From 4b55a24133569af65130749318a3880823cb5c8c Mon Sep 17 00:00:00 2001
From: Domenick DiBiase <Domenick.DiBiase@ibm.com>
Date: Thu, 18 May 2023 15:30:43 -0400
Subject: [PATCH 1/3] Adding mend scan

---
 .gitignore   | 1 +
 .travis.yml  | 2 +-
 Makefile.ibm | 7 +++++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 095006833..7cefd3ead 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@
 /.tox
 /venv*
 /tmp
+/whitesource/*
 
 .*ignore
 !.gitignore
diff --git a/.travis.yml b/.travis.yml
index fdc1d2cf9..495688321 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -28,7 +28,7 @@ before_install:
     - echo -e "machine github.ibm.com\n  login $GHE_ACCESS_TOKEN" >> ~/.netrc # Login to GitHub Enterprise
 install:
     - pip install "certifi>=2022.12.07" "setuptools>=65.5.1" tox pipenv
-script: make setup-trivy && make setup-cosign && make trivy-scan-python-vulnerabilities && make test
+script: make setup-trivy && make setup-cosign && make trivy-scan-python-vulnerabilities && make setup-mend && make mend-scan && make test
 cache:
     directories:
         - $HOME/.cache/pre-commit
diff --git a/Makefile.ibm b/Makefile.ibm
index 11a1861b0..561dc96fd 100644
--- a/Makefile.ibm
+++ b/Makefile.ibm
@@ -66,6 +66,13 @@ trivy-scan-python-vulnerabilities:
 	pipenv lock
 	$(TRIVY) fs --exit-code 1 --ignore-unfixed --security-checks vuln ./
 
+setup-mend:
+	curl -LJO http://pokgsa.ibm.com/gsa/pokgsa/home/t/h/thota123/whitesource/Unified%20Agent/wss-unified-agent.jar
+	sudo apt install openjdk-8-jdk -y
+
+mend-scan:
+	java -jar wss-unified-agent.jar -d ./
+
 docker-quality-images:
 	for image_name in $(DOCKER_IMAGES_TO_SCAN) ; do												\
 		$(TRIVY) image --exit-code 1 --ignore-unfixed $(DOCKER_DOMAIN_LOCAL)/$*$${image_name};  \

From 7915ee409bd581054ccd93ff763ab96091aed94b Mon Sep 17 00:00:00 2001
From: Domenick DiBiase <Domenick.DiBiase@ibm.com>
Date: Thu, 18 May 2023 15:38:42 -0400
Subject: [PATCH 2/3] Updating install location

---
 Makefile.ibm | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/Makefile.ibm b/Makefile.ibm
index 561dc96fd..0c713934c 100644
--- a/Makefile.ibm
+++ b/Makefile.ibm
@@ -48,12 +48,15 @@ COSIGN_VERSION := $(shell curl -s "https://api.github.com/repos/sigstore/cosign/
 
 TRAVIS_COMMIT ?= head
 
+# Mend related
+MEND ?= /tmp/mend
+
 setup-trivy:
 	curl -sSfL https://github.com/aquasecurity/trivy/releases/download/v$(TRIVY_VERSION)/trivy_$(TRIVY_VERSION)_$(TRIVY_OS)-$(TRIVY_ARCH)bit.tar.gz -o /tmp/trivy.tar.gz
 	tar zxvf /tmp/trivy.tar.gz -C $(dir $(TRIVY)) trivy
 
 setup-cosign:
-	curl -sSfL https://github.com/sigstore/cosign/releases/download/v$(COSIGN_VERSION)/cosign-linux-amd64  -o $(COSIGN)
+	curl -sSfL https://github.com/sigstore/cosign/releases/download/v$(COSIGN_VERSION)/cosign-linux-amd64 -o $(COSIGN)
 	chmod +x $(COSIGN)
 
 trivy-scan-python-vulnerabilities:
@@ -67,11 +70,11 @@ trivy-scan-python-vulnerabilities:
 	$(TRIVY) fs --exit-code 1 --ignore-unfixed --security-checks vuln ./
 
 setup-mend:
-	curl -LJO http://pokgsa.ibm.com/gsa/pokgsa/home/t/h/thota123/whitesource/Unified%20Agent/wss-unified-agent.jar
+	curl -LJO http://pokgsa.ibm.com/gsa/pokgsa/home/t/h/thota123/whitesource/Unified%20Agent/wss-unified-agent.jar -o $(MEND)
 	sudo apt install openjdk-8-jdk -y
 
 mend-scan:
-	java -jar wss-unified-agent.jar -d ./
+	java -jar  $(MEND)/wss-unified-agent.jar -d ./
 
 docker-quality-images:
 	for image_name in $(DOCKER_IMAGES_TO_SCAN) ; do												\

From 53be865206de305bb5c2443e3216897a00ffab55 Mon Sep 17 00:00:00 2001
From: Domenick DiBiase <Domenick.DiBiase@ibm.com>
Date: Thu, 18 May 2023 15:43:44 -0400
Subject: [PATCH 3/3] Updating curl options

---
 Makefile.ibm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile.ibm b/Makefile.ibm
index 0c713934c..7a549cef9 100644
--- a/Makefile.ibm
+++ b/Makefile.ibm
@@ -70,8 +70,8 @@ trivy-scan-python-vulnerabilities:
 	$(TRIVY) fs --exit-code 1 --ignore-unfixed --security-checks vuln ./
 
 setup-mend:
-	curl -LJO http://pokgsa.ibm.com/gsa/pokgsa/home/t/h/thota123/whitesource/Unified%20Agent/wss-unified-agent.jar -o $(MEND)
-	sudo apt install openjdk-8-jdk -y
+	curl -sSfL http://pokgsa.ibm.com/gsa/pokgsa/home/t/h/thota123/whitesource/Unified%20Agent/wss-unified-agent.jar -o $(MEND)
+	# sudo apt install openjdk-8-jdk -y
 
 mend-scan:
 	java -jar  $(MEND)/wss-unified-agent.jar -d ./