Gaining Access to the Mend Platform - User Guide

Overview

This article provides a step-by-step guide for accessing the Mend Platform and transferring your data and settings from legacy Mend Applications.

Getting it done

To gain access to the Mend Platform, Mend will create a user key for the existing main administrator. This user key will be removed after the onboarding.

Note: If you are interested in gaining access to the Mend Platform for your organization, please reach out to your Mend Customer Success Manager (CSM).

Pre-access report

The pre-access report is a report in CSV format that is generated by Mend before the transition is completed. Mend will provide this report to you before gaining access to the Mend Platform so that you can verify all applications are mapped to the desired destinations and that any conflicts are resolved.

If you were a Mend SAST-only user before gaining access to the Mend Platform:

The pre-access report lists the new structure of projects and applications that will be created during the onboarding process in the new Mend Platform organization.

If you were a Mend SAST & SCA user before gaining access to the Mend Platform:

The pre-access report lists the mapping of former Mend SAST applications to either:
- Existing SCA projects
- New projects created during the onboarding process

If you were a Mend Cloud Native user before gaining access to the Mend Platform:

The pre-access report lists the new structure of projects and applications that will be created during the onboarding process in the new Mend Platform organization.

Steps after gaining access to the Mend Platform

Within each section below, we cover our instructions and recommendations for your integrations after accessing the Mend Platform.

Onboarding Checklist

As an admin, you will receive an automatic email invite to the Mend Platform.

Configure your SSO via the SAML Integration page and add the Mend Platform as a new application to the IdP of your SAML solution.

Note: If you do not use SAML, users will instead receive automatic email invites asking them to reset their password.

Re-assign all projects in the “SAST Migration Application” to real applications:
- Go to Administration > Applications to create a new application
- Go to Administration > Projects to assign a set of projects to an application

API Integration Checklist

Update your API integrations to use Mend API v2.0/v3.0.
Update your project, application, and organization IDs and names provided as parameters within the API calls.

Jira Integration Checklist

In comparison to Mend SAST, the Mend Platform utilizes the Mend Jira Plugin.

For pre-access SAST-only users:

This is a completely new and separate installation from the former SAST offering of the Jira Issue Tracker. You will need to install and reconfigure your settings within the Jira Plugin.

For pre-access SCA users:

There should not be any impact on your currently installed Jira Plugin.

Pipeline Integration Checklist

Until your pipelines are adjusted, the Mend CLI will work with the same settings but will instead assign scans to the org/application/project in the Mend Platform.

Backward compatibility measures will eventually be deprecated in the near future. Please update your pipelines accordingly by following the steps below:

Download and install Mend CLI
In case an organization ID was specified, replace it with the new organization ID in the Mend Platform.
Replace --app with the --scope parameter to configure the application and project.
1. A deprecation message is shown for --app that also prints the value that has to be set for --scope to reference the desired project (former “Mend SAST Application”).
Trigger the CLI scan through the mend code command.
Specify credentials either through the environment variables MEND_EMAIL and MEND_USER_KEY or in the interactive login that you can invoke with mend auth login.

Repository Integration Checklist

If you did not have the SCA repository integration configured before gaining access to the Mend Platform:

To enable the repo integration, click on Integrations in the Mend Platform and enable the desired integration.

If you had the SCA repository integration configured before gaining access to the Mend Platform:

No additional steps are necessary; the repo integration will use the activation key that has already been configured.

Reference

Data Transition

Applications and Projects

All past scans are available within the new Mend Platform account and are assigned to the corresponding organization.

If you were a Mend SAST-only user before gaining access to the Mend Platform:

During the Mend Platform onboarding, an initial, artificial application named “<Organization Name> First Application” will be created that contains all the newly created projects (formerly Mend SAST applications).

If you were a Mend SAST & SCA user before gaining access to the Mend Platform:

SAST applications are mapped to SCA projects, if possible. The mapping will be based on the name of the projects and the repository URL if it is available.
All projects that can not be mapped will be introduced as new projects and assigned to an artificial application “SAST Migration Application”.
In case a project in Mend SAST was created from the repository integration, its name will be adjusted to the SCA naming convention <repository environment>_<repository name>_<branch name>. For example: "GH_YourRepo_YourBaseBranch".

Groups, Users, and Roles

For Groups:

For each existing former “Mend SAST Application” group, a dedicated group in the Mend Platform is created. Initially, the groups have no meaning or special permissions, they are just templates to be reused for further role assignments:

For Roles:

All former “Mend SAST Application” roles are mapped to a dedicated group (e.g. Scan Manager). Each group will be assigned roles that reflect the permissions they had in the “Mend SAST Application”:
Former “Mend SAST Application” users with the Adminstrator role will become users in the admin group with the Admin role at the organization scope. These users will have unlimited access to all applications in the organization on the Mend Platform.
Former “Mend SAST Application” group roles (Group Scan Manager and Group Read Only) roles will not be given access to the transferred SAST applications (but they will be created so if a user wants to just give everyone access it's one click).
Former “Mend SAST Application” non-group roles (Scan Manager, Read-Only, and Scan Initiator) are given access to the initial SAST application and to all SCA applications.

For Users:

Any former “Mend SAST Application” named-user (including those with the Administrator role) will be added to existing SCA organizations and added to the users group in the Mend Platform:
The former “Mend SAST Application” API Token will become the new user key (My Profile → User Keys) in the Mend Platform.
Service Users: Service users will receive a new artificial email address using the domain of the orgs admin and the current name of the service user used in Mend SAST.

Transition Boundaries

The following details are not transferred to the Mend Platform:

Entity	Details
Issue Triggers	Automated ticket creation is managed with per-finding conditions in the automated Workflows section of the Mend Platform.
Mend SAST Roles	Mend SAST roles are managed on Project level, whereas Mend App roles are managed on the Application level. Therefore, you have no visibility restrictions on scan or project level via user groups anymore. To prevent giving users unallowed access to a project because projects from different groups are assigned to the same application, transferred SAST Group roles will not be given access to any applications.
Notification Triggers	Notifications are managed with per-finding conditions in the automated Workflows section of the Mend Platform.
Report History	Existing reports from the former “Mend SAST Application” will not be transferred to the Mend Platform.
Scan Configuration Templates	The templates are replaced with the Global Scan Configuration in the Mend Platform.