Mend SCA Cloud Release Notes
Mend.io reserves the right to modify this page retroactively.
To stay informed about hotfixes, modifications, and additions to Mend.io's products, check this page from time to time in between official releases.
Click here to view known issues.
Mend Unified Agent release notes are listed under the “Mend Unified Agent Release Notes” page.
Mend CLI release notes are listed under the “Mend CLI Release Notes” page.
Access all release notes for Mend.io’s products.
Version 24.10.1 (20-October-2024)
New Features and Updates
The SBOM Import feature is now generally available, allowing users to upload SBOM files to create or update projects in the Mend application.
Resolved Issues
(Cloud Native) Fixed an issue which led to incorrect Get Image Vulnerabilities API results being returned for page 0.
Version 24.9.2 (13-October-2024)
New Features and Updates
The Unified Agent is now wrapped within the Mend CLI, allowing users to run SCA scans using the Unified Agent via the Mend CLI with the
mend ua
command.
Version 24.9.1 (22-September-2024)
New Features and Updates
Added the option to exclude vulnerabilities from the SBOM Export report, by toggling this option off in the ‘Generate SBOM Report’ dialog box.
The SBOM Export report now includes a drop-down menu instead of radio buttons, for selecting the desired SBOM standard.
API v1.3/1.4: Added the option to specify the SBOM standard version in the generateProductReportAsync and generateProjectReportAsync reports
Version 24.8.2 (08-September-2024)
New Features and Updates
Added vulnerability data to the SBOM Export report in the SPDX standard.
Version 24.8.1 (25-August-2024)
New Features and Updates
Added a Package URL (Purl) column to the Inventory report export.
Reminder: The Unified Agent now has a dedicated release notes page! All the release notes pertaining to the Unified Agent are there, both old and new.
Version 24.7.2 (11-August-2024)
New Features and Updates
The Unified Agent now has a dedicated release notes page! All the release notes pertaining to the Unified Agent are there, both old and new.
Resolved Issues
Fixed an issue in SCA Reachability for Java, which under certain conditions led to incorrect identification of reachable/unreachable elements.
Version 24.7.1 (29-July-2024)
New Features and Updates
The SCA license coverage has been enhanced with additional licenses and further alignment with SPDX standards
Version 24.6.2 (15-July-2024)
Resolved Issues
Unified Agent: Fixed an issue which led to a failure to resolve transitive dependencies in Python projects when ‘python’ was not configured as a PATH environment variable in the operating system.
Unified Agent: Fixed an issue where the the hierarchy tree of the dependencies in the setup.py file of a Python project wasn’t resolved, when python.resolveHierarchyTree was set to true.
Unified Agent: Fixed an issue of failing to identify yarn/pnpm subprojects (workspaces), leading to partial scans of some yarn/pnpm projects.
API v1.3/1.4: Fixed an issue where the Library Release Date value was occasionally missing for some libraries in the response of the
getProductInventoryReport
API call.
Version 24.6.1 (1-July-2024)
New Features and Updates
Unified Agent: Various SCM-related improvements. Visit the Developer Integrations Release Notes page for more details.
Resolved Issues
Unified Agent: Fixed a null pointer exception which led to the failure of the xModuleAnalyzer (Prioritize).
Version 24.5.3 (17-June-2024)
New Features and Updates
The SBOM Export report now supports SPDX 2.3 (in addition to SPDX 2.2 and CycloneDX 1.4).
The SBOM Export report in the CycloneDX standard is now embedded with VEX data.
Unified Agent: A new resolution algorithm for sbt 1.x projects, improving the detection of dependencies, can now be enabled using the sbt.newSbtResolution parameter.
Version 24.5.2 (03-June-2024)
Resolved Issues
Unified Agent: Fixed an issue where npm private dependencies with no version would fail the project update.
Version 24.5.1 (20-May-2024)
Resolved Issues
Fixed null pointer exception in Prioritize scans when maven.projectNameFromDependencyFile=true.
Unified Agent: In some cases, Swift artifacts' SHA-1 values were not calculated properly, leading to a failure to upload the scan results to the application.
Version 24.4.1 (21-April-2024)
New Features and Updates
Change: The REPORT_IN_HOUSE_VIEW permission is now granted to users with the READ_ONLY role in addition to the existing ADMIN role. Benefits: Users with read-only access can now view the in-house reports.
API v1.3/1.4 now allows the exclusion of vulnerabilities from CycloneDX SBOM reports using the includeVulnerabilities parameter.
Unified Agent: SPM Swift resolution support has been added.
Resolved Issues
Unified Agent: Fixed an issue where some pipenv transitive dependencies would show up as direct dependencies.
Version 24.3.1 (25-March-2024)
New Features and Updates
Business Source License (BSL) 1.1 been added to the Mend license database.
API 2.0: Two API calls have been enhanced:
/api/v2.0/projects/:projectToken/alerts/security
- additional field returned in ‘component’ object:type
/api/v2.0/projects/:projectToken/libraries
- additional field returned:libraryType
Resolved Issues
Unified Agent: When the pom file definition: <outputType>dot</outputType> was used, some modules were ignored, and the scan was considered a successful scan. The scan will now attempt to use a fallback and provide a failure if the fallback was unsuccessful.
Version 24.2.2 (11-March-2024)
Resolved Issues
Unified Agent: Fixed an issue where an image scan would fail after upgrading the Docker Engine to version 25.0.1
Unified Agent: Fixed an issue where invalid pyproject.toml files would be treated as valid poetry bom files, leading to failures and incomplete scans
Version 24.2.1 (26-February-2024)
License detection for all package types is now supported in Container Images. This data is available in the Container Image UI.
Unified Agent: When the "package-lock=false" configuration is set in an .npmrc file, NPM resolution will ignore the existing lock file and switch to node_modules-based resolution.
Version 24.1.1 (29-January-2024)
New Features and Updates
Unified Agent: Added support for npm-shrinkwrap.json as a part of NPM resolution.