Mend API (3.0)

Mend's enhanced API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend Platform.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for cursor pagination and limiting results size.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
Languages
Servers
Generated server url

https://baseUrl/

Access Management

Operations

Administration - Groups

Operations

Administration - Users

Operations

Administration - Labels

Operations

Reports

Operations

Scans

Operations

Projects

Operations

Applications

Operations

Findings - Project

Operations

Get a project finding (Code - SAST)

Request

Get a project finding for a specified project and finding UUID.

Path
projectUuidstringrequired

UUID of the project

findingUuidstringrequired

UUID of the finding.

No request payload

Responses

OK

Bodyapplication/json
additionalDataobject
responseobject(dto.FindingV3)
supportTokenstring
Response
application/json
{ "additionalData": {}, "response": { "ageRating": 0, "almIssues": {}, "appId": "string", "baseline": true, "comments": [], "confidenceRating": 0, "createdTime": "string", "dataFlows": [], "description": "string", "hasRemediation": true, "id": "string", "isNew": true, "issueStatus": 0, "projectId": "string", "rating": 0, "reviewed": true, "scanId": "string", "severity": "string", "severityRating": 0, "sharedStep": {}, "snapshotId": "string", "suppressed": true, "suppressedBy": "string", "suppressionMessage": "string", "suppressionTime": "string", "type": {} }, "supportToken": "string" }

Get a project scan finding (Code - SAST)

Request

Get a project finding for a specified project, scan and finding UUID.

Path
projectUuidstringrequired

UUID of the project

scanUuidstringrequired

UUID of the project for which to get findings.

findingUuidstringrequired

UUID of the finding.

No request payload

Responses

OK

Bodyapplication/json
additionalDataobject
responseobject(dto.FindingV3)
supportTokenstring
Response
application/json
{ "additionalData": {}, "response": { "ageRating": 0, "almIssues": {}, "appId": "string", "baseline": true, "comments": [], "confidenceRating": 0, "createdTime": "string", "dataFlows": [], "description": "string", "hasRemediation": true, "id": "string", "isNew": true, "issueStatus": 0, "projectId": "string", "rating": 0, "reviewed": true, "scanId": "string", "severity": "string", "severityRating": 0, "sharedStep": {}, "snapshotId": "string", "suppressed": true, "suppressedBy": "string", "suppressionMessage": "string", "suppressionTime": "string", "type": {} }, "supportToken": "string" }

Update multiple findings status

Request

Update the status of multiple findings in bulk (e.g. suppress, review)

Path
projectuuidstringrequired

UUID of the project

Bodyapplication/jsonrequired

Array of finding status update requests. Each item requires: status. For findings, either packageUUID or vulnerabilityName should be provided. For 'suppressed' status, reason is also required.

Array [
commentstring
packageUUIDstring
reasonstring
Enum"Acceptable risk""No fix available""No risk""Ignore"
Example: "Acceptable risk"
statusstringrequired
Enum"suppressed""unreviewed""reviewed"
Example: "suppressed"
vulnerabilityNamestring
]
application/json
[ { "comment": "string", "packageUUID": "string", "reason": "Acceptable risk", "status": "suppressed", "vulnerabilityName": "string" } ]

Responses

OK

Bodyapplication/json
additionalDataobject(common.AdditionalData)
responseobject
supportTokenstring
Example: "659C0A4730"
Response
application/json
{ "additionalData": { "error": "string", "paging": {}, "totalItems": 100 }, "response": { "failedPackageUUID": [], "updatedStatuses": [] }, "supportToken": "659C0A4730" }

Findings - Scan

Operations

Integrations

Operations