Skip to main content
Skip table of contents

Legacy Mend SAST Application

Mend SAST is a SAST (Static Application Security Testing) solution for performing deep and extensive security analysis of application source code. Mend SAST is easy to use, requires almost no user input, and can be deployed during or after development with easy integration into a DevOps environment and CI/CD pipeline. The solution provides an excellent way to automate code inspection as an alternative to the demanding and time-consuming procedure of manual code reviews. Mend SAST supports all major languages and their frameworks, from Android Java to Xamarin C#.

The following sections provide a complete overview of setting up, running a SAST scan, and viewing the results.

Mend SAST

Mend SAST is now an available solution that quickly scans thousands of lines of code, identifying the coding languages and checking for security weaknesses in custom code:

Adding Mend SAST to Your Organization’s Workflow

You can have Mend SAST scans up and running in minutes.

  1. Download the CLI (command line interface)

  2. Follow the interactive (later you can customize it by configuring a wealth of parameters)

  3. Run a scan by typingmendsastcli --app "myapp" --dir "C:\projects\myproject" (“myapp” is the name you give your Mend SAST project)

The Mend SAST CLI

Mend SAST scans are run with a CLI (command line interface) that is easy to set up:

The CLI can be customized with a wide range of parameters set either in a JSON configuration file or with environment variables. Integrating Mend SAST into existing DevOps environments and CI/CD pipelines is easy. Running a scan with the CLI is as simple as typing:

mendsastcli --app "myapp" --dir "C:\projects\myproject"

The Mend SAST Web-Based Application

The power of Mend SAST is fully realized in Mend’s web application. The web app has been designed to provide a concise picture of the overall risk from scan findings:

It allows you to quickly drill down through the vulnerability types to the code snippets of individual findings. Intelligent scanning determines if recent code changes have introduced new security issues.

When applicable, the web app will provide coding best practices to help fix each relevant security finding, along with suggestions for further reading:

While reviewing the findings, tickets can be added to your issue tracker with just a click, and developers can be notified automatically by Slack and email.

The web app provides organizations tools to continuously monitor the progress of an entire organization, with a bird's eye view of all applications and a comparison of the findings against lists from the major risk assessment organizations. The focus is on the ability to drill down quickly to see which applications and which findings require immediate attention. 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.