Skip to main content
Skip table of contents

Issue Tracking

Mend SAST® currently supports Atlassian JiraAzure DevOps (Work Items), Redmine and GitHub Issues for issue submissions in the Mend SAST® environment. Issues can be submitted for individual vulnerabilities or on the scan level via the triggers that are assigned to an application. Only triggers assigned to applications take effect.

When an issue is created, files and line number information are provided for each finding together with a link to the full source code within the repository.

Jira is configured for the Server version by providing the URL of the Jira deployment, a username and password. When connecting to Jira Cloud, a Jira API token is used instead of the password and the Basic authentication type must be selected.

Permission requirements: Jira API tokens are associated with the user, inheriting user permissions.

GitHub is configured by providing a name of an organization (or username in case of a user account hosting the repositories) and an access token.

Permission requirements: The following scopes has to be defined with the Personal Access Token (PAT):

Redmine is configured by providing an URL of the Redmine deployment and an access token.

Permission requirements: The access token needs the permissions to

  • Add issues

  • Add notes

  • Add watchers

  • View Issues

Azure DevOps is configured by providing a server or organization URL (e.g., https://dev.azure.com/mend) and a personal access token (PAT).

Permission requirements: The PAT needs the permission to read & write work items.

Triggers enable conditional submission of issues based on the results of a scan. When submitted, the issue will contain the summary of a scan and an attached technical HTML report. To add a new trigger, click on the +ADD button in the upper right corner of the triggers card. Once a trigger is configured and added, it can be used in a scan configuration. The following conditions are available:

Note: If the service user is triggering the scan, the Issue Tracking triggers will not work.

  • Total count of vulnerabilities

  • High risk vulnerability count

  • Medium risk vulnerability count

  • Low risk vulnerability count

  • Specific vulnerability type

  • No vulnerabilities found 

For Jira and Azure DevOps a project key or a project name and issue type or an item type needs to be set that corresponds to the project where the issue should be submitted.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close