Mend Agentic Integrations

Overview

Mend Agentic Integration provides developers with clear, intelligent security guidance and ensures security best practices are followed during AI-assisted development.

When the IDE’s agent generates code or attempts to add a new dependency, it can call the Mend.io MCP server to run an immediate security check. The MCP server analyzes the proposed code for CWEs and the requested libraries for known CVEs, then returns actionable guidance for the agent to address any discovered issues.

Use Cases

1. Developers can trigger security checks manually while generating code using the IDE’s AI.

2. Developers can configure auto-triggers for security checks. 

Prerequisites

Note:

• This feature uses AI. Your organization must sign an addendum to your Mend.io contract to use it. Please contact your CSM to initiate this process.

• The use of the service indicated under this page is subject to the terms and conditions set forth under our AI Supplemental Terms-of-Service.

Demo

The following is a short demo of the mend-dependencies tool in Cursor. It covers multiple use-cases, demonstrating the flow of the Mend Agentic Integration within the IDE.

Available IDEs

Note: Some IDEs that support deep links (allowing users to connect to the MCP server with one click) have integration cards in the Mend AppSec Platform UI, to take advantage of this and simplify the setup/configuration process. IDEs that do not support deep links do not have integration cards in the Mend UI and are set up and configured entirely within the IDE.