This repository has been archived by the owner on Nov 28, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
146 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
#################################################################### | ||
# WhiteSource Unified-Agent configuration file for GO | ||
# GENERAL SCAN MODE: Package Managers only | ||
#################################################################### | ||
|
||
# !!! Important for WhiteSource "DIST - *" Products: | ||
# Please set | ||
# checkPolicies=false | ||
# forceCheckAllDependencies=false | ||
# since Policy checks are not applicable for Security scans and also | ||
# not suitable for DIST category. CheckPolicies just cover IP scan | ||
# related license checks for SAP hosted cloud products only ("SHC - *"). | ||
checkPolicies=true | ||
forceCheckAllDependencies=true | ||
|
||
# forceUpdate is important and need to be true | ||
forceUpdate=true | ||
# In some cases it could happen that Unified Agent is reporting SUCCESS but scan is incomplete or | ||
# did not work at all. So parameter failErrorLevel=ALL needs to be set to break the scan if there are issues. | ||
failErrorLevel=ALL | ||
# failBuildOnPolicyViolation: | ||
# If the flag is true, the Unified Agent exit code will be the result of the policy check. | ||
# If the flag is false, the Unified Agent exit code will be the result of the scan. | ||
forceUpdate.failBuildOnPolicyViolation=false | ||
# offline parameter is important and need to be false | ||
offline=false | ||
|
||
# ignoreSourceFiles parameter is important and need to be true | ||
# IMPORTANT: This parameter is going to be deprecated in future | ||
# and will be replaced by a new parameter, fileSystemScan. | ||
ignoreSourceFiles=true | ||
# fileSystemScan parameter is important and need to be false as a | ||
# replacement for ignoreSourceFiles=true and overrides the | ||
# soon-to-be-deprecated ignoreSourceFiles. | ||
fileSystemScan=false | ||
# resolveAllDependencies is important and need to be false | ||
resolveAllDependencies=false | ||
|
||
#wss.connectionTimeoutMinutes=60 | ||
# URL to your WhiteSource server. | ||
# wss.url=https://sap.whitesourcesoftware.com/agent | ||
|
||
# resolveDependencies parameter is important and need to be true | ||
#if you are using 'modules' as a dependency manager, then the go.resolveDependencies is set to false. | ||
#For any other dependency manager, this value is set to true. | ||
|
||
go.resolveDependencies=true | ||
#defaut value for ignoreSourceFiles is set to false | ||
# ignoreSourceFiles parameter is important and need to be true | ||
go.ignoreSourceFiles=true | ||
go.collectDependenciesAtRuntime=false | ||
# dependencyManager: Determines the Go dependency manager to use when scanning a Go project. | ||
# Valid values are 'dep', 'godep', 'vndr', 'gogradle', 'glide', 'govendor', 'gopm' and 'vgo' | ||
# If empty, then the Unified Agent will try to resolve the dependencies using each one | ||
# of the package managers above. | ||
#go.dependencyManager= | ||
#go.glide.ignoreTestPackages=false | ||
#go.gogradle.enableTaskAlias=true | ||
|
||
#The below configuration is for the 'modules' dependency manager. | ||
#Please comment these below 4 lines that has 'go.modules' prefix if you are not using the 'modules' dependency manager. | ||
# Default value is true. If set to true, it resolves Go Modules dependencies. | ||
go.modules.resolveDependencies=true | ||
#default value is true. If set to true, this will ignore Go source files during the scan. | ||
#go.modules.ignoreSourceFiles=true | ||
#default value is true. If set to true, removes duplicate dependencies during Go Modules dependency resolution. | ||
#go.modules.removeDuplicateDependencies=false | ||
#default value is false. if set to true, scans Go Modules project test dependencies. | ||
#go.modules.includeTestDependencies=true | ||
###################### | ||
|
||
|
||
################################## | ||
# Organization tokens: | ||
################################## | ||
# ! In case of PIPER, apiKey may not be used in this configuration, | ||
# but set in configuration of piper. | ||
# Please look at PIPER documentation for more information. | ||
# ! For CoDePipes you may look at CoDePipes for more information. | ||
# apiKey= | ||
|
||
# userKey is required if WhiteSource administrator has enabled "Enforce user level access" option. | ||
# ! In case of PIPER, apiKey may not be used in this configuration, | ||
# but set in configuration of piper. | ||
# Please look at PIPER documentation for more information. | ||
# ! For CoDePipes you may look at CoDePipes for more information. | ||
# userKey= | ||
|
||
projectName=mpas-product-controller | ||
# projectVersion= | ||
# projectToken= | ||
|
||
productName=shc-open-component-model | ||
# productVersion= | ||
# productToken | ||
#updateType=APPEND | ||
#requesterEmail=user@provider.com | ||
|
||
######################################################################################### | ||
# Includes/Excludes Glob patterns - PLEASE USE ONLY ONE EXCLUDE LINE AND ONE INCLUDE LINE | ||
######################################################################################### | ||
|
||
includes=**/*.lock | ||
|
||
## Exclude file extensions or specific directories by adding **/*.<extension> or **<excluded_dir>/** | ||
excludes=**/*sources.jar **/*javadoc.jar | ||
|
||
case.sensitive.glob=false | ||
followSymbolicLinks=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
name: Mend Security Scan | ||
|
||
on: | ||
schedule: | ||
- cron: '20 0 * * 0' | ||
|
||
jobs: | ||
mend-scan: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout Code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up Java 17 | ||
uses: actions/setup-java@v3 | ||
with: | ||
java-version: '17' | ||
distribution: 'temurin' | ||
|
||
- name: Setup Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: '${{ github.workspace }}/go.mod' | ||
|
||
- name: Download Mend Universal Agent | ||
run: curl https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar -o ./wss-unified-agent.jar | ||
|
||
- name: Run Mend Scan | ||
run: java -jar ./wss-unified-agent.jar -c $CONFIG_FILE -wss.url $WSS_URL -apiKey $API_KEY -userKey $USER_KEY -productToken $PRODUCT_TOKEN | ||
env: | ||
USER_KEY: ${{ secrets.MEND_USER_KEY }} | ||
PRODUCT_TOKEN: ${{ secrets.MEND_SHC_PRODUCT_TOKEN }} | ||
WSS_URL: ${{ secrets.MEND_URL }} | ||
API_KEY: ${{ secrets.MEND_API_TOKEN }} | ||
CONFIG_FILE: './.github/workflows/mend.config' | ||
|