Mend Repository Integrations

With every valid commit, our Mend Repository Integrations encourage your developers to use security best practices with immediate analysis and automated remediation on scan findings; all without ever leaving your source code management (SCM) tool’s platform.

Note:

• The Mend AppSec Platform will automatically have a sourceUrl tag for your scans and projects. This is applicable for Unified Agent, Mend CLI, and repository integration scans. This is especially useful for binding different scans to the same project in the Mend AppSec Platform.

  • Key: sourceUrl

  • Value Examples:

    • bitbucket.org/playground/webgoat

    • dev.azure.com/your_name/project_201/_git/test_repo

    • github.com/mend.io/app

    • gitlab.com/iKiwi/matrix

• Scanned Git repositories will automatically get assigned the branch, commit, and sourceUrl tags, with the following exception:

  • When a local Git repository is in a detached HEAD state, branch will not be assigned.

Mend Repository Integrations support all major source control management platforms: GitHub.com, GitHub Enterprise, Bitbucket Cloud, Bitbucket Data Center, Azure DevOps, and GitLab. Mend.io offers two integration types: The Developer Platform and the Classic integrations.

• Mend Developer Platform

  • Install Mend Developer Platform for Azure DevOps Repos

  • Install Mend Developer Platform for Bitbucket Cloud

  • Install Mend Developer Platform for GitHub

• Mend Classic Repository Integrations

  • Mend for GitHub.com

  • Mend for GitHub Enterprise

  • Mend for GitLab

  • Mend for Azure Repos

  • Mend for Bitbucket Data Center

  • Mend for Bitbucket Cloud