-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change whitesource integration to scan on 1.x branch #1786
Change whitesource integration to scan on 1.x branch #1786
Conversation
Signed-off-by: Zelin Hao <zelinhao@amazon.com>
Can one of the admins verify this patch? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this will resolve that issue. I haven't heard from WhiteSource support regarding of the status of that issue for some time. We have been experiencing troubles using WhiteSource to scan the main branch of OpenSearch repo even with manual scan, but everything works now for 1.x. I am adding this parameter here to see how the integration works for 1.x branch since it was previously set for main branch. |
Signed-off-by: Zelin Hao <zelinhao@amazon.com>
After investigation with @peterzhuamazon , we found that WhiteSource spent really long time looking into the Hopefully this may resolve the issue with WhiteSource integration on OpenSearch repo. |
Signed-off-by: Zelin Hao zelinhao@amazon.com
Description
Change the WhiteSource integration to do scan on 1.x branch. Ref: https://whitesource.atlassian.net/wiki/spaces/WD/pages/697696422/WhiteSource+for+GitHub.com#Scan-Settings-(scanSettings)
Please be aware that when this PR is merged, WhiteSource integration might be automatically created CVEs Github issues like these in build repo.
Core team can change
"minSeverityLevel": "LOW"
to select the minimum severity level of CVEs to be created. For example, if this parameter is changed to "MEDIUM", any low severity CVEs won't be created as issues. Ref: hereIssues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.