SCA API 2.0
/
General Info - Vulnerabilities

Mend API (2.0)

Mend's enhanced SCA API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend App.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for pagination, filtering and sorting search results.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
2.0.json
2.0.yaml
Languages
Servers
Generated server url
https://baseUrl/

Entities - Project

Operations

Policies - Project

Operations

Alerts - Project

Operations

project-attribution-report-controller

Operations

Policies - Product

Operations

Entities - Product

Operations

Settings - Whitelist

Operations

Settings - In-House

Operations

Policies - Organization

Operations

User Management - Groups

Operations

Entities - Organization

Operations

User Profile

Operations

Library - Product

Operations

User Management - Users

Operations

Update Request

Operations

Library - Organization

Operations

Access Management - Organizations

Operations

Access Management

Operations

General Info - Vulnerabilities

Operations

Get Vulnerability Remediation Proposals

Request

Returns the recommended remediation actions to take for a given vulnerability

Path
vulnerabilityIdstringrequired

Vulnerability Name in the form of CVE-xxxx-xxx or WS-xxxx-xxx.

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(VulnerabilityFixSummaryInfoDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "vulnerability": "CVE-2021-42392",
    "topRankedFix": {},
    "allFixes": [],
    "totalUpVotes": 0,
    "totalDownVotes": 0
  }
}

Get Vulnerability Profile

Request

Returns a complete vulnerability profile of a given CVE-ID

Path
vulnerabilityIdstringrequired

Vulnerability Name in the form of CVE-xxxx-xxx or WS-xxxx-xxx.

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(VulnerabilityProfileDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "name": "CVE-2021-42392",
    "type": "WS",
    "description": "Security vulnerability found in plexus-utils before 3.0.24. XML injection found in XmlWriterUtil.java",
    "score": 5,
    "severity": "MEDIUM",
    "publishDate": "2019-08-24T14:15:22Z",
    "modifiedDate": "2019-08-24T14:15:22Z",
    "vulnerabilityScoring": [],
    "references": [],
    "effectiveInfo": {},
    "threatAssessment": {}
  }
}

Library - Source Files

Operations

User Management - Roles And Permissions

Operations

Library - Project

Operations

application-violations-controller

Operations

Alerts - Product

Operations

General Info - Permissions

Operations

Vulnerable Libraries

Operations

Summary - Organization

Operations

Asynchronous Process Control

Operations

General Info - Licenses

Operations

product-attribution-report-controller

Operations