...

CodeFresh is a container-based CI/CD platform where each step in the pipeline is its own container. To scan your open-source packages with WhiteSource Mend as a part of your CodeFresh pipeline, go to the CodeFresh step marketplace and add the WhiteSource Mend step to your pipeline.

NOTE: Before you begin, make sure that the relevant package manager is installed. For details, see https://whitesource.atlassian.net/wiki/spaces/WD/pages/1140852201/Getting+Started+with+the+Unified+Agent#Prerequisites .

How CodeFresh Integration Works

The WhiteSource Mend step in the CodeFresh marketplace is built on an open-JDK Docker image. The step starts by running an install commands file (a file that runs package manager/dependency install commands) to ensure that all prerequisites are fulfilled before beginning the scan. Once the prerequisites are met, a Unified Agent scan is run and the results are uploaded to WhiteSourceMend.

Adding the

...

Mend Step

1. Go to your CodeFresh pipeline.

2. On the right side, click Steps. The Steps pane is displayed.

3. In the search box, enter whitesource Mend. The WhiteSource Mend step is displayed in the marketplace.

4. Click once on the WhiteSource the Mend step. The step's YAML is displayed.

5. From the bottom, click Insert Step. The step's YAML is inserted in your pipeline.

6. Populate the variables with your organization's relevant data. Refer here for details.

...

...