Skip to content

Added mend#36

Open
diego-ferrand wants to merge 2 commits into
developmentfrom
MEND_ACTIVATION
Open

Added mend#36
diego-ferrand wants to merge 2 commits into
developmentfrom
MEND_ACTIVATION

Conversation

@diego-ferrand

@diego-ferrand diego-ferrand commented Jul 14, 2026

Copy link
Copy Markdown
Collaborator

This pull request introduces security enhancements and configuration updates focused on integrating Mend (formerly WhiteSource) scanning into the CI workflow, improving dependency and SAST (Static Application Security Testing) management, and updating project documentation and dependencies.

Mend Integration and Security Configuration:

  • Added a .whitesource configuration file to enable and customize Mend SCA (Software Composition Analysis) and SAST scanning, including scan settings, check run behavior, issue thresholds, and remediation rules.
  • Introduced a mend.config file for Mend CLI configuration, specifying project scope, policy enforcement, update behavior, and report verbosity.

CI Workflow Improvements:

  • Updated .github/workflows/mend-scan.yaml to trigger Mend scans automatically after successful test workflows and on manual dispatch, with conditional job execution based on workflow outcomes.

Security Policy Documentation:

  • Added a SECURITY.md file detailing responsible vulnerability reporting guidelines and preferred contact methods for security issues.

Dependency Updates:

  • Updated pyproject.toml to bump mcp[cli] to version >=1.27.0, raise pyinstaller to >=6.17.0, and add new dependencies: pyjwt and starlette.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants