...
This global configuration file is a JSON-formatted file where you can define global configurations for the integration. The following parameters can be provided:
General Parameters
Parameter | Type | Description | Required | Default | ||
---|---|---|---|---|---|---|
repoConfigMode | String | The configuration mode to be used on all integrated repositories. There are three options:
| Yes | createOnboardingPR | ||
repoConfigFileName | String | It is possible to rename the .whitesource configuration file added to an integrated repository. NOTES:
| No | .whitesource | ||
branchProtectionRule | Automatically create a “WhiteSource Security Check” branch protection rule for all branches configured by the “baseBrances” property. This will only occur for newly onboarded repositories. NOTES:
| No | “none” | |||
settingsInheritedFrom | Add an option for a regular account repo-settings.json or global-settings.json file to inherit settings from the |
whitesource- |
config account’s global-settings.json file. For example, a global-config.json file in {someOrg}/whitesource-config could inherit settings from the whitesource-config/whitesource-config file. If this parameter is enabled, after creating a whitesource-config file inside the repos of the given organization, it will be automatically populated with the settings from the whitesource-config/whitesource-config file. NOTE: You can override specific parameters that are relevant only in the specific repository by adding these after this parameter. Examples: Using only values defined in the global configuration:
Using values defined in the global configuration and overriding the scan settings parameters:
| No | “none” |
Ignored Repos (ignoredRepos)
Parameter | Type | Description | Required | Default | ||
---|---|---|---|---|---|---|
exactNames | Array | Provide a list of specific repositories to ignore from the integration. For example:
| No | Empty |
Account Managment
Parameter | Type | Description | Required | Default | ||
---|---|---|---|---|---|---|
includedOwners->exactNames | Array | Define a whitelist of GitHub Organizations and/or GitHub repository owners who can integrate with the WhiteSource integration. NOTE: This applies to WhiteSource for GitHub Enterprise and WhiteSource for GitHub.com only. For example:
| No | Empty | ||
allowedUserAccounts->exactNames | Array | Provide a way to limit the integration to organization accounts and block all or specific user accounts. If the “exactNames” property is empty all user accounts will be blocked. If the object is missing, no limitation on account type will be enforced. When a blocked account is trying to install the integration it will be automatically uninstalled. NOTE: Only valid for the GitHub Enterprise integration.
| No | Null |
Manually Triggering Repository Scans
...
For each repository in the list, a scan will be triggered (in the latest commit of the specified branch), including the creation of the security check run.
Manual scan logs
When triggering a manual scan it is possible to save the scan logs as a single zip file to a dedicated repository: whitesource-config/ws-logs. To enable this functionality additional flag should be added to the scan.json, uploadScannerLogs
set to true.
Example:
Code Block |
---|
{
"repositories": [
{
"fullName": "orgName1/repoName1",
"branchName": "main",
"uploadScannerLogs": true
}
]
} |
NOTE:
Name of the zip file: scanner_logs_{SCAN_TOKEN}.zip
The name of the ws-logs repo is configurable using the env var
WS_LOG_REPO_NAME
If that repo whitesource-config/ws-logs does not exist - then the manual scan will not run, and there will be a check run explaining why:
Migrating Existing Repositories to the Global Configuration
...
migration.json File Parameters
Parameter | Type | Description | Required? | Default | ||
---|---|---|---|---|---|---|
migrationMode.changeType | String | Type of change to perform as part of the migration. There are two possible values:
| No | inheritance | ||
migrationMode.openPR migrationMode.openMR | Boolean | Whether an onboarding PR/MR should be created for the migrating repositories. NOTE: When set to false, every migrating repository that currently contains a .whitesource file will trigger an automatic scan after these are migrated. This may affect overall performance of the integration depending on how many migrating repositories you have. | No | true | ||
migrationMode.fixInheritance | Boolean | This parameter can be used in case the Global Configuration repository was moved or renamed since the initial integration. When enabled, the migration will update existing inheritedFrom parameter values in repo-level .whitesource configuration files, to the correct whitesource-config repository. | No | false | ||
migrationMode.triggerScan | Boolean | Control whether the migration should trigger a scan after completion. NOTE: this parameter is relevant only when using migrationMode.changeType=inheritance. | No | true | ||
includeRepos | Array | Provide a list of specific full repository names (owner/repo_name) on which the migration should run. NOTE: You cannot use includeRepos together with excludeRepos as part of a migration. Example:
| No | Empty | ||
excludeRepos | Array | Provide a list of specific full repository names (owner/repo_name) on which the migration should not run. NOTE: You cannot use excludeRepos together with includeRepos as part of a migration. Example:
| No | Empty |