Table of Contents |
---|
...
CodeFresh is a container-based CI/CD platform where each step in the pipeline is its own container. To scan your open-source packages with WhiteSource Mend as a part of your CodeFresh pipeline, go to the CodeFresh step marketplace and add the WhiteSource Mend step to your pipeline.
NOTE: Before you begin, make sure that the relevant package manager is installed. For details, see https://whitesource.atlassian.net/wiki/spaces/WD/pages/1140852201/Getting+Started+with+the+Unified+Agent#Prerequisites .
How CodeFresh Integration Works
The WhiteSource Mend step in the CodeFresh marketplace is built on an open-JDK Docker image. The step starts by running an install commands file (a file that runs package manager/dependency install commands) to ensure that all prerequisites are fulfilled before beginning the scan. Once the prerequisites are met, a Unified Agent scan is run and the results are uploaded to WhiteSourceMend.
Adding the
...
Mend Step
Go to your CodeFresh pipeline.
On the right side, click Steps. The Steps pane is displayed.
In the search box, enter whitesource Mend. The WhiteSource Mend step is displayed in the marketplace.
Click once on the WhiteSource the Mend step. The step's YAML is displayed.
From the bottom, click Insert Step. The step's YAML is inserted in your pipeline.
Populate the variables with your organization's relevant data. Refer here for details.
...
Argument | Description | Example |
---|---|---|
API_KEY | A unique identifier of your WhiteSource Mend organization. It can be retrieved from the Integrate tab in the WS UI. |
0a35f1e07d0e4lfdaaf02fc97073d536fac71465eae8470180b92876f85utgjd
|
INSTALL_COMMANDS | The path to the 'install-commands.sh' file. This file contains the package manager and other dependency installation commands. NOTE: This file must be an executable. | example/install-commands.sh |
CONFIG_FILE | The WhiteSource Mend Unified Agent configuration file. The default value is wss-unified-agent.config. | wss-unified-agent.config |
PROJECT_DIRECTORY | A comma-delimited list of directories and/or files to scan. | your/project/dir |
...