Mend API (3.0)

Mend's enhanced API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend Platform.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for cursor pagination and limiting results size.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
Languages
Servers
Generated server url

https://baseUrl/

Access Management

Operations

Administration - Groups

Operations

Administration - Users

Operations

Administration - Labels

Operations

Reports

Operations

Scans

Operations

Projects

Operations

Applications

Operations

Findings - Project

Operations

Bulk update of project findings state (review and/or suppression) or severity (SAST)

Request

Bulk update of project findings state (review and/or suppression) or severity

Path
projectUuidstringrequired

UUID of the project

No request payload

Responses

OK

Bodyapplication/json
additionalDataobject
responseobject(dto.SuccessResponse)
supportTokenstring
Response
application/json
{ "additionalData": {}, "response": { "message": "Operation succeeded", "result": null, "success": true }, "supportToken": "string" }

Update a project finding state (review and/or suppression) or severity (SAST)

Request

Update a project finding state (review and/or suppression) or severity

Path
projectUuidstringrequired

UUID of the project

findingSnapshotIdstringrequired

UUID of the finding snapshot

No request payload

Responses

OK

Body*/*
additionalDataobject
responseobject(dto.SuccessResponse)
supportTokenstring

Get a project finding (SAST)

Request

Get a project finding for a specified project and finding UUID.

Path
projectUuidstringrequired

UUID of the project

findingUuidstringrequired

UUID of the finding

No request payload

Responses

OK

Bodyapplication/json
additionalDataobject
responseobject(dto.FindingV3)
supportTokenstring
Response
application/json
{ "additionalData": {}, "response": { "ageRating": 0, "almIssues": {}, "appId": "string", "baseline": true, "comments": [], "confidenceRating": 0, "correlatedDastFindingUuids": [], "createdTime": "string", "dataFlows": [], "description": "string", "hasRemediation": true, "id": "string", "isNew": true, "issueStatus": 0, "projectId": "string", "rating": 0, "refId": "string", "reviewed": true, "riskFactors": {}, "scanId": "string", "severity": "string", "severityRating": 0, "sharedStep": {}, "snapshotId": "string", "suppressed": true, "suppressedBy": "string", "suppressionMessage": "string", "suppressionTime": "string", "type": {}, "workflowViolations": [], "workflowViolationsCount": 0 }, "supportToken": "string" }

Findings - Scan

Operations

Integrations

Operations