SCA API 2.0
/
Settings - In-House

Mend API (2.0)

Mend's enhanced SCA API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend App.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for pagination, filtering and sorting search results.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
2.0.json
2.0.yaml
Languages
Servers
Generated server url
https://baseUrl/

Entities - Project

Operations

Policies - Project

Operations

Alerts - Project

Operations

project-attribution-report-controller

Operations

Policies - Product

Operations

Entities - Product

Operations

Settings - Whitelist

Operations

Settings - In-House

Operations

Update single InHouse Rule

Request

Updates a single In-House library rule

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

ruleUuidstringrequired

The In-House rule UUID

Bodyapplication/jsonrequired
typestring(InHouse Rule Regex Type)
Enum"NAME""LIBRARY_COORDINATES""ARTIFACT_ID"
Example: "NAME"
regexstring(InHouse Regex Rule)
Example: "*aa*"
descriptionstring(InHouse Description)
Example: "description for InHouse rule"
emptyboolean
application/json
{
  "type": "NAME",
  "regex": "*aa*",
  "description": "description for InHouse rule",
  "empty": true
}

Responses

OK

Bodyapplication/json
additionalDataobject(Provides warning messages for notifying about conditions related to the )
  • warningMessage: Serves as an alert to inform you about the status of the rule being updated. The warning message will provide information about whether the rule already exists or if some of the rules are already present
Example: {"warningMessage":"item already exists"}
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(InHouseRuleDTO)
Response
application/json
{
  "additionalData": {
    "warningMessage": "item already exists"
  },
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "string",
    "type": "NAME",
    "regex": ".*a*",
    "description": "string",
    "createdAt": "2019-08-24T14:15:22Z",
    "createdBy": "string",
    "empty": true
  }
}

Delete Single In-House Rule

Request

Deletes a single In-House library rule

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

ruleUuidstringrequired

The InHouse rule UUID

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Update Multiple In-House Rules

Request

Updates the pattern-mat§ching rules of an In-House library rule

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequiredArray [
uuidstring(Proprietary Rule UUID)required
Example: "123e4567-e89b-12d3-a456-426655440000"
typestring(Proprietary Rule Regex Type)
Enum"NAME""LIBRARY_COORDINATES""ARTIFACT_ID"
Example: "NAME"
regexstring(Proprietary Regex Rule)
Example: "*aa*"
descriptionstring(Proprietary Description)
Example: "description for white list"
emptyboolean
]
application/json
[
  {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "type": "NAME",
    "regex": "*aa*",
    "description": "description for white list",
    "empty": true
  }
]

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Create Multiple In-House Rules

Request

Creates one or more in-house library rules

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequiredArray [
typestring(InHouse Rule Regex Type)required
Enum"NAME""LIBRARY_COORDINATES""ARTIFACT_ID"
Example: "NAME"
regexstring(InHouse Regex Rule)required
Example: "*aa*"
descriptionstring(InHouse Description)
Example: "description for inHouse rule"
emptyboolean
]
application/json
[
  {
    "type": "NAME",
    "regex": "*aa*",
    "description": "description for inHouse rule",
    "empty": true
  }
]

Responses

OK

Bodyapplication/json
additionalDataobject(Provides warning messages for notifying about conditions related to the )
  • warningMessage: Serves as an alert to inform you about the status of the rule being updated. The warning message will provide information about whether the rule already exists or if some of the rules are already present
Example: {"warningMessage":"item already exists"}
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(InHouseRuleDTO)
Response
application/json
{
  "additionalData": {
    "warningMessage": "item already exists"
  },
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Delete multiple InhHouse rules

Request

Deletes one or more in-house library rules

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequiredArray [
uuidstring(InHouse Rule UUID)required
Example: "123e4567-e89b-12d3-a456-426655440000"
emptyboolean
]
application/json
[
  {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "empty": true
  }
]

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Apply In-House Rules

Request

Applies the current In-House library rules to a given organization. Use this request after creating and/or updating In-House rules

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Get In-House Settings

Request

Returns a list of all In-House library rules for a given organization

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Query
pageSizestring<= 10000

Enter the number of items to return in each page of the result.

Default "50"
pagestring
Default "0"
No request payload

Responses

OK

Bodyapplication/json
additionalDataobject(Provides insights into endpoint-supported pagination information.)
  • totalItems: The total count of data points returned in an API response.
  • isLastPage: Defines whether the current page represents the conclusion of the API response. When “true”, this signifies you are viewing the last page of the API response. When “false”, this indicates there are further pages remaining.
Example: {"totalItems":"422","isLastPage":"true"}
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(InHouseSettingsDTO)
Response
application/json
{
  "additionalData": {
    "totalItems": "422",
    "isLastPage": "true"
  },
  "supportToken": "1171c60d",
  "retVal": {
    "rules": [],
    "active": true
  }
}

Create Single In-House Rule

Request

Creates a single In-House rule to match libraries by name or maven coordinates (artifact id, group id) and designate these libraries as known, trusted entities

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequired
typestring(InHouse Rule Regex Type)required
Enum"NAME""LIBRARY_COORDINATES""ARTIFACT_ID"
Example: "NAME"
regexstring(InHouse Regex Rule)required
Example: "*aa*"
descriptionstring(InHouse Description)
Example: "description for inHouse rule"
emptyboolean
application/json
{
  "type": "NAME",
  "regex": "*aa*",
  "description": "description for inHouse rule",
  "empty": true
}

Responses

OK

Bodyapplication/json
additionalDataobject(Provides warning messages for notifying about conditions related to the )
  • warningMessage: Serves as an alert to inform you about the status of the rule being updated. The warning message will provide information about whether the rule already exists or if some of the rules are already present
Example: {"warningMessage":"item already exists"}
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(InHouseRuleDTO)
Response
application/json
{
  "additionalData": {
    "warningMessage": "item already exists"
  },
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "string",
    "type": "NAME",
    "regex": ".*a*",
    "description": "string",
    "createdAt": "2019-08-24T14:15:22Z",
    "createdBy": "string",
    "empty": true
  }
}

Policies - Organization

Operations

User Management - Groups

Operations

Entities - Organization

Operations

User Profile

Operations

Library - Product

Operations

User Management - Users

Operations

Update Request

Operations

Library - Organization

Operations

Access Management - Organizations

Operations

Access Management

Operations

General Info - Vulnerabilities

Operations

Library - Source Files

Operations

User Management - Roles And Permissions

Operations

Library - Project

Operations

application-violations-controller

Operations

Alerts - Product

Operations

General Info - Permissions

Operations

Vulnerable Libraries

Operations

Summary - Organization

Operations

Asynchronous Process Control

Operations

General Info - Licenses

Operations

product-attribution-report-controller

Operations