...
Table of Contents | ||
---|---|---|
|
...
vulnerableCheckRunConclusionLevel
Parameter | Type | Description | Required | Default |
---|---|---|---|---|
vulnerable.check.run.conclusion.level | String | The app utilizes the GitHub Checks API that provides checks in commits and pull requests on any repository branch. This parameter defines the conclusion status for when a WhiteSource Security Check is completed. When the parameter is set to 'success', the conclusion status of a WhiteSource Security Check will always be 'Success', even if the check fails. This way, any repository member is able to merge a pull request, even if a WhiteSource Security Check found security vulnerabilities. When the parameter is set to 'failure' (default), the conclusion status of a WhiteSource Security Check will be 'Failure' in cases where WhiteSource Security Check found security vulnerabilities or an error occurred during the scan. When this configuration is defined, and a branch protection rule has been added, a policy for approving a pull request is enforced. In this setting, only the administrator of the repository can approve the merging of a pull request that contains one or more checks with a 'Failure' status. See also Initiating a Merge Policy. | No | failure |
minSeverityLevel
Parameter | Type | Description | Required | Default |
---|---|---|---|---|
minSeverityLevel | String | Enables users to decide whether to open a new GitHub Issue only if a certain Severity Level is available. Available values for "minSeverityLevel" needs to be:
| No | LOW |
Initiating a Scan
Info |
---|
New users are entitled to scan each repository up to five times a day. Existing WhiteSource customers have the scan limitations that are set in their account agreement with WhiteSource. |
A WhiteSource scan is initiated via a valid GitHub push command. A valid push command meets at least one of the following requirements:
...
In your GitHub's account (personal) settings, click Applications. The Applications screen is displayed.
Ensure Installed GitHub Apps is the active tab.
Next to WhiteSource Bolt for GitHub, click Configure.
The WhiteSource Bolt for GitHub page is displayed.
In the Uninstall WhiteSource Bolt for GitHub area, click Uninstall.
Optionally, go to the Authorized GitHub apps tab, and next to the Bolt for GitHub app, click Revoke.