Skip to main content
Skip table of contents

Issues That Are Not Auto-Opened or Auto-Closed

Problem

Mend for Repository Integrations can automatically open issues for found vulnerable dependencies and close these issues when the vulnerabilities are resolved or ignored.

This article describes some troubleshooting steps when this feature is not working properly.

Solution

  1. Confirm the Issues tab is enabled for the repository if integrating with GitHub.com, GitHub Enterprise, or GitLab.

  2. Confirm the scanned branch is specified for the baseBranches parameter. This parameter can be found in the .whitesource file if you’re using per-repo configuration, or repo-config.json file in the whitesource-config repository if you’re using global configuration.

    • Note: if the value for this flag is empty, then the issues will only be created for the default branch.

  3. Make sure the correct value is set for minSeverityLevel parameter. For example, if you have "minSeverityLevel": "MEDIUM", then no issuea will be created for low severity vulnerabilities.

  4. Go to the project page in the Mend UI and confirm whether you are able to find the vulnerable library in question.

    1. For an issue that isn’t auto-opened

      1. If the library does exist in the project inventory, make sure the alert is active and not ignored. You can check the alert status by going to the Ignore Alerts report if your organization is using the library-based alert (legacy) mode. For an organization that is using the vulnerability-based alert (new) mode, please check the Security Alerts: View By Vulnerability report and filter by status Ignored Alerts.

      2. If the alert is not ignored, try recalculating the alert by navigating to: Admin → Alerts → Recalculate Alerts

        • Note: this process can take up to a couple of hours to complete depending on the inventory size of your organization. Once it has completed, the issue should be opened.

      3. If the library doesn’t exist in the project inventory, confirm whether the scan of your project succeeded.

    2. For an issue that isn’t auto-closed

      1. If you expect the issue to be closed by ignoring the relevant alert, please follow step 4A above to confirm this alert is ignored successfully.

      2. If you expect the issue to be closed because the library was removed from your project, confirm whether the library is listed in your project’s inventory in Mend. If you still find this library in the inventory, it’s possible that this library was included as a transitive dependency by another library. You can confirm this by going to the library details page, and clicking “view impact analysis” next to the library’s name, and it will show you the dependency tree of this library.

    3. If issues are continuing to fail to be auto-opened or auto-closed, please open a ticket to Mend support.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close