Versions Compared

Old Version 100

changes.mady.by.user Michael Hollander

Saved on

compared with

New Version 101

changes.mady.by.user Michael Hollander

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated WS Logo


Image RemovedImage Added

Table of Contents
maxLevel4

...

Parameter TypeDescriptionRequired Default
minSeverityLevelString

Enables users to decide whether to open a new GitHub Issue only if a certain Severity Level is available.

Available values for "minSeverityLevel" needs to be:

    • NONE - No GitHub Issues will be generated.

    • LOW - Any Low/Medium/High vulnerabilities found will generate a GitHub Issue.

    • MEDIUM - Any Medium/High vulnerabilities found will generate a GitHub Issue.

    • HIGH - Any High vulnerabilities found will generate a GitHub Issue.

NoLOW

Initiating a Scan

New users are entitled to scan each repository up to five times a day. Existing WhiteSource customers have the scan limitations that are set in their account agreement with WhiteSource.  

A scan is initiated via a valid GitHub 'push' command. A valid 'push' command meets at least one of the following requirements:

  • One of the commits in the 'push' command include added file(s) that have an extension supported by WhiteSource and/or one of the commits in the 'push' command included a removal of file(s) that have an extension supported by WhiteSource. Refer to the WhiteSource Languages page in order to find out whether or not a specific language and its extensions are supported. 

  • One of the commits in the 'push' command includes a modification in the package manager configuration file(s). This includes any of the following files:
    • build.gradle
    • pom.xml
    • setup.py
    • requirements.txt
    • Gemfile.lock
    • package.json
    • bower.json
    • Gopkg.lock
    • Godeps.lock
    • vendor.conf
    • gogradle.lock
    • glide.lock
    • composer.json
    • build.sbt
    • paket.dependencies

    • Any metafile with one of the following extensions: 

      • config
      • csproj
      • htm
      • html
      • shtml
      • xhtml
      • jsp
      • asp
      • do
      • aspx

...

Initiating a Merge Policy

A merge policy utilizes the app's integration with GitHub Checks API. It enables the repository's administrator to approve the merging of a pull request with 'Failed' commit statuses to a target branch in the repository. 
For more information on Checks API, see the related GitHub Checks API introduction page.

Prerequisite for the Merge Policy: Add a Branch Protection Rule

...

  1. Go to the 'Applications' section of your GitHub's account settings, and click on the 'Configure' button next to the 'WhiteSource Bolt for GitHub' app.



  2. The 'WhiteSource Bolt for GitHub' page opens. Scroll down in order to view the 'Uninstall WhiteSource Bolt for GitHub' button.



  3. Click on the 'Uninstall' button. Uninstalling WhiteSource Bolt for GitHub removes it from all your repositories.
  4. Optionally, go to 'Authorized GitHub apps' tab, and click the 'Revoke' button next to the 'Bolt for GitHub' app.