API v1.3 and v1.4
/
What's New in API v1.4

What's New in API v1.4

Background

CVSS 3.0 introduced the Critical severity label for vulnerabilities with a score of 9.0 or higher:

  • Low: 0.1–3.9
  • Medium: 4.0–6.9
  • High: 7.0–8.9
  • Critical: 9.0–10.0

Previously, Mend displayed both High and Critical as just High, requiring customers to implement custom automation to distinguish between the two.

Release Schedule

  • From Jan 2, 2023: Users of the Unified Agent and UI will see the Critical label.
    No need to rerun a scan. It is also visible in repository integrations like:

    • GitHub.com
    • GitHub Enterprise
    • BitBucket Server
    • BitBucket Cloud
    • Azure DevOps
    • GitLab

  • By Jan 31, 2023: Users of IDEs, Azure DevOps pipelines, and Jira integrations will also see these changes.

API Updates

To maintain backward compatibility, Mend introduces a new API version, v1.4, allowing you to adopt the Critical label when ready.

API endpoint:
https://<environment>/api/v1.4

Where <environment> corresponds to your Mend server.

For example, the response to Get Project Alerts when the CVSS3 score higher than nine:

Sample from API v1.3Sample from API v1.4
{

  "requestType" : "getProjectAlerts",

  "userKey": "user_key",

  "projectToken" : "project_token"

}		{

  "requestType" : "getProjectAlerts",

  "userKey": "user_key",

  "projectToken" : "project_token"

}
{

  "vulnerability": {

    "name": "CVE-2021-44228",

    "type": "CVE",

    "severity": "high",

    "score": 9.3,

    "cvss3_severity": "high",

    "cvss3_score": 10.0,

    "scoreMetadataVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",

    "publishDate": "2021-12-10",

    "lastUpdated": "2022-12-09",

    "url": "https://www.mend.io/vulnerability-database/CVE-2021-44228",		{

  "vulnerability": {

    "name": "CVE-2021-44228",

    "type": "CVE",

    "severity": "high",

    "score": 9.3,

    "cvss3_severity": "critical",

    "cvss3_score": 10.0,

    "scoreMetadataVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",

    "publishDate": "2021-12-10",

    "lastUpdated": "2022-12-09",

    "url": "https://www.mend.io/vulnerability-database/CVE-2021-44228",

Benefits of Displaying Critical Vulnerabilities

Identifying Critical vulnerabilities allows you to:

  • Prioritize and address the most severe vulnerabilities faster.
  • Improve overall security posture.
  • Create new policies to handle Critical vulnerabilities specifically.
Previous page
Next page