Skip to main content
Skip table of contents

Install Mend for GitHub.com

Overview

Before scanning your repositories with Mend for GitHub.com, you will need to install the Mend for GitHub.com app from the GitHub Marketplace and connect your Mend organization to it.

This article provides installation instructions for Mend for GitHub.com. This article also provides instructions on how to uninstall the app.

Note for Dedicated Instance customers:

Mend for GitHub.com is supported for customers on a Mend Dedicated Instance. Please contact your Mend sales representative.

Getting It Done

Prerequisites

  • Access to an active Mend SCA organization and be a user with organization administrator permissions.

  • Access to an active Mend SAST organization that is on the same instance as your Mend SCA organization.

    • For example, if your Mend SCA organization is on saas.mend.io, then your Mend SAST organization also needs to be on saas.mend.io.

  • The Issues tab must be enabled for each repository. Do as follows for each repository requiring a scan:

    1. Go to the relevant GitHub repository, and click Settings.

    2. Verify that the Issues checkbox is enabled. 

    3. Check that the Issues tab appears next to the Code tab.

  • You must have administrator permissions to your GitHub organization to install the Mend for GitHub.com app.

  • Mend SCA organizations and GitHub.com organizations are a 1:1 mapping, so you will need to create one Mend SCA organization for every Github.com organization that you wish to integrate

  • If your organization has a limited IP address list, please whitelist the following IP: 52.45.235.219
    NOTE: You can also choose to automatically add Mend IP to your allowed list.

Note: When setting up repository integrations, you can only connect one source code management (SCM) system to a single Mend organization. For example, if you integrate a GitHub organization, you cannot link additional SCM systems like GitLab groups or Bitbucket teams to the same Mend organization.

Install the Mend for GitHub.com app

  1. Navigate to the Mend for GitHub.com app page in the GitHub Marketplace.

  2. Click Install:

  3. If you have multiple organizations, select the organization you wish to install Mend for GitHub.com:

    Otherwise, move to step 4.

  4. Read and select the level of access for the Mend for GitHub.com app:

    • All Repositories (Default): An option to scan all the repositories of the account.

    • Only select repositories: Select specific repositories that you would like to scan.

  5. Click Install:

  6. Read over the requested permissions and select Authorize Mend for GitHub.com:

Connect your Mend organization

After you install the Mend for GitHub.com app, there will be a registration form provided to connect your Mend organization. You will need to obtain your Mend license key:

  1. Within your MendSCA application, navigate to the Integrate tab.

  2. On the Integration page, navigate to the Developer Integrations section:

  3. Expand the Developer Integrations section and navigate to Mend for GitHub.com.

  4. Expand the Mend for GitHub.com section.

  5. (SAST only) To enable SAST scanning, connect your MendSAST organization by adding the following value into the SAST Token setting:

    • A service user token. This can be found via your MendSAST organization → AdministrationUsersService Users → Select the “eye” icon next to the desired service user → copy the value. Confirm the selected service user is assigned either the Administrator User Role or Scan Initiation Role.

      • For instructions on how to create a service user, see our Users Tab documentation.

    • Make sure to Save your SAST Token setting. You will see a “SAST token saved successfully” message when your SAST token is accepted.

  6. Click on Generate License Key and copy the value:

Note: The license key is valid for 24 hours. You must generate a new license key if you have not submitted the registration form below within 24 hours.

Now, you can fill out the provided registration form to connect your Mend organization:

  1. First Name: Your first name

  2. Last Name: Your last name

  3. Email: Your email address

  4. Company: (Optional) Your company name

  5. License Key: Your Mend license key

  6. Country: Your country

  7. Read and check off GitHub’s documents:

    • I agree to the terms of service

    • I agree to the privacy policy

  8. Click on Submit

Note: After you generate the Mend license key, a service user named WS_4_GHC_service_user is created in your Mend organization in the admins group. Do not remove this service user or its permissions as it is required for the Mend GitHub.com integration to function correctly:

Installing Mend for GitHub.com

This video describes the steps needed to install Mend for GitHub.com. If you have any questions, please reach out to Mend Support or your Customer Success Manager.

Uninstall Mend for GitHub.com

To uninstall Mend for GitHub.com from your GitHub organization or personal profile:

Uninstall for your GitHub organization

  1. Within GitHub.com, navigate to Your organizations → select the Settings option of the organization integrated with Mend:

  2. In the left-hand table of contents, find the Third-party Access section and click on GitHub Apps:

  3. Find Mend for GitHub.com and click on Configure:

  4. Scroll down to the Danger zone section and select Uninstall:

Uninstall for your personal profile

  1. Within GitHub.com, navigate to your Settings section.

  2. In the left-hand table of contents, find the Integrations section and click on Applications:

  3. In the Installed GitHub Apps tab, find Mend for GitHub.com and click on Configure:

    • Optionally, go to the Authorized GitHub Apps tab, find Mend for GitHub.com, and click on Revoke:

  4. On the configuration page, scroll down to the Danger zone section and select Uninstall:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close