Configure Mend Bolt for GitHub

[mend-bolt-for-github]

Welcome to Mend Bolt for GitHub (formerly WhiteSource). This is an onboarding PR to help you understand and configure settings before Mend starts scanning your repository for security vulnerabilities.

🚦 Mend Bolt for GitHub will start scanning your repository only once you merge this Pull Request. To disable Mend Bolt for GitHub, simply close this Pull Request.

---

What to Expect

This PR contains a '.whitesource' configuration file which can be customized to your needs. If no changes were applied to this file, Mend Bolt for GitHub will use the default configuration.

Before merging this PR, Make sure the Issues tab is enabled. Once you merge this PR, Mend Bolt for GitHub will scan your repository and create a GitHub Issue for every vulnerability detected in your repository.

If you do not want a GitHub Issue to be created for each detected vulnerability, you can edit the '.whitesource' file and set the 'minSeverityLevel' parameter to 'NONE'.

---

❓ Got questions? Check out Mend Bolt for GitHub docs.
If you need any further assistance then you can also request help here.

---

EntelligenceAI PR Summary

This PR adds automated security scanning and dependency vulnerability detection using WhiteSource (Mend) configuration.

• Added .whitesource configuration file for security scanning
• Configured check runs to fail on detection of vulnerable dependencies
• Set minimum severity threshold to LOW for issue reporting
• Enabled diff display mode for vulnerability visibility
• Enabled Mend branding in check names
• Default branch configuration applied (empty baseBranches array)

---

Confidence Score: 5/5 - Safe to Merge

• No review comments were generated, indicating the code meets quality standards
• All changed files (1/1) were reviewed with full coverage
• No critical, significant, high-risk, medium, or low severity issues detected
• No existing unresolved comments that would block merging

[entelligence-ai-pr-reviews]

Walkthrough

This pull request introduces automated security scanning and dependency vulnerability management by adding a WhiteSource (Mend) configuration file. The configuration enables continuous monitoring of project dependencies for security vulnerabilities and will automatically fail check runs when vulnerable dependencies are detected. Issue reporting is configured to flag dependencies with a minimum severity level of LOW or higher, ensuring comprehensive security coverage. The diff display mode provides clear visibility into vulnerability changes, and Mend branding is enabled for check names to maintain consistent identification across the CI/CD pipeline.

Changes

File(s)	Summary
.whitesource	Added WhiteSource (Mend) configuration file to enable automated security scanning with check runs that fail on vulnerable dependencies, issue reporting for dependencies with minimum severity level of LOW, diff display mode enabled, and Mend branding for check names.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant Config as Configuration Store
    participant Scanner as Scan Orchestrator
    participant CheckRun as Check Run Service
    participant IssueFilter as Issue Filter Service
    participant Repo as Repository

    Scanner->>Config: Load scan settings
    Config-->>Scanner: baseBranches: []
    
    Scanner->>Repo: Scan repository branches
    Repo-->>Scanner: Scan results
    
    Scanner->>IssueFilter: Filter issues
    IssueFilter->>Config: Get issue settings
    Config-->>IssueFilter: minSeverityLevel: LOW<br/>issueType: DEPENDENCY
    IssueFilter-->>Scanner: Filtered issues
    
    Scanner->>CheckRun: Create check run
    CheckRun->>Config: Get check run settings
    Config-->>CheckRun: vulnerableCheckRunConclusionLevel: failure<br/>displayMode: diff<br/>useMendCheckNames: true
    
    CheckRun->>Repo: Post check run with diff display
    
    alt Issues found with severity >= LOW
        CheckRun->>Repo: Set status to failure
    else No issues found
        CheckRun->>Repo: Set status to success
    end

Loading