Platform API 3.0
/
Findings - Project
/
Get a project finding (SAST)

Mend API (3.0)

Mend's enhanced API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend Platform.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for cursor pagination and limiting results size.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
3.0.json
3.0.yaml
Languages
Servers
Generated server url

https://baseUrl/

Access Management

Operations

Administration - Groups

Operations

Administration - Users

Operations

Administration - Labels

Operations

Reports

Operations

Scans

Operations

Projects

Operations

Applications

Operations

Findings - Project

Operations

Update a project finding state (review and/or suppression) or severity (SAST)

Request

Update a project finding state (review and/or suppression) or severity

Path
projectUuidstringrequired

UUID of the project

findingSnapshotIdstringrequired

UUID of the finding snapshot

No request payload

Responses

OK

Body*/*
additionalDataobject
responseobject(dto.SuccessResponse)
supportTokenstring

Get a project finding (SAST)

Request

Get a project finding for a specified project and finding UUID.

Path
projectUuidstringrequired

UUID of the project

findingUuidstringrequired

UUID of the finding

No request payload

Responses

OK

Bodyapplication/json
additionalDataobject
responseobject(dto.FindingV3)
supportTokenstring
Response
application/json
{
  "additionalData": {},
  "response": {
    "ageRating": 0,
    "almIssues": {},
    "appId": "string",
    "baseline": true,
    "comments": [],
    "confidenceRating": 0,
    "correlatedDastFindingUuids": [],
    "createdTime": "string",
    "dataFlows": [],
    "description": "string",
    "hasRemediation": true,
    "id": "string",
    "isNew": true,
    "issueStatus": 0,
    "projectId": "string",
    "rating": 0,
    "refId": "string",
    "reviewed": true,
    "riskFactors": {},
    "scanId": "string",
    "severity": "string",
    "severityRating": 0,
    "sharedStep": {},
    "snapshotId": "string",
    "suppressed": true,
    "suppressedBy": "string",
    "suppressionMessage": "string",
    "suppressionTime": "string",
    "type": {},
    "workflowViolations": [],
    "workflowViolationsCount": 0
  },
  "supportToken": "string"
}

Update multiple findings status (Containers)

Request

Update the status of multiple findings in bulk (e.g. suppress, review)

Path
projectuuidstringrequired

UUID of the project

Bodyapplication/jsonrequired

Array of finding status update requests. Each item requires: status. For findings, either packageUUID or vulnerabilityName should be provided. For 'suppressed' status, reason is also required.

Array [
commentstring
packageUUIDstring
reasonstring
Enum"Acceptable risk""No fix available""No risk""Ignore"
Example: "Acceptable risk"
statusstringrequired
Enum"suppressed""unreviewed""reviewed"
Example: "suppressed"
vulnerabilityNamestring
]
application/json
[
  {
    "comment": "string",
    "packageUUID": "string",
    "reason": "Acceptable risk",
    "status": "suppressed",
    "vulnerabilityName": "string"
  }
]

Responses

OK

Bodyapplication/json
additionalDataobject(common.AdditionalData)
responseobject
supportTokenstring
Example: "659C0A4730"
Response
application/json
{
  "additionalData": {
    "error": "string",
    "paging": {},
    "totalItems": 100
  },
  "response": {
    "failedPackageUUID": [],
    "updatedStatuses": []
  },
  "supportToken": "659C0A4730"
}

Findings - Scan

Operations

Integrations

Operations