Skip to content
/Policies - Organization

Mend API (2.0)

Mend's enhanced SCA API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend App.
  • Improved security with a JWT token per organization, which expires every 10 minutes.
  • Added scalability with support for pagination, filtering and sorting search results.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

Note: To help you get started with the Mend SCA API 2.0, we recommend reviewing our onboarding guide -> Getting Started with Mend SCA API 2.0. This resource covers initial setup, authentication instructions, and helpful tips to help you successfully begin working with the Mend SCA API 2.0. If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
2.0.json
2.0.yaml
Languages
Servers
Generated server url
https://api-saas.mend.io/

Entities - Project

Operations

Policies - Project

Operations

CustomAttribute - Project

Operations

Alerts - Project

Operations

project-attribution-report-controller

Operations

Policies - Product

Operations

CustomAttribute - Product

Operations

Entities - Product

Operations

Settings - Whitelist

Operations

Settings - In-House

Operations

Policies - Organization

Operations

Get organization policy

Request

Returns the given policy for a particular organization

Security
bearer-key
Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

policyUuidstringrequired

Policy UUID (by running Policies - Organization and run Get Organization Policies, or the equivalent for Product or Project.)

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(PolicyDTO)

Policies are checked by order of priority; note that 1 is the lowest priority

Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "name": "A Policy",
    "owner": {},
    "createdAt": "2019-08-24T14:15:22Z",
    "priority": 1,
    "filter": {},
    "action": {},
    "context": {},
    "enabled": true,
    "modifiedAt": "2019-08-24T14:15:22Z",
    "modifiedBy": "jon.smith@mail.com",
    "aggregatedPriority": 0
  }
}

Update Organization Policy

Request

Updates a policy of a given organization

Security
bearer-key
Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

policyUuidstringrequired

Policy UUID (by running Policies - Organization and run Get Organization Policies, or the equivalent for Product or Project.)

Bodyapplication/jsonrequired
namestring(Policy Name)required
Example: "License Policy"
filterGAV_REGEX (object) or LIBRARY_REQUEST_HISTORY (object) or LIBRARY_STALENESS (object) or LICENSE (object) or PRIMARY_ATTRIBUTE_VALUE (object) or PRODUCT (object) or ReferenceNameRequiredException (object) or EFFECTIVENESS (object) or VULNERABILITY_SCORE (object)required
One of:

type: GAV_REGEX

filter.​typestring
filter.​groupIdRegexstring(Group Id Regex)
Example: "/**"
filter.​artifactIdRegexstring(Artifact Id Regex)
Example: "/**"
filter.​versionRegexstring(Version Regex)
Example: "/**"
actionAPPROVE (object) or CONDITIONS (object) or CREATE_ISSUE (object) or REASSIGN (object) or REJECT (object)required
One of:

type: APPROVE

action.​typestringrequired
enabledboolean(Enabled)
Default true
application/json
{
  "name": "License Policy",
  "filter": {
    "type": "string",
    "groupIdRegex": "/**",
    "artifactIdRegex": "/**",
    "versionRegex": "/**"
  },
  "action": {
    "type": "string"
  },
  "enabled": true
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(PolicyDTO)

Policies are checked by order of priority; note that 1 is the lowest priority

Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "name": "A Policy",
    "owner": {},
    "createdAt": "2019-08-24T14:15:22Z",
    "priority": 1,
    "filter": {},
    "action": {},
    "context": {},
    "enabled": true,
    "modifiedAt": "2019-08-24T14:15:22Z",
    "modifiedBy": "jon.smith@mail.com",
    "aggregatedPriority": 0
  }
}

Delete Organization Policy

Request

Deletes the given policy for an organization

Security
bearer-key
Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

policyUuidstringrequired

Policy UUID (by running Policies - Organization and run Get Organization Policies, or the equivalent for Product or Project.)

