Mend Prioritize

Overview

Mend Prioritize assesses the effectiveness of security vulnerabilities associated with open-source components.  Effective Usage Analysis (or EUA, the technology behind Mend Prioritize) represents a unique approach to analysis by scanning customer code, analyzing how the code interacts with open-source components, and indicating if reported vulnerabilities are effectively referenced by such code – and if so – identifying where that happens. 

Mend Prioritize offers the following advantages:

• Obtain rich information on security vulnerabilities for open-source components

• Verify that a security vulnerability reported for an open-source component used in a software project is actually referenced from proprietary code – indicating a real vulnerability

• Identify the file and line number of the call originating from proprietary code that references code in an open-source component reported to have a security vulnerability

• Visualize open-source usage through a clear depiction of the trace (or traces, if applicable) of a call originating from proprietary code to the open-source code reported to have a security vulnerability

• Evaluate reported security vulnerabilities against effective security vulnerabilities

• Integrate advanced analytic processing with external tools, development environments, and frameworks through a dedicated API

Shield-based Indications

Mend Prioritize’s shield-based functionality provide clear indications of how you need to act:

To get started with Mend Prioritize, go to Scanning with Mend Prioritize.

Prioritize Results Overview

This video demonstrates Mend Prioritize and explains how it can be used to prioritize vulnerabilities for developers to focus on by showing even though a vulnerability may be present in a dependency used, your project may not be affected by it.