What's New in API v1.4

Background

CVSS 3.0 introduced the Critical severity label for vulnerabilities with a score of 9.0 or higher:

Low: 0.1-3.9
Medium: 4.0-6.9
High: 7.0-8.9
Critical: 9.0-10.0

Previously Mend displayed both High and Critical as just High, where customers added their own automation to make this distinction.

Release Schedule

Users of the unified agent and the UI will see the Critical label from Jan 2, 2023. There’s no need to rerun a scan. You can also see it in repo integrations like GitHub.com, GitHub Enterprise, BitBucket Server, BitBucket Cloud, Azure DevOps, GitLab.

Users of the IDE, Azure DevOps pipelines and JIRA integrations will see these changes by Jan 31, 2023.

API Updates

To maintain backward compatibility, there is a new API v1.4, so you can upgrade when ready to use the new Critical label:

https://<environment>/api/v1.4

where <environment> is your Mend server.

For example, the response to Get Project Alerts when the CVSS3 score higher than nine:

Sample from API v1.3

Sample from API v1.4

{

"requestType" : "getProjectAlerts",

"userKey": "user_key",

"projectToken" : "project_token"

}

{

"requestType" : "getProjectAlerts",

"userKey": "user_key",

"projectToken" : "project_token"

}

{

"vulnerability": {

"name": "CVE-2021-44228",

"type": "CVE",

"severity": "high",

"score": 9.3,

"cvss3_severity": "high",

"cvss3_score": 10.0,

"scoreMetadataVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",

"publishDate": "2021-12-10",

"lastUpdated": "2022-12-09",

"url": "https://www.mend.io/vulnerability-database/CVE-2021-44228",

{