Skip to content
Platform API 3.0
/
/
Get a project finding (SA...

Mend API (3.0)

Mend's enhanced API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend Platform.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for cursor pagination and limiting results size.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Note: To help you get started with the Mend API 3.0, we recommend reviewing our onboarding guide -> Getting Started with API 3.0. This resource covers initial setup, authentication instructions, and helpful tips to help you successfully begin working with the Mend API 3.0.

Download OpenAPI description
3.0.json
3.0.yaml
Languages
Servers
Generated server url
https://baseUrl/

Access Management

Operations

Administration - Groups

Operations

Administration - Users

Operations

Administration - Labels

Operations

Reports

Operations

Scans

Operations

Projects

Operations

Applications

Operations

Findings - Project

Operations

Update a project finding state (review and/or suppression) or severity (SAST)

Request

Update a project finding state (review and/or suppression) or severity

Path
projectUuidstringrequired

UUID of the project

findingSnapshotIdstringrequired

UUID of the finding snapshot

Bodyapplication/jsonrequired

Patch operation to apply to the finding

customSeveritystring

If set, it has to be either High, Medium or Low. Case insensitive, all values are converted to have the first letter uppercase and others lowercase, e.g. High.

originstring

Optional, origin used for telemetry.

reviewedboolean
suppressedboolean
suppressionReasonstring

Has to be unset or empty if suppressed is not set or if it's false.

application/json
{
  "customSeverity": "string",
  "origin": "string",
  "reviewed": true,
  "suppressed": true,
  "suppressionReason": "string"
}

Responses

OK

Body*/*
additionalDataobject
responseobject(dto.SuccessResponse)
supportTokenstring

Get a project finding (SAST)

Request

Get a project finding for a specified project and finding UUID.

Path
projectUuidstringrequired

UUID of the project

findingUuidstringrequired

UUID of the finding

No request payload

Responses

OK

Bodyapplication/json
additionalDataobject
responseobject(dto.FindingV3)
supportTokenstring
Response
application/json
{
  "additionalData": {},
  "response": {
    "ageRating": 0,
    "almIssues": {},
    "appId": "string",
    "baseline": true,
    "comments": [],
    "confidenceRating": 0,
    "correlatedDastFindingUuids": [],
    "createdTime": "string",
    "dataFlows": [],
    "description": "string",
    "hasRemediation": true,
    "id": "string",
    "isNew": true,
    "issueStatus": 0,
    "projectId": "string",
    "rating": 0,
    "refId": "string",
    "reviewed": true,
    "riskFactors": {},
    "scanId": "string",
    "severity": "string",
    "severityRating": 0,
    "sharedStep": {},
    "snapshotId": "string",
    "suppressed": true,
    "suppressedBy": "string",
    "suppressionMessage": "string",
    "suppressionRejected": true,
    "suppressionRequestComment": "string",
    "suppressionRequested": true,
    "suppressionTime": "string",
    "type": {},
    "workflowViolations": [],
    "workflowViolationsCount": 0
  },
  "supportToken": "string"
}

Update multiple findings status (Containers)

Request

Update the status of multiple findings in bulk (e.g. suppress, review)

Path
projectuuidstringrequired

UUID of the project

Bodyapplication/jsonrequired

Array of finding status update requests. Each item requires: status. For findings, either packageUUID or vulnerabilityName should be provided. For 'suppressed' status, reason is also required.

Array [
commentstring
packageUUIDstring
reasonstring(model.FindingSuppressionReason)
Enum"Acceptable risk""No fix available""No risk""Ignore"
statusstring(model.FindingStatusType)required
Enum"suppressed""unreviewed""reviewed""suppress""Issue Created"
vulnerabilityNamestring
]
application/json
[
  {
    "comment": "string",
    "packageUUID": "string",
    "reason": "Acceptable risk",
    "status": "suppressed",
    "vulnerabilityName": "string"
  }
]

Responses

OK

Bodyapplication/json
additionalDataobject(common.AdditionalData)
responseobject
supportTokenstring
Example: "659C0A4730"
Response
application/json
{
  "additionalData": {
    "error": "string",
    "paging": {},
    "totalItems": 100
  },
  "response": {
    "failedPackageUUID": [],
    "updatedStatuses": []
  },
  "supportToken": "659C0A4730"
}

Findings - Scan

Operations

Integrations

Operations

Reports - Account

Operations

AI

Operations

Red Team

Operations