.svg){kind=logo}
Overview
This topic describes Offline mode for Mend Prioritize, which enables you to analyze a project that is located in an environment not connected to the Internet.
This process comprises three systems:
-
An offline client system (not connected to the Internet)
-
An online client system (connected to the Internet - and Mend Application)
-
Mend SaaS (connected to the Internet - and Mend Application (SaaS))
The following provides an outline of the process:
|
Step # |
Description |
|---|---|
|
1 |
(Offline) Establishing Project Component Dependencies: Leverage the mend Unified Agent to establish project component dependencies and store them in a dedicated file |
|
2 |
(Online) Obtaining Project Reported Component Vulnerabilities: Request that Mend SaaS return vulnerabilities reported for each of the libraries established in Step 1 |
|
3 |
(Offline) Producing Project Prioritize Results: Leverage the Unified Agent to run mend Prioritize on an offline system using the details obtained in Steps 1 and 2 |
|
4 |
(Online) Uploading Project Prioritize Results: Submit analysis results to the Mend SaaS from an online system to Mend Saas |
Establishing Project Component Dependencies
This step is applicable to offline (client) systems. Do as follows:
Run the Unified Agent, specifying a designated offline mode setting (-euaOffline dep) instructing the Agent to do the following:
-
Establish project component dependencies after running mend Prioritize prerequisite checks.
-
Generate a file with found dependencies.
Command
|
|
Switch |
Description |
|---|---|
|
d |
The project folder to be scanned. |
|
-euaOffline |
The Prioritize offline mode. Supported modes include:
In step 1, the following setting is employed: -euaOffline dep (Instructs the agent to run in euaOffline dep mode, and generate a dependency file for later mend Prioritize analysis) |
|
-euaDep <euaDep_Path> |
(Optional) This setting specifies the path and name for the dependency file (default: Unified Agent folder and euaDep.json) |
Outcome
A JSON file (euaDep.json) with found dependencies (along with all relevant Unified Agent details associated with an offline request).
Messages
Success: "Offline EUA dependency listing was generated successfully. Number of found dependencies: x."
Error Messages
|
Use Case |
Message |
|---|---|
|
Failure of unrecognized mode |
"Offline EUA does not support the specified euaOffline mode" |
|
Failure of dep mode |
"Offline EUA dependency listing could not be generated" |
Obtaining Project Reported Component Vulnerabilities
This step is applicable to online (connected) systems. Do as follows:
Run the Unified Agent in euaOffline mode, specifying the path (<euaDep_Path>) to the JSON created in Step 1 to do the following:
-
Obtain reported component vulnerabilities.
-
Produce a file with found component vulnerabilities (default: euaVul.json).
-
Capture a unique value for the dependencies listed in the dependency file (default file: euaDep.json) within the vulnerability file (default file: euaVul.json); that value should be inspected in Step 3 to verify that the dependency and vulnerability files that are referenced in that step match.
Command
|
|
Switch |
Description |
|---|---|
|
-euaOffline |
Denotes the EUA offline mode. Supported modes include:
In step 2, the following setting is employed: -euaOffline vul (Instructs the agent to run in euaOffline vul mode, obtain reported vulnerabilities for captured dependencies and generate a vul file featuring the vulnerabilities and a unique value calculated for the dependency listing) |
|
-euaDep <euaDep_Path> |
(Optional) This setting specifies the path and name of the dependency file |
|
-euaVul <euaVul_Path> |
(Optional) This setting specifies the output path and name for the vulnerability file (default: Unified Agent folder and euaVul.json) |
|
-wss.url <url> |
(Optional) This parameter specifies the wss URL (NOTE: The value should be the same value referenced in the UA configuration file - see Step 1) |
Outcome
A JSON file (euaVul.json) with found vulnerabilities and a unique value calculated for the dependency listing will be generated.
Messages
Success: "Offline EUA vulnerability listing was generated successfully."
Error Messages
|
Use Case |
Message |
|---|---|
|
Failure of unrecognized mode |
"Offline EUA does not support the specified euaOffline mode." |
|
Failure of vul mode |
"Offline EUA vulnerability listing could not be generated." |
Producing Project Prioritize Results
This step is applicable to offline (client) systems. Do as follows:
Run the Unified Agent, specifying new designated parameters (-offline, -euaDep, -euaVul) that instruct the agent to:
-
Calculate a unique value of the dependencies listing obtained for the referenced project (based on the specified appPath and d) and verify that the value matches:
-
The value calculated and captured for the dependencies' JSON file (euaDep.json)
-
The value captured in the vulnerabilities JSON file (euaVul.json)
-
-
Establish project vulnerability effectiveness after running Prioritize.
-
Generate a file with mend Prioritize results.
Command
|
|
Switch |
Description |
|---|---|
|
-euaOffline |
The Prioritize offline mode. Supported modes include:
In step 3, the following setting is employed: -euaOffline res (Instructs the agent to run in euaOffline res mode, and generate a file with analysis results.) |
|
-euaDep <euaDep_Path> |
A setting specifying the path and name of the dependency file (default: Unified Agent folder and euaDep.json) |
|
-euaVul <euaVul_Path> |
A setting specifying the output path and name for the vulnerability file (default: unified agent folder and euaVul.json) |
|
-euaRes <euaRes_Path> |
A setting specifying the output path and name for the results file (default: unified agent folder and euaRes.json) |
Outcome
A JSON file (default: euaRes.json) with Prioritize analysis results.
Messages
Success: "Offline EUA analysis was completed successfully."
Error Messages
|
Use Case |
Message |
|---|---|
|
Failure of comparison between dependency file details and the dependencies obtained by running the command with the specified -d parameter |
"Effective Usage Analysis will not run if the dependency listing in the specified dependency file path is not identical to the listing obtained by the UA for the specified
|
|
Failure of comparison among the SHA-1 values calculated for the project dependencies (based on the specified project’s appPath and d details), the SHA-1 captured for the dependencies json file, and the SHA-1 captured in the vulnerabilities json file |
"Effective Usage Analysis will not run if the project’s dependencies calculated based on the specified appPath and -d parameters are different from those referenced by the specified json files produced in previous steps. Verify that the correct project parameters and json files are referenced." |
|
Failure of unrecognized mode |
"Offline EUA does not support the specified euaOffline mode." |
|
Failure of res mode |
"Offline EUA analysis results could not be generated." |
Uploading Project Prioritize Results
This step is applicable to online (connected) systems. Do as follows:
Run the Unified Agent, specifying new designated parameters instructing the Agent to upload project Prioritize analysis results.
Command
|
|
Switch |
Description |
|---|---|
|
-euaOffline |
Denotes the EUA offline mode. Supported modes include:
In step 4, the following setting is employed: -euaOffline upl (Instructs the agent to run in euaOffline upl mode, and upload the res file with analysis results) |
|
-euaRes <euaRes_Path> |
A parameter specifying the path and name of the results file to upload (default: Unified Agent folder and euaRes.json) |
|
-wss.url <url> |
An optional parameter specifying the wss URL (NOTE: The value should be the same value referenced in the Unified Agent configuration file (Steps 1 and 3) |
Outcome
Not applicable; the results can be seen on the web application's dashboard.
Messages
Success: "Offline EUA analysis was uploaded successfully."
Error Messages
|
Use Case |
Message |
|---|---|
|
Failure of unrecognized mode |
"Offline EUA does not support the specified euaOffline mode" |
|
Failure of upl mode |
"Offline EUA analysis results could not be uploaded" |