Skip to content

Mend API (3.0.1)

Mend's enhanced SCA API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend App.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for pagination, filtering and sorting search results.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
Languages
Servers
Generated server url

https://api-saas.mend.io/

Operations
Operations

Request

Returns a single policy in a given project

Security
bearer-key
Path
projectTokenstringrequired

project UUID (by running Entities - Product > Get Product Projects) or Project Token (from the Mend SCA App: Integrate tab > Project Token).

policyUuidstringrequired

Policy UUID (by running Policies - Organization and run Get Organization Policies, or the equivalent for Product or Project.)

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(PolicyDTO)

Policies are checked by order of priority; note that 1 is the lowest priority

Response
application/json
{ "supportToken": "1171c60d", "retVal": { "uuid": "123e4567-e89b-12d3-a456-426655440000", "name": "A Policy", "owner": {}, "createdAt": "2019-08-24T14:15:22Z", "priority": 1, "filter": {}, "action": {}, "context": {}, "enabled": true, "modifiedAt": "2019-08-24T14:15:22Z", "modifiedBy": "jon.smith@mail.com", "aggregatedPriority": 0 } }

Request

Updates a policy for a given project

Security
bearer-key
Path
projectTokenstringrequired

project UUID (by running Entities - Product > Get Product Projects) or Project Token (from the Mend SCA App: Integrate tab > Project Token).

policyUuidstringrequired

Policy UUID (by running Policies - Organization and run Get Organization Policies, or the equivalent for Product or Project.)

Bodyapplication/jsonrequired
namestring(Policy Name)required
Example: "License Policy"
filterGAV_REGEX (object) or LIBRARY_REQUEST_HISTORY (object) or LIBRARY_STALENESS (object) or LICENSE (object) or PRIMARY_ATTRIBUTE_VALUE (object) or PRODUCT (object) or ReferenceNameRequiredException (object) or EFFECTIVENESS (object) or VULNERABILITY_SCORE (object)required
One of:

type: GAV_REGEX

filter.​typestring
filter.​groupIdRegexstring(Group Id Regex)
Example: "/**"
filter.​artifactIdRegexstring(Artifact Id Regex)
Example: "/**"
filter.​versionRegexstring(Version Regex)
Example: "/**"
actionAPPROVE (object) or CONDITIONS (object) or CREATE_ISSUE (object) or REASSIGN (object) or REJECT (object)required
One of:

type: APPROVE

action.​typestringrequired
enabledboolean(Enabled)
Default true
application/json
{ "name": "License Policy", "filter": { "type": "string", "groupIdRegex": "/**", "artifactIdRegex": "/**", "versionRegex": "/**" }, "action": { "type": "string" }, "enabled": true }

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(PolicyDTO)

Policies are checked by order of priority; note that 1 is the lowest priority

Response
application/json
{ "supportToken": "1171c60d", "retVal": { "uuid": "123e4567-e89b-12d3-a456-426655440000", "name": "A Policy", "owner": {}, "createdAt": "2019-08-24T14:15:22Z", "priority": 1, "filter": {}, "action": {}, "context": {}, "enabled": true, "modifiedAt": "2019-08-24T14:15:22Z", "modifiedBy": "jon.smith@mail.com", "aggregatedPriority": 0 } }

Request

Deletes a policy for a given project

Security
bearer-key
Path
projectTokenstringrequired

project UUID (by running Entities - Product > Get Product Projects) or Project Token (from the Mend SCA App: Integrate tab > Project Token).

policyUuidstringrequired

Policy UUID (by running Policies - Organization and run Get Organization Policies, or the equivalent for Product or Project.)

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{ "supportToken": "1171c60d", "retVal": { "message": "Success!" } }

Request

Updates the priority of policies in a given project. Policies are numbered and then evaluated sequentially. The request body should contain a list of policy UUIDs in the desired order, starting from highest priority. The service returns a list or ordered policies.

Security
bearer-key
Path
projectTokenstringrequired

project UUID (by running Entities - Product > Get Product Projects) or Project Token (from the Mend SCA App: Integrate tab > Project Token).

