Adding mend scan

.gitignore

@@ -7,6 +7,7 @@
 /.tox
 /venv*
 /tmp
+/whitesource/*
 
 .*ignore
 !.gitignore

.travis.yml

@@ -28,7 +28,7 @@ before_install:
     - echo -e "machine github.ibm.com\n  login $GHE_ACCESS_TOKEN" >> ~/.netrc # Login to GitHub Enterprise
 install:
     - pip install "certifi>=2022.12.07" "setuptools>=65.5.1" tox pipenv
-script: make setup-trivy && make setup-cosign && make trivy-scan-python-vulnerabilities && make test
+script: make setup-trivy && make setup-cosign && make trivy-scan-python-vulnerabilities && make setup-mend && make mend-scan && make test
 cache:
     directories:
         - $HOME/.cache/pre-commit

Makefile.ibm

@@ -48,12 +48,15 @@ COSIGN_VERSION := $(shell curl -s "https://api.github.com/repos/sigstore/cosign/
 
 TRAVIS_COMMIT ?= head
 
+# Mend related
+MEND ?= /tmp/mend
+
 setup-trivy:
 	curl -sSfL https://github.com/aquasecurity/trivy/releases/download/v$(TRIVY_VERSION)/trivy_$(TRIVY_VERSION)_$(TRIVY_OS)-$(TRIVY_ARCH)bit.tar.gz -o /tmp/trivy.tar.gz
 	tar zxvf /tmp/trivy.tar.gz -C $(dir $(TRIVY)) trivy
 
 setup-cosign:
-	curl -sSfL https://github.com/sigstore/cosign/releases/download/v$(COSIGN_VERSION)/cosign-linux-amd64  -o $(COSIGN)
+	curl -sSfL https://github.com/sigstore/cosign/releases/download/v$(COSIGN_VERSION)/cosign-linux-amd64 -o $(COSIGN)
 	chmod +x $(COSIGN)
 
 trivy-scan-python-vulnerabilities:
@@ -66,6 +69,13 @@ trivy-scan-python-vulnerabilities:
 	pipenv lock
 	$(TRIVY) fs --exit-code 1 --ignore-unfixed --security-checks vuln ./
 
+setup-mend:
+	curl -sSfL http://pokgsa.ibm.com/gsa/pokgsa/home/t/h/thota123/whitesource/Unified%20Agent/wss-unified-agent.jar -o $(MEND)
+	# sudo apt install openjdk-8-jdk -y
+
+mend-scan:
+	java -jar  $(MEND)/wss-unified-agent.jar -d ./
+
 docker-quality-images:
 	for image_name in $(DOCKER_IMAGES_TO_SCAN) ; do												\
 		$(TRIVY) image --exit-code 1 --ignore-unfixed $(DOCKER_DOMAIN_LOCAL)/$*$${image_name};  \