Skip to main content
Skip table of contents

Managing Alerts

Overview

The Mend application uses the alerts concept to notify users of licensing and vulnerability open-source issues. Alerts work the following way: Upon scan completion, a customer’s inventory is synchronized to Mend, and the application analyzes the customer’s open-source libraries and source files and compares them to the Mend knowledge base and policy definitions. If security vulnerabilities, licensing and compatibility issues, or policy violations, etc. exist, alerts are triggered for the organization. 

In order to manage alerts, a dedicated Alerts menu is provided. The Alerts menu comprises the following (click the links below to access the documentation).

The following types of alerts are generated by Mend:

Alerts Category

Description

Security Alerts

Review alerts for vulnerabilities. This category comprises two views (each with its own screen):

  • View By Vulnerability - Enables you to view and manage the alerts per vulnerability according to the selected products/projects.  For example, use this screen to ignore alerts of a specific vulnerability across all libraries in the selected scope.

  • View By Library - Enables you to view and manage the alerts per library according to the selected products/projects.  For example, use this screen to ignore all security alerts of a specific library in the selected scope. 

Other Alerts - Licensing and Compliance

Review alert details for licensing and quality issues reported for a given product or project.

  • High Severity Bug Alerts - Triggered for old Java libraries that include a severity rating and a bug rating. NOTE: Currently being deprecated and might contain outdated information.

  • Multiple Library Versions Alerts - Triggered for any library that appears twice or more in different versions within a certain product

  • Multiple Licenses Alerts - Triggered for any library that has more than one license

  • New Versions Alerts - Triggered for any library found to be out-of-date (i.e., not updated to the latest version). Note that new version alert(s) apply only to direct dependencies and not transitive dependencies.

  • Policy Violation -  Triggered for any violation your policies

  • Rejected Library In Use Alerts - Triggered for any library that created a request which was later rejected

Alerts Actions

Once you have all alerts of the scope you selected, you can choose to ignore those that are not relevant to your environment. Ignored Alerts won't appear in the dashboards and reports. 

For further analysis,  do the following:

  • Add a free-text comment (such as why you chose to ignore the alert) of up to 255 characters. 

  • Filter the ignored alerts, and select the ones to reactivate (opposite of ignore)

  • Export to MS Excel, XML, or JSON

Limitations

  • Currently, if you have a policy violation for the “Reject” policy action, you cannot ignore the “Policy Violation” alert type by directly going into the following Alerts Views in the Mend UI:

    • Security Alerts - View By Vulnerability

    • Security Alerts - View By Library

    • Other Alerts - Licensing & Compliance

Instead, to ignore a “Policy Violation” alert, you will need to ignore the alert by navigating to the Policy - Violations View in the Mend UI as seen below:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close