Skip to main content
Skip table of contents

CodeFresh Integration

Overview

CodeFresh is a container-based CI/CD platform where each step in the pipeline is its own container. To scan your open-source packages with Mend as a part of your CodeFresh pipeline, go to the CodeFresh step marketplace and add the Mend step to your pipeline.

NOTE: Before you begin, make sure that the relevant package manager is installed. For details, see https://docs.mend.io/legacy-sca/latest/getting-started-with-the-unified-agent#GettingStartedwiththeUnifiedAgent-Prerequisites .

How CodeFresh Integration Works

The Mend step in the CodeFresh marketplace is built on an open-JDK Docker image. The step starts by running an install commands file (a file that runs package manager/dependency install commands) to ensure that all prerequisites are fulfilled before beginning the scan. Once the prerequisites are met, a Unified Agent scan is run and the results are uploaded to mend.

Adding the Mend Step

  1. Go to your CodeFresh pipeline.

  2. On the right side, click Steps. The Steps pane is displayed.

  3. In the search box, enter mend. The Mend step is displayed in the marketplace.

  4. Click once on the Mend step. The step's YAML is displayed.

  5. From the bottom, click Insert Step. The step's YAML is inserted in your pipeline.

  6. Populate the variables with your organization's relevant data. Refer here for details.

YAML Definitions

Argument

Description

Example

API_KEY

A unique identifier of your Mend organization. It can be retrieved from the Integrate tab in the WS UI.

 

0a35f1e07d0e4lfdaaf02fc97073d536fac71465eae8470180b92876f85utgjd

 

INSTALL_COMMANDS

The path to the 'install-commands.sh' file. This file contains the package manager and other dependency installation commands.

NOTE: This file must be an executable.

example/install-commands.sh

CONFIG_FILE

The Mend Unified Agent configuration file. The default value is wss-unified-agent.config.

wss-unified-agent.config

PROJECT_DIRECTORY

A comma-delimited list of directories and/or files to scan.

your/project/dir

More Examples

Additional examples for CI/CD pipelines can be found at https://github.com/mend-toolkit/mend-examples/tree/main/CI-CD .  

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.