Skip to main content
Skip table of contents

Mend Developer Platform Release Notes

This integration is currently a beta.

Mend.io may modify this page retroactively from time to time.

  • To stay informed about hotfixes, modifications, and additions to mend's products, check this page from time to time in between official releases.

  • Click here to view known issues in repo integrations.

  • Access all release notes for Mend’s products.

Version 24.12.2 (12-January-2025)

New Feature and Updates

  • Users can now download the log directly from each job’s page.

  • libs.gradle files are now supported for triggering scans.

  • (Open Beta) Reachability for .NET is now available, supporting applications developed in C# and utilizing the NuGet package manager. This enhancement enables the detection of reachable vulnerabilities within .NET projects, helping to improve security analysis and reduce false positives.

Resolved Issues

  • Resolved an issue where scan error tags were not being generated for scans with partial scan results (“Scan Insights” setting).

Version 24.12.1 (06-January-2025)

New Features and Updates

  • The Developer Platform now supports triggering scans for manually selected branches. This feature supports triggering SCA scans on base branches and feature branches with an open PR to a base branch.

  • Added support for "Scan Insights" (strictMode in the legacy repo integrations). This feature enables failing the security check due to partial scan results.

  • The tree of detected dependencies for a repository now appears fully expanded on the Repository page in the Developer Portal when the page is first rendered. Users will be able to see all dependencies without needing to manually expand the tree.

Version 24.11.2 (15-December-2024)

New Features and Updates

  • Release branches configuration is now available in the general settings.
    Branches matching the regex expressions in this parameter will be scanned, with checks created and a Mend project generated accordingly.

  • The SCA scanner now supports .NET version 9.

Version 24.11.1 (01-December-2024)

New Features and Updates

  • SCA Reachability is now supported in the Developer Platform, for Azure DevOps Repos and Bitbucket integrations.

  • Jobs which have been in PENDING status for more than 1 hour are now automatically failed.

  • Loading of the repository table view is now faster.

  • Scans which are “pending” or “running” can now be canceled via the cancel button in the jobs table UI.

  • (AZDO | SAST) All finding details are now visible within the check run so that developers can stay within the code repository instead of reviewing the finding in the Developer Platform.

Resolved Issues

  • (AZDO) Fixed an issue uninstalling the Azure DevOps integration.

Version 24.10.3 (17-November-2024)

New Features and Updates

  • (AZDO) Added support for custom work items and fields in Azure Devops Repos for both SCA and SAST.

  • The Developer Platform now creates project tags (commitId, CTX, repoFullName, repoId) for base branch projects. The tags are displayed in the Mend AppSec Platform.

  • Failed jobs can now be retried via the Retry button, which is located next to failed jobs in the jobs table.

Resolved Issues

  • (AZDO) Fixed a repository sync issue during the installation of Azure DevOps Repos to the Developer Platform.

Version 24.10.2 (03-November-2024)

New Features and Updates

  • (SAST) The "Date" column of the findings table was renamed as "Detected", to make it more explicit.

  • (SAST) Scans on feature branches are now always performed as incremental scans.

Version 24.9.2 (15-October-2024)

New Features and Updates

  • (Public Beta) Introducing a Developer Platform integration for Azure DevOps.
    This is an enhanced repository integration that includes both SCA and SAST, with a user-friendly onboarding and configuration flow in the dedicated UI.

Version 24.9.1 (22-September-2024)

Resolved Issues

  • (SAST) Fixed an issue where a SAST scan was unexpectedly triggered when a pull request was rejected.

Version 24.8.1.1 (28-August-2024)

Resolved Issues

  • Fixed an issue where invalid dependency version information was passed to Renovate, causing Renovate jobs to fail.

Version 24.7.2 (11-August-2024)

New Features and Updates

  • Added a "Vulnerability range" parameter to control CVSS thresholds for security checks.

Version 24.7.1 (29-July-2024)

New Features and Updates

  • The Developer Platform now has a new "Dependencies" tab with improved Renovate and Remediation settings. Remediate no longer requires Renovate enabled in order to run.

  • Mend users on a paid plan can now set environment variables with any name, while users on the free plan are limited to variables starting with "MEND_".

Resolved Issues

  • Fixed an issue that caused failure to retrieve/create Mend project when scanning a pull request branch. 

Version 24.6.1 (01-July-2024)

New Features and Updates

  • A new configuration parameter "Only print results" was created in the Checks configuration for Open-Source Security. It is now possible to disable creation of commit comments indicating that scan is in progress or that there was a neutral check.

  • Exploitability data such as exploit code maturity and EPSS percentage is now displayed in issues and checks, if available for findings. 

Version 24.5.3 (16-June-2024)

New Features and Updates

  • CVSSv4 is now supported for the repositories connected to the Mend Organizations where this feature was enabled.

Resolved Issues

  • Fixed an issue where users could not create a host rule without specifying a host username.

  • Fixed an issue where SCA and SAST scans would fail if the connected Mend project was deleted.

  • Fixed an issue where the Mend License Check would stay pending if the Mend Security Check failed.

Version 24.5.2 (02-June-2024)

New Features and Updates

  • When Bitbucket API rate limit is reached for the workspace there will now be a message about this on the workspace page of the Developer Portal.

Resolved Issues

  • Fixed an issue where skipping a Setup Wizard for one workspace would erroneously skip it for other workspaces.

  • (SAST) If Mend SAST is disabled for a specific repository, it is not possible anymore to trigger a scan manually. 

Version 24.5.1.2 (20-May-2024)

New Features and Updates

  • Added a mechanism that will put all of the scan jobs for a workspace on hold when the Bitbucket API rate limit is reached. Retry will be attempted every 10 minutes.

Resolved Issues

  • Fixed an issue that prevented some issues for detected vulnerabilities from being opened, in some cases. 

Version 24.3.1 (25-March-2024) (Hosted)

New Features and Updates

  • New repository integration is now available for Bitbucket Cloud in public beta. Read more in the documentation.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close