SCA API 2.0
/
Library - Organization

Mend API (3.0.1)

Mend's enhanced SCA API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend App.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for pagination, filtering and sorting search results.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
2.0.json
2.0.yaml
Languages
Servers
Generated server url
https://api-saas.mend.io/

Entities - Project

Operations

Policies - Project

Operations

CustomAttribute - Project

Operations

Alerts - Project

Operations

project-attribution-report-controller

Operations

application-violations-controller

Operations

Policies - Product

Operations

CustomAttribute - Product

Operations

Entities - Product

Operations

Settings - Whitelist

Operations

Settings - In-House

Operations

Policies - Organization

Operations

CustomAttribute - Organization

Operations

User Management - Groups

Operations

Entities - Organization

Operations

User Profile

Operations

Library - Product

Operations

User Management - Users

Operations

Update Request

Operations

Library - Organization

Operations

Get Library Notices

Request

Returns the text of a library's notice

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

libraryUuidstringrequired

library UUID (get a project's library by running Library - Project > Get Project Libraries.

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(NoticeDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Set Library Notice

Request

Edits or adds a custom notice for a given library

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

libraryUuidstringrequired

library UUID (get a project's library by running Library - Project > Get Project Libraries.

Bodyapplication/jsonrequired
textstring(Notice Text)required
Example: "Developed internally"
referencestring(Notice REFERENCE)
Example: "https://github.com/..."
application/json
{
  "text": "Developed internally",
  "reference": "https://github.com/..."
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(NoticeDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "text": "Developed internally",
    "reference": "https://github.com/..."
  }
}

Assign Library License

Request

Adds a license reference to a given library

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

libraryUuidstringrequired

library UUID (get a project's library by running Library - Project > Get Project Libraries.

Bodyapplication/jsonrequired
uuidstring(License UUID)required
Example: "123e4567-e89b-12d3-a456-426655440000"
assignedByUserboolean(Assigned By User)required
licenseReferencesArray of objects(LicenseReferenceRequestDTO)required
licenseReferences[].​liabilityReferencestring(License Liability Reference)required
Example: "www.somelink.com"
licenseReferences[].​customDisclaimerstring(Liability Reference)
application/json
{
  "uuid": "123e4567-e89b-12d3-a456-426655440000",
  "assignedByUser": true,
  "licenseReferences": [
    {}
  ]
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(LibraryLicenseDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "name": "MIT",
    "assignedByUser": true,
    "licenseReferences": []
  }
}

Set Library Copyright

Request

Edits or adds a copyright statement for a given library

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

libraryUuidstringrequired

library UUID (get a project's library by running Library - Project > Get Project Libraries.

Bodyapplication/jsonrequired
copyrightstring(Copyright Text)
Example: "Copyright 2002 Landmark"
customDisclaimerstring(Custom Disclaimer)
Example: "a disclaimer for the copyright "
createdAtstring(date-time)(Copyright Creation Date)
startYearstring(Copyright Start Year)
Example: "2020"
endYearstring(Copyright End Year)
Example: "2022"
authorstring(Copyright Author)
Example: "Cloud Conscious, LLC"
application/json
{
  "copyright": "Copyright 2002 Landmark",
  "customDisclaimer": "a disclaimer for the copyright ",
  "createdAt": "2019-08-24T14:15:22Z",
  "startYear": "2020",
  "endYear": "2022",
  "author": "Cloud Conscious, LLC"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(UserCopyrightReferenceDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "type": "PROJECT_HOMEPAGE",
    "copyright": "Copyright 2021 x greater by the end of",
    "customDisclaimer": "string",
    "createdAt": "2019-08-24T14:15:22Z",
    "textUrl": "string",
    "startYear": "2021",
    "endYear": "2022",
    "author": "x greater by the end of",
    "referenceInfo": "x greater by the end of",
    "assignedBy": {}
  }
}

Revert Library User Copyrights

Request

Reverts the copyright statement for a given library to its original text

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

libraryUuidstringrequired

library UUID (get a project's library by running Library - Project > Get Project Libraries.

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValstring
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": "string"
}

Get Organization In-House Libraries

Request

Retrieves all libraries in an organization that have been marked as In-House

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Query
pageSizestring<= 10000
Default "50"
pagestring
Default "0"
searchany

Filter your search to return items whose property has a specific value. Use the syntax: property:operation:value where a colon (:) separates between property, operation and value.

  • Property: the name of the property of the item
  • Operation:
    • equals - true if the value is identical to this value.
    • like - true if the property's value is contained within this value
    • regex - true if this regular expression resolves as true. The regex is not case sensitive, and special characters must be escaped with a backslash. Special characters include space, double quote ("), '<', '>', '#', '%', '{', '}', vertical bar ('|'), backslash, '^'. To pass an escaped character in a URL in Postman, encode it first. E.g. to return all items whose value begins with a or A, use regex:^a
  • Value: the value of the property.

To combine multiple filters, separate each filter with a semicolon with no space. E.g. property1:operation1:value1;property2:operation2:value2

This endpoint supports filtering on this property:

  • name:[like | equals | regex]:value
  • type:[like | equals ]:value
  • comment:[like | equals | regex]:value
  • markType:[equals]:value
sortany

Sort search results alphabetically on an item's property by entering sort= followed by the property name. E.g. enter sort=email to sort alphabetically by their email addresses from a-z ascending.To sort in descending order (z-a), add a minus sign ('-'). E.g. sort=-email.

