Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure Mend Bolt for GitHub #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Configure Mend Bolt for GitHub #2

wants to merge 1 commit into from

Conversation

mend-bolt-for-github[bot]
Copy link

Welcome to Mend Bolt for GitHub (formerly WhiteSource). This is an onboarding PR to help you understand and configure settings before Mend starts scanning your repository for security vulnerabilities.

🚦 Mend Bolt for GitHub will start scanning your repository only once you merge this Pull Request. To disable Mend Bolt for GitHub, simply close this Pull Request.

What to Expect

This PR contains a '.whitesource' configuration file which can be customized to your needs. If no changes were applied to this file, Mend Bolt for GitHub will use the default configuration.

Before merging this PR, Make sure the Issues tab is enabled. Once you merge this PR, Mend Bolt for GitHub will scan your repository and create a GitHub Issue for every vulnerability detected in your repository.

If you do not want a GitHub Issue to be created for each detected vulnerability, you can edit the '.whitesource' file and set the 'minSeverityLevel' parameter to 'NONE'.

❓ Got questions? Check out Mend Bolt for GitHub docs.
If you need any further assistance then you can also request help here.

@what-the-diff
Copy link

what-the-diff bot commented Apr 22, 2023

PR Summary

  • Added .whitesource file to the repository
    This file is important for configuring and integrating WhiteSource security scanning with our project.
  • Created a new branch called "baseBranches" in scanSettings
    This is a preparatory step for future configurations, with no value assigned to it yet (empty array).
  • Updated checkRunSettings for WhiteSource integration
    • Set vulnerableCheckRunConclusionLevel to failure
    • Set displayMode to diff
    • Enabled useMendCheckNames
      These changes will help ensure that our project's security checks are properly configured and displayed within GitHub Actions/Checks API.
  • Modified issue settings for scanning dependencies
    • Only report issues with LOW severity or higher
    • Limit reports to dependency-related issues (excluding license violations)
      This will help reduce noise in our reports by focusing on the most relevant and important issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants