SCA API 2.0
/
Settings - Whitelist
/
Update Whitelist Rules

Mend API (2.0)

Mend's enhanced SCA API enables automation of workflows in a REST compliant format. The API features:

  • Access for any user with Mend credentials, via a user key available in the user's profile page in the Mend App.
  • Improved security with a JWT token per organization, which expires every 30 minutes.
  • Added scalability with support for pagination, filtering and sorting search results.
  • Broader functionality available programmatically.
  • New standard API documentation for easy navigation and search.

If you have a dedicated instance of Mend, contact your Mend representative to access this API on your instance.

Download OpenAPI description
2.0.json
2.0.yaml
Languages
Servers
Generated server url

https://api-saas.mend.io/

Entities - Project

Operations

Policies - Project

Operations

CustomAttribute - Project

Operations

Alerts - Project

Operations

project-attribution-report-controller

Operations

application-violations-controller

Operations

Policies - Product

Operations

CustomAttribute - Product

Operations

Entities - Product

Operations

Settings - Whitelist

Operations

Update single Whitelist Rule

Request

Updates the properties of a single whitelist rule of an organization, including matching libraries, their vulnerability scores and the actions to take

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

uuidstringrequired

AllowList rule UUID

Bodyapplication/jsonrequired
regexstring(White List Regex Rule)
Example: "*aa*"
descriptionstring(White List Description)
Example: "description for white list"
application/json
{
  "regex": "*aa*",
  "description": "description for white list"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(WhiteListRuleDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "regexType": "BY_NAME",
    "regex": "*aa*",
    "createdBy": "string",
    "createdAt": "2019-08-24T14:15:22Z",
    "description": "Sample description"
  }
}

Delete Single Whitelist Rule

Request

Deletes one of the whitelist rules of an organization

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

uuidstringrequired

Whitelist rule UUID

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Update Whitelist Rules

Request

Updates an organization's whitelist rules for vulnerability scores and the actions to take with libraries that appear in the whitelist

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequiredArray [
uuidstring(White List UUID)required
Example: "123e4567-e89b-12d3-a456-426655440000"
regexstring(White List Regex Rule)required
Example: "*aa*"
descriptionstring(White List Description)
Example: "description for white list"
]
application/json
[
  {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "regex": "*aa*",
    "description": "description for white list"
  }
]

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Add Whitelist Rules

Request

Creates multiple new whitelist rules for an organization, defining which libraries to match, their vulnerability scores and the actions to take. Whitelisted libraries have been pre-approved by your organization so no policy alerts will be created for them during scans, and they will be ignored by all organizational policies.

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequired
rulesArray of objects(CreateWhiteListRuleRequestDTO)
application/json
{
  "rules": [
    {}
  ]
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(WhiteListRuleDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Delete Whitelist Rules

Request

Deletes all of the whitelist rules of an organization

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequiredArray [
uuidstring(White List UUID)required
Example: "123e4567-e89b-12d3-a456-426655440000"
]
application/json
[
  {
    "uuid": "123e4567-e89b-12d3-a456-426655440000"
  }
]

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Apply Whitelist Rules to Existing Inventory

Request

Applies the current whitelist rules to an organization's inventory. Whitelisted libraries are pre-approved by the organization so no policy alerts will be created for them, and they will be ignored by all organizational policies.

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

No request payload

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(MessageDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "message": "Success!"
  }
}

Get All Whitelist Rules

Request

Retrieves all of the whitelist rules of an organization. Whitelisted libraries are pre-approved by the organization so no policy alerts will be created for them, and they will be ignored by all organizational policies

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Query
pageSizestring<= 10000

Enter the number of items to return in each page of the result.

Default "50"
pagestring
Default "0"
No request payload

Responses

OK

Bodyapplication/json
additionalDataobject(Provides insights into endpoint-supported pagination information.)
  • totalItems: The total count of data points returned in an API response.
  • isLastPage: Defines whether the current page represents the conclusion of the API response. When “true”, this signifies you are viewing the last page of the API response. When “false”, this indicates there are further pages remaining.
Example: {"totalItems":"422","isLastPage":"true"}
supportTokenstring(Support Token)
Example: "1171c60d"
retValArray of objects(WhiteListRuleDTO)
Response
application/json
{
  "additionalData": {
    "totalItems": "422",
    "isLastPage": "true"
  },
  "supportToken": "1171c60d",
  "retVal": [
    {}
  ]
}

Add Single Whitelist Rule

Request

Creates a new whitelist rule for an organization, defining which libraries to match along, their vulnerability scores and the actions to take. Whitelisted libraries have been pre-approved by your organization so no policy alerts will be created for them during scans, and they will be ignored by all organizational policies.

Path
orgTokenstringrequired

org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).

Bodyapplication/jsonrequired
regexstring(White List Regex Rule)required
Example: "*aa*"
descriptionstring(White List Description)
Example: "description for white list"
application/json
{
  "regex": "*aa*",
  "description": "description for white list"
}

Responses

OK

Bodyapplication/json
supportTokenstring(Support Token)
Example: "1171c60d"
retValobject(WhiteListRuleDTO)
Response
application/json
{
  "supportToken": "1171c60d",
  "retVal": {
    "uuid": "123e4567-e89b-12d3-a456-426655440000",
    "regexType": "BY_NAME",
    "regex": "*aa*",
    "createdBy": "string",
    "createdAt": "2019-08-24T14:15:22Z",
    "description": "Sample description"
  }
}

Settings - In-House

Operations

Policies - Organization

Operations

CustomAttribute - Organization

Operations

User Management - Groups

Operations

Entities - Organization

Operations

User Profile

Operations

Library - Product

Operations

User Management - Users

Operations

Update Request

Operations

Library - Organization

Operations

Access Management - Organizations

Operations

Access Management

Operations

General Info - Vulnerabilities

Operations

Library - Source Files

Operations

User Management - Roles And Permissions

Operations

Library - Project

Operations

Alerts - Product

Operations

General Info - Permissions

Operations

Vulnerable Libraries

Operations

Summary - Organization

Operations

Asynchronous Process Control

Operations

General Info - Licenses

Operations

product-attribution-report-controller

Operations