Skip to main content
Skip table of contents

Mend SCA Cloud Release Notes

  • Mend.io reserves the right to modify this page retroactively.

  • To stay informed about hotfixes, modifications, and additions to Mend.io's products, check this page from time to time in between official releases.

  • Click here to view known issues.

  • Mend Unified Agent release notes are listed under the “Mend Unified Agent Release Notes” page.

  • Mend CLI release notes are listed under the “Mend CLI Release Notes” page.

  • Access all release notes for Mend.io’s products.

Version 24.10.1 (20-October-2024)

New Features and Updates

Resolved Issues

  • (Cloud Native) Fixed an issue which led to incorrect Get Image Vulnerabilities API results being returned for page 0.

Version 24.9.2 (13-October-2024)

New Features and Updates

  • The Unified Agent is now wrapped within the Mend CLI, allowing users to run SCA scans using the Unified Agent via the Mend CLI with the mend ua command.

Version 24.9.1 (22-September-2024)

New Features and Updates

  • Added the option to exclude vulnerabilities from the SBOM Export report, by toggling this option off in the ‘Generate SBOM Report’ dialog box.

  • The SBOM Export report now includes a drop-down menu instead of radio buttons, for selecting the desired SBOM standard.

  • API v1.3/1.4: Added the option to specify the SBOM standard version in the generateProductReportAsync and generateProjectReportAsync reports

Version 24.8.2 (08-September-2024)

New Features and Updates

Version 24.8.1 (25-August-2024)

New Features and Updates

Version 24.7.2 (11-August-2024)

New Features and Updates

Resolved Issues

  • Fixed an issue in SCA Reachability for Java, which under certain conditions led to incorrect identification of reachable/unreachable elements.

Version 24.7.1 (29-July-2024)

New Features and Updates

  • The SCA license coverage has been enhanced with additional licenses and further alignment with SPDX standards

Version 24.6.2 (15-July-2024)

Resolved Issues

  • Unified Agent: Fixed an issue which led to a failure to resolve transitive dependencies in Python projects when ‘python’ was not configured as a PATH environment variable in the operating system.

  • Unified Agent: Fixed an issue where the the hierarchy tree of the dependencies in the setup.py file of a Python project wasn’t resolved, when python.resolveHierarchyTree was set to true.

  • Unified Agent: Fixed an issue of failing to identify yarn/pnpm subprojects (workspaces), leading to partial scans of some yarn/pnpm projects.

  • API v1.3/1.4: Fixed an issue where the Library Release Date value was occasionally missing for some libraries in the response of the getProductInventoryReport API call.

Version 24.6.1 (1-July-2024)

New Features and Updates

Resolved Issues

  • Unified Agent: Fixed a null pointer exception which led to the failure of the xModuleAnalyzer (Prioritize).

Version 24.5.3 (17-June-2024)

New Features and Updates

Version 24.5.2 (03-June-2024)

Resolved Issues

  • Unified Agent: Fixed an issue where npm private dependencies with no version would fail the project update.

Version 24.5.1 (20-May-2024)

Resolved Issues

  • Fixed null pointer exception in Prioritize scans when maven.projectNameFromDependencyFile=true.

  • Unified Agent: In some cases, Swift artifacts' SHA-1 values were not calculated properly, leading to a failure to upload the scan results to the application.

Version 24.4.1 (21-April-2024)

New Features and Updates

  • Change: The REPORT_IN_HOUSE_VIEW permission is now granted to users with the READ_ONLY role in addition to the existing ADMIN role. Benefits: Users with read-only access can now view the in-house reports.

  • API v1.3/1.4 now allows the exclusion of vulnerabilities from CycloneDX SBOM reports using the includeVulnerabilities parameter.

  • Unified Agent: SPM Swift resolution support has been added.

Resolved Issues

  • Unified Agent: Fixed an issue where some pipenv transitive dependencies would show up as direct dependencies.

Version 24.3.1 (25-March-2024)

New Features and Updates

  • Business Source License (BSL) 1.1 been added to the Mend license database.

  • API 2.0: Two API calls have been enhanced:

    1. /api/v2.0/projects/:projectToken/alerts/security - additional field returned in ‘component’ object: type

    2. /api/v2.0/projects/:projectToken/libraries - additional field returned: libraryType

Resolved Issues

  • Unified Agent: When the pom file definition: <outputType>dot</outputType> was used, some modules were ignored, and the scan was considered a successful scan. The scan will now attempt to use a fallback and provide a failure if the fallback was unsuccessful.

Version 24.2.2 (11-March-2024)

Resolved Issues

  • Unified Agent: Fixed an issue where an image scan would fail after upgrading the Docker Engine to version 25.0.1

  • Unified Agent: Fixed an issue where invalid pyproject.toml files would be treated as valid poetry bom files, leading to failures and incomplete scans

Version 24.2.1 (26-February-2024)

  • License detection for all package types is now supported in Container Images. This data is available in the Container Image UI.

  • Unified Agent: When the "package-lock=false" configuration is set in an .npmrc file, NPM resolution will ignore the existing lock file and switch to node_modules-based resolution.

Version 24.1.1 (29-January-2024)

New Features and Updates

  • Unified Agent: Added support for npm-shrinkwrap.json as a part of NPM resolution.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.