| Table of Contents |
|---|
Overview
CircleCi is a continuous integration development practice that is used by software teams allowing them to build, test and deploy applications on multiple platforms in an easier and faster method.
Orbs are CircleCI configuration packages that can be shared across projects. Orbs allow you to make a single bundle of jobs, commands, and executors.
The WhiteSource Mend Scanner Orb is a simple tool that extracts descriptive information from the open source libraries located on your file system and integrates them with WhiteSourceMend.
By using WhiteSource Mend Orb, you can automatically detect all open source components in your code, while running your build. You can configure real time alerts on security risks, policy pitfalls, and software bugs. The orb integrates fully into your build process, regardless of your programming languages or development environments. It works automatically, continuously, and silently in the background, checking the security, licensing, and quality of your open source components against WhiteSource’s Mend’s constantly-updated definitive database of open source repositories.
Prerequisites
Registered WhiteSource Mend Account
CircleCI CLI is installed and deployed
The relevant package manager must be installed. For details, see https://whitesource.atlassian.net/wiki/spaces/WD/pages/1140852201/Getting+Started+with+the+Unified+Agent#Prerequisites.
Deploying
...
Mend Orb
| Info |
|---|
In order to keep your API token secure, WhiteSource Mend creates a ‘context’ in CircleCI. Contexts provide a mechanism for securing and sharing environment variables across projects. The environment variables are defined as name/value pairs and are injected at runtime. |
From the CircleCI interface, click Settings > Context, and click Create Context:
Add a new variable for the WhiteSource Mend API Token (you can find the API token on the Integrate tab).
Create a configuration file with the required parameters for the scan, and set the Configuration file name (including the file path) as a value for the config_file_path parameter.
Add a comma-separated list of directories and/or files to scan.
Commit and push to view the scan results.
In order to view the status, go to the CircleCI GUI and click jobs. Click the relevant job and verify that a success message is displayed.
You have the option to view the logs, and then navigate to the WhiteSource Mend GUI. The URL for the scan result link is indicated in the logs.
You can view the compliance and security data for the project that was scanned on the WhiteSource Mend Dashboard.
Related Unified Agent Parameters
The following are relevant Unified Agent parameters for this type of scan:
Parameter | Description | Required | Default Value | Type |
|---|---|---|---|---|
api_key | Unique identifier of the organization. Can be retrieved from the admin page in your WhiteSource Mend account. | Yes | No default value | String |
directory | Comma-separated list of directories and / or files to scan. | No | . | String |
config_file_path | Configuration file name (including file path). | No |
| String |
commands_file_path | Install commands file (including file path). | No |
| String |