diff --git a/.csr-profile.json b/.csr-profile.json index 83b7093..45ff17b 100644 --- a/.csr-profile.json +++ b/.csr-profile.json @@ -3,17 +3,12 @@ "repo_url": "https://github.com/Axway/agents-webmethods", "security_guide": "https://docs.axway.com/bundle/amplify-central/page/docs/connect_manage_environ/connect_api_manager/agent-security-api-manager/index.html", "requirements": { - "dependency-check": false, "fortify": true, "irius-risk": false, - "npm-audit": false, "pentest": false, - "retirejs": false, "twistlock": true, - "zap": false, - "yarn": false, - "gosec": false, - "whitesource": true, + "blackduck": true, + "third-party-policy-violation": false, "appspider": false, "insightvm": false }, diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 53f99af..f217b3f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,10 +10,6 @@ variables: FORTIFY_INCLUDE: "**/*.go" FORTIFY_EXCLUDE: "**/*_test.go" - # Whitesource - WS_PROJECT_ID: "agents-webmethods" - WS_CONFIG_FILE: "whitesource.config" - # Blackduck BLACKDUCK_PROJECT_NAME: "Amplify - APIC webMethods Agents" @@ -43,10 +39,9 @@ include: - "/gitlabci/restrictions.yml" - "/gitlabci/jobs.yml" - project: "scurity/gitlabci" - ref: $SCURITY_V2 + ref: $SCURITY_LATEST file: - "/.gitlab-ci-fortify.yml" - - "/.gitlab-ci-whitesource.yml" - "/.gitlab-ci-blackduck.yml" - "/.gitlab-ci-iriusrisk.yml" - "/.gitlab-ci-twistlock.yml" @@ -104,20 +99,7 @@ twistlock-discovery:on-schedule: # - export IMAGE_NAME=ghcr.io/axway/webmethods_traceability_agent:${LATEST_TAG} # - docker pull ${IMAGE_NAME} -whitesource:on-schedule: - extends: .whitesource - rules: - - !reference [.mirror-schedule-csr-rules, rules] - before_script: - - git config --global http.sslVerify false - - git config --global url."ssh://git@git.ecd.axway.org".insteadOf "https://git.ecd.axway.org"'' - - git fetch - - *get-latest-tag - - echo "Checking out ${LATEST_TAG}" - - git checkout ${LATEST_TAG} - blackduck:on-schedule: - extends: .blackduck rules: - !reference [.mirror-schedule-csr-rules, rules] before_script: @@ -137,13 +119,7 @@ fetch-fortify: rules: - !reference [.mirror-branch-csr-rules, rules] -whitesource: - rules: - - !reference [.mirror-branch-csr-rules, rules] - before_script: - - export GOWORK=off - -blackduck: +blackduck-rapid: rules: - !reference [.mirror-branch-csr-rules, rules] diff --git a/CODEOWNERS b/CODEOWNERS index c5765c3..4523a97 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -6,7 +6,6 @@ # .csr-profile.json requires SPOC approval for any modifications .csr-profile.json @scurity/amplify_spocs @dfeldick @jcollins @vchauhan renovate.json @dfeldick -whitesource.config @dfeldick [CICD] # cicd-related files diff --git a/whitesource.config b/whitesource.config deleted file mode 100644 index d90a780..0000000 --- a/whitesource.config +++ /dev/null @@ -1,25 +0,0 @@ -############################################################### -# WhiteSource Unified-Agent configuration file -############################################################### - -# Change the below URL to your WhiteSource server. -# Use the 'WhiteSource Server URL' which can be retrieved -# from your 'Profile' page on the 'Server URLs' panel. -# Then, add the '/agent' path to it. -wss.url=https://axway.whitesourcesoftware.com/agent - -######################################## -# Package Manager Dependency resolvers # -######################################## -resolveAllDependencies=false -go.collectDependenciesAtRuntime=false -go.resolveDependencies=false -go.modules.resolveDependencies=true - -########################################################################################### -# Includes/Excludes Glob patterns - Please use only one exclude line and one include line # -########################################################################################### -includes=**/*.go go.mod - -#Exclude file extensions or specific directories by adding **/*. or **//** -excludes=**/*_test.go