Skip to main content
Skip table of contents

Repository Integrations - Configuring Scan Settings

Overview

The available Mend repository integrations (GitHub.com, GitHub Enterprise, GitLab Server, Bitbucket Server, etc.) rely on a scanner to perform checks and report vulnerabilities.

The default scanning configuration is a unique one, and it is based on the unified agent default configuration described here, with the alterations for native integrations described here.

These default settings were selected to provide the best results when scanning a repository and are set, for example, to include a pre-step to build the project in advance and the dev dependencies in the results.

Why would I want to change the scan settings?

The default settings may not provide you with the desired results. For this reason, Mend allows you to modify the default configuration.

Some common user alterations include, for example, changing the Python version used in the scan or excluding dev dependencies from the results.

How to change the scan settings?

To change the scanning configuration in your repository, please perform the following steps:

  1. Create a “whitesource.config” file. This file can be included in the repository or in an external location that can be reached from the repository. This file will consist of all the configuration adjustments you would like to perform.

  2. To this file, add the configuration changes in the same format as the Unified Agent configuration file. IMPORTANT: once you make any changes to the scan settings, the rest of the settings revert to the Unified Agent defaults described here, without the alterations for native integrations described here. For this reason, it is recommended that you add to your file, in addition to the changes you would like to make, all the parameters that are modified for the native integrations to avoid the automatic changing of the other parameters from affecting your results.

  3. In the “.whitesource” file in your repo, change the “configMode” parameter to either:

    1. LOCAL” if you chose to create the “whitesource.config” file inside the repository

    2. EXTERNAL” if you chose to have it in an external location. If you chose this option, set the “configExternalURL” to point to that location

.whitesource file with configMode LOCAL configuration
CODE 
{
  "scanSettings": {
    "configMode": "LOCAL",
	"configExternalURL": "",
    "projectToken": "",
	"baseBranches": []
  },
  "checkRunSettings": {
    "vulnerableCheckRunConclusionLevel": "failure",
    "displayMode": "diff"
  },
  "issueSettings": {
    "minSeverityLevel": "LOW",
    "issueType": "DEPENDENCY"
  },
  "remediateSettings": {
    "workflowRules": {
      "enabled": true
    }
  }
}
.whitesource file with configMode EXTERNAL configuration
CODE 
{
  "scanSettings": {
    "configMode": "EXTERNAL",
	"configExternalURL": "https://mydomain.com/whitesource-settings/whitesource.config",
    "projectToken": "",
	"baseBranches": []
  },
  "checkRunSettings": {
    "vulnerableCheckRunConclusionLevel": "failure",
    "displayMode": "diff"
  },
  "issueSettings": {
    "minSeverityLevel": "LOW",
    "issueType": "DEPENDENCY"
  },
  "remediateSettings": {
    "workflowRules": {
      "enabled": true
    }
  }
}

How to change the scan settings for all repositories?

To change the scanning configuration of all repositories, you would need to use a global-repo configuration. To read more on that, refer here.

Once you have set up the global repo, please perform the following steps:

  1. Create a “whitesource.config” file in an external location that can be reached from your “whitesource-config” repo/project. This file will include all the configuration adjustments you would like to perform.

  2. To this file, add the configuration changes in the same format as the Unified Agent configuration file. IMPORTANT: once you make any changes to the scan settings, the rest of the settings revert to the Unified Agent defaults described here, without the alterations for native integrations described here. For this reason, it is recommended that you add to your file, in addition to the changes you would like to make, all the parameters that are modified for the native integrations to avoid the automatic changing of the other parameters from affecting your results.

  3. In the “repo-config.json” file in your global repo, change the “configMode” parameter, to “EXTERNAL” and set the “configExternalURL” to point to the location of the “whitesource.config” file you created.

repo-config.json file with EXTERNAL configuration
CODE 
{
  "scanSettings": {
    "configMode": "EXTERNAL",
	"configExternalURL": "https://mydomain.com/whitesource-settings/whitesource.config",
    "projectToken": "",
	"baseBranches": []
  },
  "checkRunSettings": {
    "vulnerableCheckRunConclusionLevel": "failure",
    "displayMode": "diff"
  },
  "issueSettings": {
    "minSeverityLevel": "LOW",
    "issueType": "DEPENDENCY"
  },
  "remediateSettings": {
    "workflowRules": {
      "enabled": true
    }
  }
}

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close