You can sort by the following properties:

  • name
  • type
  • comment
  • markType
No request payload

Responses

OK

Bodyapplication/json
additionalDataobject(Provides insights into endpoint-supported pagination information.)
  • totalItems: The total count of data points returned in an API response.
  • isLastPage: Defines whether the current page represents the conclusion of the API response. When “true”, this signifies you are viewing the last page of the API response. When “false”, this indicates there are further pages remaining.
Example: {"totalItems":"422","isLastPage":"true"}
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(LightLibraryDTO)
Response
application/json
{
  "additionalData": {
    "totalItems": "422",
    "isLastPage": "true"
  },
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Mark/Unmark Library As In-House

Request

Marks/unmarks a single library in an organization as In-House

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequired
libraryUuidsArray of strings(Library UUID)
Example: ["123e4567-e89b-12d3-a456-426655440000"]
commentstring(User Comment)
Example: "A comment"
isInHouseboolean(In House)required

true for marking inHouse false for unmaking

application/json
{
  "libraryUuids": [
    "123e4567-e89b-12d3-a456-426655440000"
  ],
  "comment": "A comment",
  "isInHouse": true
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValboolean
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": true
}

Get Library Version Vulnerability Trends

Request

Returns the trend of the number of vulnerabilities in a library over past versions. Define the scope of the trend with the parameters 'before' denoting the number of versions before the current version, and 'after'. Does not support generic library types like Debian, RPM and Ruby

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

libraryUuidstringrequired

library UUID (get a project's library by running Library - Project > Get Project Libraries.

Query
startVersionstring
Default ""
beforeinteger(int32)
Default 0
afterinteger(int32)
Default 0
No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(LibraryVulnerabilityTrendsDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "trends": []
  }
}

Get Library Versions

Request

Returns a list of a library's versions

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

libraryUuidstringrequired

library UUID (get a project's library by running Library - Project > Get Project Libraries.

Query
pageSizestring<= 10000
Default "50"
pagestring
Default "0"
removeUnstableVersionsboolean
Default true
No request payload

Responses

OK

Bodyapplication/json
additionalDataobject(Provides insights into endpoint-supported pagination information.)
  • totalItems: The total count of data points returned in an API response.
  • isLastPage: Defines whether the current page represents the conclusion of the API response. When “true”, this signifies you are viewing the last page of the API response. When “false”, this indicates there are further pages remaining.
Example: {"totalItems":"422","isLastPage":"true"}
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(LibraryVersionDTO)
Response
application/json
{
  "additionalData": {
    "totalItems": "422",
    "isLastPage": "true"
  },
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Get Library Projects In Organization

Request

Returns a list of an organization's projects that contain a particular library

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

libraryUuidstringrequired

library UUID (get a project's library by running Library - Project > Get Project Libraries.

Query
pageSizestring<= 10000
Default "50"
pagestring
Default "0"
No request payload

Responses

OK

Bodyapplication/json
additionalDataobject(Provides insights into endpoint-supported pagination information.)
  • totalItems: The total count of data points returned in an API response.
  • isLastPage: Defines whether the current page represents the conclusion of the API response. When “true”, this signifies you are viewing the last page of the API response. When “false”, this indicates there are further pages remaining.
Example: {"totalItems":"422","isLastPage":"true"}
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(ProjectDTO)
Response
application/json
{
  "additionalData": {
    "totalItems": "422",
    "isLastPage": "true"
  },
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Get Library Details

Request

Returns a single library's details

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

libraryUuidstringrequired
Query
ignoreManualDataboolean

requestParameter called ignoreManualData, default value is false. In case the parameter is true, ignore manual changes of the user on the library

Default false
No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(NoLocationsLibraryDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "name": "dbus-1.10.24-13.el7_6.x86_64.rpm",
    "artifactId": "kind-of-6.0.2.tgz",
    "groupId": "kind-of",
    "version": "string",
    "architecture": "string",
    "languageVersion": "string",
    "classifier": "string",
    "extension": "string",
    "sha1": "01146b36a6218e64e58f3a8d66de5d7fc6f6d051",
    "description": "Get the native type of a value.",
    "type": "javascript/Node.js",
    "libraryType": "string",
    "directDependency": true,
    "purl": "pkg:maven/commons-beanutils/commons-beanutils@1.8.0?type=jar",
    "extraInfo": {},
    "extraInformation": {},
    "licenses": [],
    "copyrightReferences": [],
    "noticeReference": {},
    "proprietaryInfo": {},
    "attributionReportSettings": {}
  }
}

Remove Library License References

Request

Removes the license reference from a library

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

libraryUuidstringrequired

library UUID (get a project's library by running Library - Project > Get Project Libraries.

licenseUuidstringrequired

license UUID to remove

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValstring
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": "string"
}

Revert Library User Licenses

Request

Reverts the license for a given library to its original state

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

libraryUuidstringrequired

library UUID (get a project's library by running Library - Project > Get Project Libraries.

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(LibraryLicenseDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Access Management - Organizations

Operations

Access Management

Operations

General Info - Vulnerabilities

Operations

Library - Source Files

Operations

User Management - Roles And Permissions

Operations

Library - Project

Operations

Alerts - Product

Operations

General Info - Permissions

Operations

Vulnerable Libraries

Operations

Summary - Organization

Operations

Asynchronous Process Control

Operations

General Info - Licenses

Operations

product-attribution-report-controller

Operations