Change whitesource integration to scan on 1.x branch #1786
Conversation
Signed-off-by: Zelin Hao <zelinhao@amazon.com>
|
Can one of the admins verify this patch? |
|
I don't think this will resolve that issue. I haven't heard from WhiteSource support regarding of the status of that issue for some time. We have been experiencing troubles using WhiteSource to scan the main branch of OpenSearch repo even with manual scan, but everything works now for 1.x. I am adding this parameter here to see how the integration works for 1.x branch since it was previously set for main branch. |
Signed-off-by: Zelin Hao <zelinhao@amazon.com>
|
After investigation with @peterzhuamazon , we found that WhiteSource spent really long time looking into the Hopefully this may resolve the issue with WhiteSource integration on OpenSearch repo. |
Signed-off-by: Zelin Hao zelinhao@amazon.com
Description
Change the WhiteSource integration to do scan on 1.x branch. Ref: https://whitesource.atlassian.net/wiki/spaces/WD/pages/697696422/WhiteSource+for+GitHub.com#Scan-Settings-(scanSettings)
Please be aware that when this PR is merged, WhiteSource integration might be automatically created CVEs Github issues like these in build repo.
Core team can change
"minSeverityLevel": "LOW"to select the minimum severity level of CVEs to be created. For example, if this parameter is changed to "MEDIUM", any low severity CVEs won't be created as issues. Ref: hereIssues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.