1. Where to find the YAML in the solution code base?
The YAML can be found as .whitesource file in the solution as shown below:
2. How to configure it (use the below Main Website/CMT)
The .whitesource file can't be opened in Visual Studio. You can use notepad++ to open and edit it. Or this can be done directly in GitHub. Following is an example of how to configured (MC MainSite)
{
"scanSettingsSAST": {
"enableScan": true,
"scanPullRequests": true,
"incrementalScan": true,
"baseBranches": ["develop"],
"snippetSize": 10
},
"checkRunSettingsSAST": {
"checkRunConclusionLevel": "failure",
"severityThreshold": "high"
},
"checkRunSettings": {
"useMendCheckNames": true
},
"imageSettings":{
"imageTracing":{
"enableImageTracingPR": false,
"addRepositoryCoordinate": false,
"addDockerfilePath": false,
"addMendIdentifier": false
}
}
}
3. How to initiate a Mend IO scan (this is done by a commit to a branch)
Commit the edited .whitesource file into GitHub. This will initiate the scan.
4. Where to find the Security issues for review in Github
Security Issues can be found in Issues tab in each repositories where MendIO is configured.
5. Remediate security issues/contact Cyber for any queries/guidance New Service Request | Marie Curie Cyber Security Services
6. Commit again and check to see if security issues are resolved.