Skip to main content
Skip table of contents

Mend for Bitbucket Data Center - Scan Details

Viewing Details of a Scan

Results can be viewed in the following places:

  • The Mend Integration tab within the project

  • The Mend Security/License Check within the Bitbucket repo Commits tab

  • The Mend UI

  • Via email notifications

Viewing Details of an Issue

See here for more information.

Viewing Mend Security Checks

In the Commits tab you can view the status and results of each scan. Click a specific build icon in order to view the Builds page.

Types of Indicators

The following build status indicators are available as feedback on the head commits:

  • In progress: The Mend scan is in progress.

  • Success: The Mend scan completed successfully and no vulnerabilities were detected. 

  • Failed: The Mend scan did not complete successfully, this is the default for all completed scans. NOTE: a failed status may be shown due to security vulnerabilities, or due to an error that occurred during the scan.

Samples of Status Check Indicators

In Progress

The following is a sample of a In Progress status, which indicates that the security check is currently scanning the head commit.

Success

When no vulnerabilities are found and no errors occurred during the scan, Mend will display the following status check, and a security report indicating that no vulnerabilities were detected:

Failed
  • Security vulnerabilities found: One or more vulnerabilities have been found as displayed in these sample screenshots:

    • Click on the ‘Mend Security Check’ link to view the security report on all vulnerabilities that were found for the specific commit’s scan. It includes the following columns:

      • CVE: A link to the related CVE page for the vulnerability. Displayed in a collapsible format (click the arrow to expand/collapse for more information regarding the vulnerability).

      • Severity: Overall score of the severity (Critical, High, Medium or Low).

      • CVSS Score

      • Vulnerable Library

      • Suggested Fix 

      • Issue - A link to the relevant issue generated by Mend (when available)

  • Scan failed: Due to system error or not a valid Bitbucket ‘push’ command.

Security Check with Partial Scan results

In case when during the scanning of the repository Mend encountered exceptions thrown by the package managers, the scan may conclude with partial results. You can use the strictMode parameter to control the messaging and status of the checks. By default, there is no messaging included in the check description, and the check status is not affected, even if the scan results in partial findings.

Viewing Mend License Checks 

In the Commits tab you can view the status and results of each scan. Click a specific build icon in order to view the Builds page.

Types of Indicators

The following build status indicators are available as feedback on the head commits:

  • Success: No license policy violations were detected. 

  • Failed: One or more license policy violations were detected during the Mend scan.

Viewing Details in the Mend UI

  • Mend projects will have the same name as the corresponding Bitbucket repository, with a "BB_" prefix, unless otherwise specified in the .whitesource file using a project token.

  • The name of the Mend product will be the same as that of the Bitbucket project preceded by a "BB_" prefix if the Bitbucket repository is under a Project. Otherwise, the name will be your Bitbucket username preceded by "BB_".

Accessing Scan Statistics via API

See here for more information.

Health Check APIs

See here for more information.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.