Mend for Bitbucket Data Center Release Notes

Mend.io may modify this page retroactively from time to time.

This integration is not hosted by Mend.io, it’s self-hosted. New major versions are traditionally released once a month and supported for six months after their release.
To download one of the supported versions, click the desired version.
To stay informed about hotfixes, modifications, and additions to Mend.io's products, check this page from time to time in between releases, or use our RSS Feed:
Click here to view known issues in repo integrations.
Release notes refer to SCA unless explicitly denoted otherwise.
Visit the release notes hub for all Mend.io release notes.

Unified Agent 26.4.3.1 | Renovate 43.141.3 | Remediate 26.5.1 | Pre-Scan Builder (PSB) 25.8.1

New Features and Updates

Added logic to prevent AI scans from running on feature branches during repository integration scans. AI scans will now only run on base branches, ensuring feature branches are excluded from automated AI analysis.
(Renovate) Introduced enhanced customization in Renovate Enterprise Cloud, enabling organizations to run custom scripts and configure environment variables and headers. These new capabilities, powered by secure MicroVM technology, provide greater flexibility and control for enterprise users. For more details, refer to the Renovate documentation.

Resolved Issues

Fixed an issue where projects specifying .NET 10 in the .csproj file did not resolve dependencies as expected. The system now detects SDK version mismatches, automatically installs the required .NET SDK, and retries dependency resolution to ensure all dependencies are properly detected.
Fixed an issue where preserved user agent properties were not enforced during SCM scans, allowing unintended overrides. Now, all relevant properties are correctly handled to ensure consistent enforcement.

Unified Agent 26.3.2 | Renovate 43.102.11 | Remediate 26.4.1 | Pre-Scan Builder (PSB) 25.8.1

New Features and Updates

Added support for disabling specific package manager resolvers using the {PACAKGE_MANAGER}.resolveDependencies parameter, allowing more granular control over dependency resolution.

Resolved Issues

Fixed an issue where the clone, fetch, and checkout commands in the scanner were limited to a fixed 15‑minute timeout, which caused failures with large repositories. Timeouts are now configurable through the environment variables listed below, providing better support for large repositories.
- GIT_CLONE_TIMEOUT_MINS
- GIT_FETCH_TIMEOUT_MINS
- GIT_CHECKOUT_TIMEOUT_MINS

New Features and Updates

The scanner now automatically detects and uses the correct Python version specified in repository files, improving vulnerability detection accuracy for Python projects and reducing manual configuration. This update supports multiple version specification formats and provides clear user guidance, ensuring more reliable results for large-scale and enterprise users.
- Note: The feature is only supported in version 26.3.1 of the integration or above.

Unified Agent 26.2.2 | Renovate 43.59.4 | Remediate 26.3.1 | Pre-Scan Builder (PSB) 25.8.1

New Features and Updates

Added support for the uv package manager, enabling security scanning and Reachability analysis for Python projects managed with uv. Refer to this table for more details.
- Note: The SCA orchestrator scanner environment variable must be enabled for uv detection to work (MEND_SCA_ORCHESTRATOR_ENABLED=true).

Resolved Issues

Fixed an issue where scans of .NET projects would fail with error MSB4057 if a <Project> tag existed under <ProjectReference> in the csproj file. Scans now complete successfully in this scenario.
Fixed an issue where Gradle dependencies failed to resolve for React Native Android projects, ensuring accurate detection and resolution of dependencies by properly handling project structure and Gradle wrapper logic.
Fixed an issue where post-scan cleanup and statistics were not executed if the scan process ended with an error, ensuring proper handling and reporting even when scans fail.

Unified Agent 25.12.2 | Renovate 42.99.0 | Remediate 26.2.1 | Pre-Scan Builder (PSB) 25.8.1

Resolved Issues

Fixed an issue where Bitbucket users received a 500 error when creating issues due to invalid severity values with trailing characters. Added validation to ensure only valid severity types are processed, preventing these errors.
Fixed an issue where the scanner could get stuck in a loop after a scan timed out, repeatedly logging timeout errors instead of properly cancelling the task. The process now ensures scans are cancelled as expected, improving reliability for long-running scans.
Fixed a bug which led to scans running for more than 6 hours and timing out.
Fixed an issue where the DockerfileFull output image size exceeded 20GB. The build process was optimized to reduce image size and improve efficiency.

Unified Agent 25.11.1-223 | Renovate 42.74.5 | Remediate 26.1.1 | Pre-Scan Builder (PSB) 25.8.1

New Features and Updates

The repo cloning default utility has been changed from Jgit to Git Shell. This is controllable via the WS_GIT_CONNECTOR scanner environment variable.

Resolved Issues

Fixed an issue where a vulnerable cryptography dependency in Miniconda could expose the scanner to CVE-2024-26130 by upgrading to a secure version.
Fixed an authentication issue which led to project installation errors in npm scans if non-default ports were configured to communicate with the package registry. The scanner now correctly preserves the port in the .npmrc file, ensuring proper credential matching and preventing installation errors for projects using custom registry setups.

Unified Agent 25.11.1-223 | Renovate 42.59.0 | Remediate 25.12.1 | Pre-Scan Builder (PSB) 25.8.1

New Features and Updates

An SCA scan will now be triggered when a versions.kt file is added or modified.

Resolved Issues

Fixed a bug where Out of Memory (OOM) errors were raised while reading HTTP responses.