Mend CLI vs Unified Agent
The Mend CLI is a combined security solution, that introduces a holistic and coherent experience by utilizing all Mend scanning capabilities in a single tool/binary. It is the recommended tool for scanning within a CI/CD pipeline or on a developer desktop.
Mend CLI Features
Dependency scanning (SCA) - scans open source components for vulnerabilities (CVEs), license risk, and supply chain vulnerabilities/malicious packages (MSCs)
In addition to languages natively supported, the CLI also provides coverage for other languages covered by the Unified Agent
Source file matching resolution via the extended mode ā--eā
Code scanning (SAST) - scans custom code for weaknesses (CWEs)
Container Image scanning - scan container images for operating system and application open source components for vulnerabilities(CVEs) and license risk
Shadow AI Components and Third-Party Models - as part of the Dependency scanning (SCA), the Mend CLI performs detection of AI components in use and provides insight into third-party models referenced in code.
Additional features
Ability to receive policy alerts in output using one command
--fail-policyVulnerability & Policy violation information output in the terminal
Produce an update request using
--local
When to use the Mend Unified Agent
The CLI provides coverage for all languages supported by the Unified Agent. However, it favors the use of its newer detection logic for popular languages, which may result in scan differences if the same pipelines were previously scanned with the Unified Agent. If attempting to compare dependency scan results, it is recommended to follow: Comparing Scans Between the Unified Agent and CLI. Running the Unified Agent in the pipeline for a defined period of time can help assist a migration process while scan differences are settled.
While on by default, it is recommended to disable this in the Unified Agent.
Additional Languages Supported by the Mend CLI
Using one of the following package managers