Changing name of WhiteSource to Mend

[grendel513]

Updating name if WhiteSource to Mend - this does not touch documentation as there is another pull request for that specifically already.

[dryrunsecurity]

Contextual Security Analysis

As DryRun Security performs checks, we’ll summarize them here. You can always dive into the detailed results in the section below for checks.

Status	DryRun Security Check
✅	Sensitive Functions Analyzer
✅	Configured Sensitive Files Check
✅	Sensitive Files Analyzer

Chat with your AI-powered Security Buddy by typing @dryrunsecurity followed by your question into a comment.
Example: @dryrunsecurity What are common security issues with web application cookies?

Install and configure more repositories at DryRun Security

[Maffooch]

Couple of things:

• unit test scan files that are not related to whitesource/mend should probably not be updated here
• When changing the name of a test type, it is important to do the following as well:
  • update the test type object - this is to remove the possibility that a user attempts to import a test to whitesource and get a "parser not found" error
  • for any existing whitesource finding, the found_by column needs to be updated - this field is used to display all the test types that this finding belongs (multiple in cases of detected duplicates between tools)
  • Here is a migration that can be used as a reference

[Maffooch]

Also would be good to add a breaking change section to the upgrade notes for folks that could be using Whitesource in an API based import. Here is an example from when the Nessus -> Tenable conversion was made

[grendel513]

Thanks @Maffooch - Migration has been added

[grendel513]

Thanks @Maffooch - documentation added in upgrade notes

[grendel513]

• unit test scan files that are not related to whitesource/mend should probably not be updated here

I updated those references from whitesource to mend to better align with new name. functionality is not affected

[kiblik]

Please update the existing 2.31.md. This will create duplicity.

[mtesauro]

Approved

[Maffooch]

Failing test is accommodated in #9348

2024-01-31T19:46:48.0088609Z �[36muwsgi_1         |�[0m ======================================================================
2024-01-31T19:46:48.0089177Z �[36muwsgi_1         |�[0m FAIL: test_file_existence (unittests.test_parsers.TestParsers.test_file_existence) (parser='mend', category='docs')
2024-01-31T19:46:48.0089469Z �[36muwsgi_1         |�[0m ----------------------------------------------------------------------
2024-01-31T19:46:48.0089818Z �[36muwsgi_1         |�[0m Traceback (most recent call last):
2024-01-31T19:46:48.0090196Z �[36muwsgi_1         |�[0m   File "/app/unittests/test_parsers.py", line 27, in test_file_existence
2024-01-31T19:46:48.0090371Z �[36muwsgi_1         |�[0m     self.assertTrue(
2024-01-31T19:46:48.0091186Z �[36muwsgi_1         |�[0m AssertionError: False is not true : Documentation file '/app/unittests/../docs/content/en/integrations/parsers/file/mend.md' is missing or using 

[s13rr4-s3c]

In my tests the functionality is not working... also for Whitesource naming, Mend's json reports are not acceptable for defectdojo, even the json format.

The versions that i tested: defectdojo 3.31.0 && 2.27.4
Somebody else?

[kiblik]

There was some issue with "WhiteSource vs Mend" reported in Slack as well https://owasp.slack.com/archives/C2P5BA8MN/p1707244117982809

[mtesauro]

@devopscodeck Can you provide a sanitized Mend json file? Having samples is really the only way for us to test scanner output especially for commercial offerings.

Happy to look at the parser code and add unit tests but we'll need an example first.