Merge pull request #61 from Axway/APIGOV-26840

APIGOV-26840 - csr5
Axway · Jan 4, 2024 · 3c44ab6 · 3c44ab6
2 parents 4d49290 + 921de36
commit 3c44ab6
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 60 deletions.
diff --git a/.csr-profile.json b/.csr-profile.json
@@ -3,17 +3,12 @@
   "repo_url": "https://github.com/Axway/agents-kong",
   "security_guide": "https://docs.axway.com/bundle/axway_resources/page/amplify_api_management_platform_security_white_paper.html",
   "requirements": {
-    "dependency-check": false,
     "fortify": true,
     "irius-risk": false,
-    "npm-audit": false,
     "pentest": false,
-    "retirejs": false,
     "twistlock": true,
-    "zap": false,
-    "yarn": false,
-    "gosec": false,
-    "whitesource": true,
+    "blackduck": true,
+    "third-party-policy-violation": false,
     "appspider": false,
     "insightvm": false
   },

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -10,10 +10,6 @@ variables:
   FORTIFY_INCLUDE: "**/*.go"
   FORTIFY_EXCLUDE: "**/*_test.go"
 
-  # Whitesource
-  WS_PROJECT_ID: "agents-kong"
-  WS_CONFIG_FILE: "whitesource.config"
-
   # Blackduck
   BLACKDUCK_PROJECT_NAME: "Amplify - APIC Kong Agents"
 
@@ -31,12 +27,11 @@ include:
       - "/gitlabci/restrictions.yml"
       - "/gitlabci/jobs.yml"
   - project: "scurity/gitlabci"
-    ref: $SCURITY_V2
+    ref: $SCURITY_LATEST
     file:
       - "/.gitlab-ci-fortify.yml"
       - "/.gitlab-ci-twistlock.yml"
       - "/.gitlab-ci-iriusrisk.yml"
-      - "/.gitlab-ci-whitesource.yml"
       - "/.gitlab-ci-blackduck.yml"
       - "/.gitlab-ci-csr.yml"
   - project: "apigov/beano_cicd"
@@ -103,20 +98,7 @@ twistlock-traceability:on-schedule:
     - export IMAGE_NAME=ghcr.io/axway/kong_traceability_agent:${GIT_TAG_PREFIX}${LATEST_TAG}
     - docker pull ${IMAGE_NAME}
 
-whitesource:on-schedule:
-  extends: .whitesource
-  rules:
-    - !reference [.mirror-schedule-csr-rules, rules]
-  before_script:
-    - git config --global http.sslVerify false
-    - git config --global url."ssh://[email protected]".insteadOf "https://git.ecd.axway.org"''
-    - git fetch
-    - *get-latest-tag
-    - echo "Checking out ${GIT_TAG_PREFIX}${LATEST_TAG}"
-    - git checkout ${GIT_TAG_PREFIX}${LATEST_TAG}
-
 blackduck:on-schedule:
-  extends: .blackduck
   rules:
     - !reference [.mirror-schedule-csr-rules, rules]
   before_script:
@@ -136,13 +118,7 @@ fetch-fortify:
   rules:
     - !reference [.mirror-branch-csr-rules, rules]
 
-whitesource:
-  rules:
-    - !reference [.mirror-branch-csr-rules, rules]
-  before_script:
-    - export GOWORK=off
-
-blackduck:
+blackduck-rapid:
   rules:
     - !reference [.mirror-branch-csr-rules, rules]
 

diff --git a/CODEOWNERS b/CODEOWNERS
@@ -4,7 +4,6 @@
 #[CSR]
  # .csr-profile.json requires SPOC approval for any modifications
 .csr-profile.json @dfeldick @jcollins-axway @vivekschauhan
-whitesource.config @dfeldick
 
 #[CICD]
 # cicd-related files

diff --git a/whitesource.config b/whitesource.config