UUID of the project
Platform API 3.0
/- Update multiple findings status (Containers)
Update Root LibrarySecurity Finding (Dependencies - SCA)
Get Project Security Findings (Dependencies - SCA)
Update Security Finding (Dependencies - SCA)
Get Project Due Diligence Info (Dependencies - SCA)
Get In-House Libraries (Dependencies - SCA)
Get Project Libraries (Dependencies - SCA)
Get Root Libraries Security Finding (Dependencies - SCA)
Get a list of project findings (SAST)
Bulk update of project findings state (review and/or suppression) or severity (SAST)
Update a project finding state (review and/or suppression) or severity (SAST)
Get a project finding (SAST)
Update package status (Containers)
List latest image scan secrets findings (Containers)
List latest image scan security findings (Containers)
Update finding status (Containers)
List latest image scan packages (Containers)
Get project AI technologies (AI)
Get project AI models (AI)
Get project AI vulnerabilities
Get AI vulnerability details
Get application AI models
Get application AI vulnerabilities
Get project implementation findings
Get implementation finding snippet
Get application implementation findings
Get application AI vulnerability details
Update multiple findings...
Mend API (3.0)
Mend's enhanced API enables automation of workflows in a REST compliant format. The API features:
- Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend Platform.
- Improved security with a JWT token per organization, which expires every 30 minutes.
- Added scalability with support for cursor pagination and limiting results size.
- Broader functionality available programmatically.
- New standard API documentation for easy navigation and search.
If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.
Note: To help you get started with the Mend API 3.0, we recommend reviewing our onboarding guide -> Getting Started with API 3.0. This resource covers initial setup, authentication instructions, and helpful tips to help you successfully begin working with the Mend API 3.0.
- Generated server urlhttps://baseUrl/api/v3.0/api/v3.0/projects/{projectUuid}/code/findings/{findingUuid}
- Payload
- cURL
- JS
- Go
- Ruby
- Java 8
No request payloadResponse
application/json
{ "additionalData": {}, "response": { "ageRating": 0, "almIssues": { … }, "appId": "string", "baseline": true, "comments": [ … ], "confidenceRating": 0, "correlatedDastFindingUuids": [ … ], "createdTime": "string", "dataFlows": [ … ], "description": "string", "hasRemediation": true, "id": "string", "isNew": true, "issueStatus": 0, "projectId": "string", "rating": 0, "refId": "string", "reviewed": true, "riskFactors": { … }, "scanId": "string", "severity": "string", "severityRating": 0, "sharedStep": { … }, "snapshotId": "string", "suppressed": true, "suppressedBy": "string", "suppressionMessage": "string", "suppressionRejected": true, "suppressionRequestComment": "string", "suppressionRequested": true, "suppressionTime": "string", "type": { … }, "workflowViolations": [ … ], "workflowViolationsCount": 0 }, "supportToken": "string" }
Bodyapplication/jsonrequired
Array of finding status update requests. Each item requires: status. For findings, either packageUUID or vulnerabilityName should be provided. For 'suppressed' status, reason is also required.
Enum"Acceptable risk""No fix available""No risk""Ignore"
Enum"suppressed""unreviewed""reviewed""suppress""Issue Created"
- Generated server urlhttps://baseUrl/api/v3.0/api/v3.0/projects/{projectuuid}/images/findings
- Payload
- cURL
- JS
- Go
- Ruby
- Java 8
application/json
[ { "comment": "string", "packageUUID": "string", "reason": "Acceptable risk", "status": "suppressed", "vulnerabilityName": "string" } ]
Response
application/json
{ "additionalData": { "error": "string", "paging": { … }, "totalItems": 100 }, "response": { "failedPackageUUID": [ … ], "updatedStatuses": [ … ] }, "supportToken": "659C0A4730" }
Bodyapplication/jsonrequired
Package status update request. Required fields: status. For 'suppressed' status, reason is also required.
Enum"Acceptable risk""No fix available""No risk""Ignore"
Enum"suppressed""unreviewed""reviewed""suppress""Issue Created"
- Generated server urlhttps://baseUrl/api/v3.0/api/v3.0/projects/{projectuuid}/images/findings/packages/{packageuuid}
- Payload
- cURL
- JS
- Go
- Ruby
- Java 8
application/json
{ "comment": "string", "packageUUID": "string", "reason": "Acceptable risk", "status": "suppressed", "vulnerabilityName": "string" }
Response
application/json
{ "additionalData": { "error": "string", "paging": { … }, "totalItems": 100 }, "response": { "applicationuuid": "string", "comment": "string", "createdAt": "2020-01-01T00:00:00Z", "detectTime": "string", "distribution": "string", "distributionVersion": "string", "email": "string", "orguuid": "string", "packageDistroID": 0, "packageName": "string", "packageUUID": "string", "packageVersion": "string", "projectuuid": "string", "reason": "string", "scanuuid": "string", "secretUUID": "string", "severity": "string", "status": "string", "updatedAt": "2020-01-01T00:00:00Z", "uuid": "c4f93b6d-8236-4d0c-a67b-3978def476a3", "vulnerabilityID": "string" }, "supportToken": "659C0A4730" }