Bodyapplication/jsonrequired
uuidsArray of strings(Policy Uuid)required
Example: ["123e4567-e89b-12d3-a456-426655440000"]
application/json
{ "uuids": [ "123e4567-e89b-12d3-a456-426655440000" ] }

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(PolicyDTO)
Response
application/json
{ "supportToken": "1171c60d", "retVal": [ {} ] }

Apply Project Policies on Inventory

Request

After initiating this call, the process will be performed asynchronously in the background. To check the status of the process and retrieve the final outcome, use the "Get Async Process Status" request.

Security
bearer-key
Path
projectTokenstringrequired

project UUID (by running Entities - Product > Get Product Projects) or Project Token (from the Mend SCA App: Integrate tab > Project Token).

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(AsyncProcessStatusV2DTO)
Response
application/json
{ "supportToken": "1171c60d", "retVal": { "contextUuid": "caf69794-9882-4b55-82db-6b6da4fe2a26", "uuid": "caf69794-9882-4b55-82db-6b6da4fe2a92", "status": "PENDING", "contextType": "DOMAIN", "created": "2019-08-24T14:15:22Z", "modified": "2019-08-24T14:15:22Z", "processType": "APPLY_POLICIES", "messageContentSha1": "fb4016165697cc32d0b90ccc82e3c2c846eb01b7", "requestToken": "2cd6a43b", "userEmail": "sample@mail.com" } }

Request

Returns all of the policies of a given project

Security
bearer-key
Path
projectTokenstringrequired

project UUID (by running Entities - Product > Get Product Projects) or Project Token (from the Mend SCA App: Integrate tab > Project Token).

Query
searchany

Filter your search to return items whose property has a specific value. Use the syntax: property:operation:value where a colon (:) separates between property, operation and value.

  • Property: the name of the property of the item
  • Operation:
    • equals - true if the value is identical to this value.
  • Value: the value of the property.

This endpoint supports filtering on the following properties and its supported operators:

  • aggregatePolicies:[equals]:value. Value can be either true or false
No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(PolicyDTO)
Response
application/json
{ "supportToken": "1171c60d", "retVal": [ {} ] }

Request

Creates a new policy for a given project

Security
bearer-key
Path
projectTokenstringrequired

project UUID (by running Entities - Product > Get Product Projects) or Project Token (from the Mend SCA App: Integrate tab > Project Token).

Bodyapplication/jsonrequired
namestring(Policy Name)required
Example: "License Policy"
filterGAV_REGEX (object) or LIBRARY_REQUEST_HISTORY (object) or LIBRARY_STALENESS (object) or LICENSE (object) or PRIMARY_ATTRIBUTE_VALUE (object) or PRODUCT (object) or ReferenceNameRequiredException (object) or EFFECTIVENESS (object) or VULNERABILITY_SCORE (object)required
One of:

type: GAV_REGEX

filter.​typestring
filter.​groupIdRegexstring(Group Id Regex)
Example: "/**"
filter.​artifactIdRegexstring(Artifact Id Regex)
Example: "/**"
filter.​versionRegexstring(Version Regex)
Example: "/**"
actionAPPROVE (object) or CONDITIONS (object) or CREATE_ISSUE (object) or REASSIGN (object) or REJECT (object)required
One of:

type: APPROVE

action.​typestringrequired
enabledboolean(Enabled)
Default true
application/json
{ "name": "License Policy", "filter": { "type": "string", "groupIdRegex": "/**", "artifactIdRegex": "/**", "versionRegex": "/**" }, "action": { "type": "string" }, "enabled": true }

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(PolicyDTO)

Policies are checked by order of priority; note that 1 is the lowest priority

Response
application/json
{ "supportToken": "1171c60d", "retVal": { "uuid": "123e4567-e89b-12d3-a456-426655440000", "name": "A Policy", "owner": {}, "createdAt": "2019-08-24T14:15:22Z", "priority": 1, "filter": {}, "action": {}, "context": {}, "enabled": true, "modifiedAt": "2019-08-24T14:15:22Z", "modifiedBy": "jon.smith@mail.com", "aggregatedPriority": 0 } }
Operations
Operations

project-attribution-report-controller

Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations

User Management - Roles And Permissions

Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations
Operations

product-attribution-report-controller

Operations