Overview

Pipeline is an integrated CI/CD solution for Bitbucket Cloud. You can simplify and configure common actions in your pipeline, using pipes. Mend's pipe contains the Unified Agent.

NOTE: Before you begin, make sure that the relevant package manager is installed. For details, see This page is available at: https://whitesourcedocs.atlassianmend.net/wiki/spaces/WD/pages/1140852201/Getting+Started+with+the+Unified+Agent#Prerequisites .

YAML Definitions

Add the following snippet to the script section of your bitbucket-pipelines.yml file:

- pipe: WhitesourceSoftware/whitesource-scan:1.5.0
  variables:

    # API_KEY: '<string>'             # Optional
    # DIRECTORY: '<string>'           # Optional
    # CONFIG_FILE_PATH: '<string>'    # Optional
    # COMMANDS_FILE_PATH: '<string>'  # Optional
    # UA_JAVA_OPS: '<string>'         # Optional

Variables

...

Variable

...

Usage

...

Required

...

Default

...

API_KEY

...

Mend Organization Account API Key.

...

false

...

ApiKey found in config file

...

CONFIG_FILE_PATH

...

Unified Agent Configuration File location.

A relative path should be provided. Alternatively, a URL to the configuration file can be provided using one of the the following protocols: 'ftp://', 'http://', 'https://'.

...

false

...

'./wss-unified-agent.config'

...

DIRECTORY

...

Project to Scan Directory. Can contain multiple directories separated by commas.

...

false

...

'.'

...

COMMANDS_FILE_PATH

...

Path to the required bash commands in case any customization is required in the generic orb. Add packages to update and install, environment variables etc.

...

false

...

'./install-commands.sh'

...

UA_JAVA_OPTS

...

Options for the Java command executing the Unified Agent's JAR

...

false

Variables are optional, If the value is not supplied, the Mend Scanner will use the default value.

Details

The Mend Unified-Agent configuration file should be downloaded to a project. The configuration file path including the file name should be set in the 'config file path' variable.
More details for configuration file parameters can be found in the Unified Agent Configuration File & Parameters page.

You have the option to view the logs, and then navigate to the Mend GUI. The URL for the scan result link is indicated in the logs.

...

You can view the compliance and security data for the project that was scanned on Mend GUI (Web interface).

Starting with Mend-scan version 1.3.0, if the Unified Agent fails inside the pipeline (meaning the Unified Agent's exit code is not 0), the pipe fails with the same exit code as the Unified Agent.

Prerequisites

• Active Mend account with access to the GUI, and permissions to run Mend Unified Agent.

• Active Bitbucket cloud account with one or more repositories.

Examples

Basic Example

script:
  - pipe: WhitesourceSoftware/whitesource-scan:1.5.0

Advanced Example

script:
  - pipe: WhitesourceSoftware/whitesource-scan:1.5.0
    variables:
        API_KEY: $API_KEY
        DIRECTORY: '.'
        CONFIG_FILE_PATH: './someFolder/wss-unified-agent.config'
        COMMANDS_FILE_PATH: './someFolder/install-commands.sh
        UA_JAVA_OPTS: '-Xms512m -Xmx1024m'

.io/bundle/unified_agent/page/bitbucket_pipeline.html