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Update Organization Policy Priorities

Request

Updates the priority of policies in a given organization. Policies are numbered and then evaluated sequentially. The request body should contain a list of policy UUIDs in the desired order, starting from highest priority. The service returns a list or ordered policies.

Security
bearer-key
Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequired
uuidsArray of strings(Policy Uuid)required
Example: ["123e4567-e89b-12d3-a456-426655440000"]
application/json
{
  "uuids": [
    "123e4567-e89b-12d3-a456-426655440000"
  ]
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(PolicyDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Apply Organization Policies On Inventory

Request

After initiating this call, the process will be performed asynchronously in the background. To check the status of the process and retrieve the final outcome, use the "Get Async Process Status" request.

Security
bearer-key
Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(AsyncProcessStatusV2DTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "contextUuid": "caf69794-9882-4b55-82db-6b6da4fe2a26",
    "uuid": "caf69794-9882-4b55-82db-6b6da4fe2a92",
    "status": "PENDING",
    "contextType": "DOMAIN",
    "created": "2019-08-24T14:15:22Z",
    "modified": "2019-08-24T14:15:22Z",
    "processType": "APPLY_POLICIES",
    "messageContentSha1": "fb4016165697cc32d0b90ccc82e3c2c846eb01b7",
    "requestToken": "2cd6a43b",
    "userEmail": "sample@mail.com"
  }
}

Get organization policies

Request

Returns all of the policies of a given organization

Security
bearer-key
Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(PolicyDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Create Organization Policy

Request

Creates a new policy for a given organization

Security
bearer-key
Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequired
namestring(Policy Name)required
Example: "License Policy"
filterGAV_REGEX (object) or LIBRARY_REQUEST_HISTORY (object) or LIBRARY_STALENESS (object) or LICENSE (object) or PRIMARY_ATTRIBUTE_VALUE (object) or PRODUCT (object) or ReferenceNameRequiredException (object) or EFFECTIVENESS (object) or VULNERABILITY_SCORE (object)required
One of:

type: GAV_REGEX

filter.​typestring
filter.​groupIdRegexstring(Group Id Regex)
Example: "/**"
filter.​artifactIdRegexstring(Artifact Id Regex)
Example: "/**"
filter.​versionRegexstring(Version Regex)
Example: "/**"
actionAPPROVE (object) or CONDITIONS (object) or CREATE_ISSUE (object) or REASSIGN (object) or REJECT (object)required
One of:

type: APPROVE

action.​typestringrequired
enabledboolean(Enabled)
Default true
application/json
{
  "name": "License Policy",
  "filter": {
    "type": "string",
    "groupIdRegex": "/**",
    "artifactIdRegex": "/**",
    "versionRegex": "/**"
  },
  "action": {
    "type": "string"
  },
  "enabled": true
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(PolicyDTO)

Policies are checked by order of priority; note that 1 is the lowest priority

Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "name": "A Policy",
    "owner": {},
    "createdAt": "2019-08-24T14:15:22Z",
    "priority": 1,
    "filter": {},
    "action": {},
    "context": {},
    "enabled": true,
    "modifiedAt": "2019-08-24T14:15:22Z",
    "modifiedBy": "jon.smith@mail.com",
    "aggregatedPriority": 0
  }
}

CustomAttribute - Organization

Operations

User Management - Groups

Operations

Entities - Organization

Operations

User Profile

Operations

Library - Product

Operations

User Management - Users

Operations

Update Request

Operations

Library - Organization

Operations

Access Management - Organizations

Operations

Access Management

Operations

General Info - Vulnerabilities

Operations

Library - Source Files

Operations

User Management - Roles And Permissions

Operations

Library - Project

Operations

Alerts - Product

Operations

General Info - Permissions

Operations

Vulnerable Libraries

Operations

Summary - Organization

Operations

Asynchronous Process Control

Operations

domain-controller

Operations

General Info - Licenses

Operations

product-attribution-report-controller

Operations