  • false - No logs are saved for the triggered scan

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.