mend-toolkit / mend-examples Goto Github PK

The following validation steps can be added to ensure that the environment prerequisites for repository integration are met:

1. Docker server version 18 and above (docker –version).
2. Ensure all ports required for repository integration are open, specifically all ports used by docker-compose.yaml are open.

The validation steps can be added to setup.sh script.

Question
Can you add yaml example to setup sast through azure pipeline using windows image for Mend CLI, most of the example seems to be for linux.

Environment Details

• OS: windows-latest
• Browser Edge
• Version 23.2.2

There is an error with this repository's Mend configuration file that needs to be fixed. As a precaution, scans will stop until it is resolved.

Errors:

• "settingsInheritedFrom" attribute provided in mend-toolkit/mend-examples/.whitesource points to a non-existent repository or branch: 'mend-toolkit/whitesource-config@main'

Bug Description

The setup.sh uses the command shasum -a 256 which results in an error when running the script in a Linux2/RHEL/CentOS env: "command sha not found". The error does not cause the script to break loudly (which is fine, imo) but it does result in the graylog setup page not displaying the correct info.

On linux2, the equivalent command is sha256sum.

NOTE: Given that the Readme in this project specifies using an Ubuntu box, I wouldn't necessarily qualify this as a bug; however, for those of us who are trying to spin something up fast (and miss the requirement for the host OS), I wanted to at least open an issue, so future users have something to reference. There is likely a more elegant way to manage this within the script, but I'll leave that to your team, as I don't have time to tackle it ;)

Steps to Reproduce
Steps to reproduce the behavior:

1. Run the setup.sh on a Linux2 box, per the instructions in the project readme.
2. Navigate to the initial setup page for graylog in your browser
3. Note that the page loads but does not contain the necessary data node for selection. If you haven't used graylog before, this makes the instructions "Follow the setup steps and keep all of the defaults" from the Readme very confusing.
4. Bring down the docker-compose project and edit the setup.sh line 77 to read: GRAYLOG_ROOT_PASSWORD_SHA2="$(echo -n ${graylog_root_password} | sha256sum | cut -d ' ' -f 1)"

Environment Details

NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
Amazon Linux release 2 (Karoo)

Additional Context
Again, this isn't so much a bug as it is a note for future users. Do with it what you will :)

Bug Description
The following shell script gets stuck at 'echo "Scan is still processing...' for over 15 minutes when using webgoat in github.com:
https://github.com/mend-toolkit/mend-examples/blob/main/Scripts/Mend%20SCA/check-project-state.sh

Steps to Reproduce
Run in any pipeline.
This script was called from:
https://github.com/mend-toolkit/mend-examples/blob/main/Scripts/Mend%20SCA/sbomreports.yml

Expected Behavior
The subscript should be able to process the project states.
Please note, the script works fine in azdo using ASP Real World App.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• Update mongo Docker tag to v7

Detected dependencies

Question
Hi, I'm looking for possibilities to enable Mend Prioritize Scan for our Gitlab integrated projects. I recently came across Gitlab CI example https://github.com/mend-toolkit/mend-examples/blob/main/CI-CD/GitLab/Unified%20Agent/GitLab-cached-ua.yml
Do I need to add wss-unified-agent.config and -appPath parameter in order to make wss-unified-agent.jar run Prioritize Scan as it described in docs https://docs.mend.io/bundle/sca_user_guide/page/scanning_projects_with_mend_prioritize.html?

There is an error with this repository's Mend configuration file that needs to be fixed. As a precaution, scans will stop until it is resolved.

Errors:

• "settingsInheritedFrom" attribute provided in mend-toolkit/mend-examples/.whitesource points to a non-existent repository or branch: 'mend-toolkit/whitesource-config@main'