From b289a4e7a6fe245b65dfb29478ce4dacd5276f85 Mon Sep 17 00:00:00 2001
From: Jake Spain <jake.spain+15749776@perforce.com>
Date: Thu, 19 Jan 2023 21:05:28 -0500
Subject: [PATCH 1/2] Change dependabot to weekly

---
 .github/dependabot.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index eb1db810..e9298f4f 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,12 +3,10 @@ updates:
 - package-ecosystem: bundler
   directory: "/"
   schedule:
-    interval: daily
-    time: "13:00"
+    interval: weekly
   open-pull-requests-limit: 10
 - package-ecosystem: bundler
   directory: "/docker/"
   schedule:
-    interval: daily
-    time: "13:00"
+    interval: weekly
   open-pull-requests-limit: 10

From c7fb2bbfe341761458283ab7dc2e0600f898ebd8 Mon Sep 17 00:00:00 2001
From: Jake Spain <jake.spain+15749776@perforce.com>
Date: Thu, 19 Jan 2023 21:04:34 -0500
Subject: [PATCH 2/2] Migrate Snyk to Mend Scanning

---
 .github/workflows/security.yml | 39 ++++++++++++++++++++++++++++++++++
 .github/workflows/snyk.yml     | 19 -----------------
 2 files changed, 39 insertions(+), 19 deletions(-)
 create mode 100644 .github/workflows/security.yml
 delete mode 100644 .github/workflows/snyk.yml

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 00000000..666c6020
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,39 @@
+name: Security
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  scan:
+    name: Mend Scanning
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout repo content
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 1
+    - name: setup ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.7
+    # setup a package lock if one doesn't exist, otherwise do nothing
+    - name: check lock
+      run: '[ -f "Gemfile.lock" ] && echo "package lock file exists, skipping" || bundle lock'
+    # install java
+    - uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin' # See 'Supported distributions' for available options
+        java-version: '17'
+    # download mend
+    - name: download_mend
+      run: curl -o wss-unified-agent.jar https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar
+    - name: run mend
+      run: java -jar wss-unified-agent.jar
+      env:
+        WS_APIKEY: ${{ secrets.MEND_API_KEY }}
+        WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent
+        WS_USERKEY: ${{ secrets.MEND_TOKEN }}
+        WS_PRODUCTNAME: RE
+        WS_PROJECTNAME: ${{ github.event.repository.name }}
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
deleted file mode 100644
index 3d48051d..00000000
--- a/.github/workflows/snyk.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-name: Snyk Scan
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-
-jobs:
-  security:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/ruby@master
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_RE_KEY }}
-        with:
-          command: monitor