Cloud Repository Integration - High-level Architecture
Mend offers a hosted integration for the following Mend-hosted SCM systems:
Background
To deploy any variant of the Mend Hosted repository integration the respective installation guide will need to be followed. There is no building or deploying of any containers necessary. Depending on your repository integration you may see webhooks in the repository settings or an application, this controls the scans and which element of the hosted scanning is undertaken based on the webhook type utilized.
Architecture
The following are the containers which are utilized in the cloud repo integration. The scanner and remediate containers are created on demand and once their respective tasks are completed they are deleted; this is an ephemeral design.
Controller - listens for incoming webhooks and provisions activities within the Mend Cloud environment
For example - a valid incoming push event, sets up a pending scan in the job queue.
Scanner - clones the triggering repository and scans using the Unified Agent and either the default configuration or a user supplied configuration.
The scanner is provisioned on demand and is pre-built with Package Managers and Unified Agent.
Remediate/Renovate - creates pull requests for Renovate and/or Remediate depending on what is configured in the
remediateSettings
section of the configuration file.The remediate container is provisioned after the scanner.
Mend Cloud-Hosted Repository Integration Architecture Diagram