Requests Dashboard
Overview
The Requests Dashboard features a variety of options that provide a complete view of the status of requests in your organization.
Most customers who wish to avoid using libraries that have security vulnerabilities or restrictive licensing in their software, may not have an internal approval mechanism in place to review libraries before they are added by developers to the production code.
The Mend approval process provides customers with a way of reviewing new libraries added to their inventory before they are included in the production code. A plugin request is an API call sent from the UA (Unified Agent) to the WS server containing the results of a scan executed on a customer’s machine or build server. The request contains information about the organization’s products, as well as packages and source files detected during the scan and the relationship between those packages (i.e., the dependency hierarchy).
Libraries are added or removed from an inventory via a plugin request of type update (aka Update Request), where the results of a plugin request are compared to the project’s inventory; new libraries are added and libraries that don’t appear in the request are removed.
Mend generates a library approval request (aka Pending Request) every time a new library is added to a project and the open-source library code is scanned for vulnerabilities and security issues.
If the library contains no risk (i.e., the correct licenses are in the code and there are no security vulnerabilities), the Approve action can be applied to the update request for the library. The request will be automatically closed. The library will be combined with the security tests of the organization’s open-source code.
If the library contains unacceptable security vulnerabilities, the policy that matches this library will reject it. If one or more libraries were rejected by a policy, the Agent returns a policy violation exit code, which can be used to fail a build. In such a case, the library will not be updated in the inventory, unless the Agent is configured to update it regardless of policy violations. To view a history of the policy violations from different scans, see the Plugin Policy Violation History Report.
Accessing the Requests Dashboard
Open the Mend Home page.
From the menu bar, select Dashboards > Requests. The Requests Dashboard is displayed.
NOTE: Clicking the History button at the top right of the screen opens the Requests History Report that provides details about all requests in an organization for all statuses.
The Requests Dashboard contains the following panels of information:
Time to Respond
Number of Requests
Statistics
Pending Tasks
Requested by Me
Viewing the Response Times
The Time to Respond chart displays the time (in minutes) taken to approve, reject, and respond to update requests in an organization. The number of approved, rejected, and response requests are also provided in text and histogram format. As shown in the following example: It took just under 4 minutes to reject 388,666 requests.
Viewing the Number of Requests
The Number of Requests graph displays the number of update requests that were open (color-coded blue) or closed (color-coded red) for the selected context (Organization, product, or project) every two weeks. Hovering on a data point displays the exact number of requests.
Viewing Statistics about Requests
The Statistics panel lists:
Number of approved requests and as a percentage of overall requests
Number of rejected requests and as a percentage of overall requests
Time taken to approve the requests
Time taken to reject the requests
Time taken to respond to the update requests in the organization
Viewing Pending Tasks
For every new library that is added to a project following an update request, Mend generates a library approval request – aka Pending Task. The Pending Tasks panel lists the as yet unanswered requests sent from the plugins regarding approval for the new libraries.
The following information is displayed per pending request:
From: Name of the user that initiated the request
Library: Name of the open-source library. Click the library name in order to be forwarded to its Library Details page.
Subject: Details describing the request
Project: Project in which the library is located
Product: Product in which the library is located
Date: Date the request was made
The buttons displayed above the list enable you to:
More Information: Display further details about selected requests in the list.
Approve: Approve selected requests in the list.
Note: The policy that triggered the action on the pending request will be displayed in the Pending Tasks Approval page.Reject: Reject selected requests in the list.
Viewing User Requests
The Requested by Me panel displays the update requests that were sent by the user from the plugins regarding approval for the new libraries.
The following information is displayed per request:
Name: Name of the user that initiated the request
Description: Description of the request
Project: Project in which the library is located
Status: Current status of the request (Open, Pending, Closed)
Approver: Name of the person assigned to approve the request
Approvers Group: Group of people assigned to review the request
Date: Date the request was made
Clicking More… opens the Request History Report that provides details about all requests in the organization for all statuses.
See Also:
Understanding Update Requests (Knowledge Base)