-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add .whitesource and config files to activate whitesource integration #165
Add .whitesource and config files to activate whitesource integration #165
Conversation
Signed-off-by: Zelin Hao <[email protected]>
Codecov Report
@@ Coverage Diff @@
## main #165 +/- ##
==========================================
- Coverage 44.12% 43.95% -0.17%
==========================================
Files 156 156
Lines 5145 5173 +28
Branches 948 953 +5
==========================================
+ Hits 2270 2274 +4
- Misses 2657 2681 +24
Partials 218 218
Continue to review full report at Codecov.
|
"displayMode": "diff" | ||
}, | ||
"issueSettings": { | ||
"minSeverityLevel": "LOW" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have agreement on all repos that we should care LOW
level issues?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is something that each team can change it based their demand. You can always modify the severity level issue would be created by changing this parameter. https://whitesource.atlassian.net/wiki/spaces/WD/pages/697696422/WhiteSource+for+GitHub.com#Issue-Settings-(issueSettings). This PR is to help onboard WhiteSource with some default values.
resolveAllDependencies=false | ||
#excludeDependenciesFromNodes=.*commons-io.*,.*maven-model | ||
|
||
resolveAllDependencies=false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Duplicate line as line 78
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed. Thanks!
Signed-off-by: Zelin Hao <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for the change!
@zelinh we have seen with Dependabot that oftentimes the alerts are for dependencies stored in |
I think this will mostly create issues for those vulnerabilities as long as they are existed in this repo. You can always whitelist those issues that can't fix at your level in the WhiteSource dashboard to ignore them. Furthermore, automatic fix for CVEs is disabled in default, so it won't create PR to fix CVEs unless you allow it. |
Got it, sounds good. Thanks for adding! |
…#165) * Add .whitesource and config files to trigger whitesource integration Signed-off-by: Zelin Hao <[email protected]> * Remove duplicate code for example config Signed-off-by: Zelin Hao <[email protected]> (cherry picked from commit ef40275)
…#165) * Add .whitesource and config files to trigger whitesource integration Signed-off-by: Zelin Hao <[email protected]> * Remove duplicate code for example config Signed-off-by: Zelin Hao <[email protected]> (cherry picked from commit ef40275)
Signed-off-by: Zelin Hao [email protected]
Description
We @bbarani already enable the access of WhiteSource integration with Github.com for this repo. However, the automatic PR of .whitesource is not created. We asked for the support from WhiteSource side and they suggested we could raise one by ourselves. This PR will also set the WhiteSource integration config mode
LOCAL
so it will be using thewhitesource.config
in the root directory. Dashboards team can modify this configuration on their own to customize it. We are providing the one we had for all repos at this time.Another PR we created for the same issue. opensearch-project/OpenSearch-Dashboards#999
Please be aware that when this PR is merged, WhiteSource integration might be automatically created CVEs Github issues like these in build repo.
Issues Resolved
[List any issues this PR will resolve]
Check List
--signoff
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.