Mend Integration Containers
Overview
The Mend Repo Integrations are self-hosted Integrations. This means customers host the integration containers in their own environment. The Mend Repo Integrations consists of three containers: a controller container, a scanner container, and a remediate container. This article provides details about the three container types.
How the Mend Integration Containers Work
The Controller Container listens to webhooks from supported version control systems such as GitHub Enterprise, GitLab, and Bitbucket Server and Data Center. The Controller Container is responsible for the following tasks:
Onboarding PRs
Mend Security Check-runs
Mend Code Security Check-runs
Creating Issues
checks queue health
Monitors connectivity with the Mend servers
Communicates with the Mend servers via API to pull scan data from the shadow org.
The Scanner Container, also known as the SCM Scanner, is responsible for the following tasks:
Pulling scan requests from the scanner queue
Cloning the repo
Running the Unified Agent, PSB, and SAST CLI
Sending the update request to the Mend servers for indexing.
The Remediate Container, by default, entails the Remediate Server. The Remediate Server does all tasks related to Remediate and Renovate, including:
The scheduler
Job queue
Webhook handling
Create Remediate PRs for vulnerability fixes
Create Renovate PRs for update fixes
However, you can build out Remediate horizontally. By default, the same Remediate Docker image is used for both Server and Worker functionality.
When scaled horizontally:
One Remediate Server container and separate Remediate Worker container(s) (encapsulated by the “Remediate container" term) are used.
The Remediate Worker(s) cover processing the repositories and Renovate. You can have multiple Remediate Workers.
The Remediate Server still covers the scheduler, job queue, and webhook handling
Reference
For more information on supported repo integrations, refer to the following articles: