Add .whitesource and configs file to activate whitesource integration

[zelinh]

Signed-off-by: Zelin Hao zelinhao@amazon.com

opensearch-project/security-dashboards-plugin pull request intake form

1. Category: (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

This is a new feature.

2. Github Issue # or road-map entry, if available:

3. Description of changes:

We @bbarani already enable the access of WhiteSource integration with github.com for this repo. However, the automatic PR of .whitesource is not created. We asked for the support from WhiteSource side and they suggested we could raise one by ourselves. This PR will also set the WhiteSource integration config mode LOCAL so it will be using the whitesource.config in the root directory. Dashboards team can modify this configuration on their own to customize it. We are providing the one we had for all repos at this time.

Another PR we created for the same issue. opensearch-project/OpenSearch-Dashboards#999

Please be aware that when this PR is merged, WhiteSource integration might be automatically created CVEs Github issues like these in build repo.

4. Why these changes are required?

This WhiteSource plugin will help us scan vulnerability on PR level and create issues for CVEs based on level set in "minSeverityLevel": "LOW")

5. What is the old behavior before changes and new behavior after changes? (Please add any example/logs/screen-shot if available)

6. Testing done: (Please provide details of testing done: Unit testing, integration testing and manual testing)

7. TO-DOs, if any: (Please describe pending items and provide Github issues# for each of them)

8. Is it backport from main branch? (If yes, please add backport PR # and commits #)

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or

(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or

(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.

(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[davidlago]

Thanks @zelinh! A PR just merged to master that fixes CI. Please rebase master and push again.