Skip to main content
Skip table of contents

HeroDevs and Deprecated Open-Source Libraries

Overview

Mend SCA offers an alternative mitigation solution for vulnerabilities in deprecated open-source libraries by providing a suggested upgrade path to an available commercial version by HeroDevs, where applicable.

HeroDevs provides extended support, security updates and bug fixes for framework/library versions that are no longer supported by their owner.

The inclusion of HeroDevs enriches the SCA information provided by the Mend AppSec Platform.
End-of-life or deprecated open-source libraries are not necessarily a dead-end for SCA users anymore, as they may still be maintained by HeroDevs under a commercial license, providing you with new upgrade paths and expanding your arsenal for dealing with vulnerabilities in your application’s dependencies.

Mend SCA does the following:

  1. Automatically suggests remediation for vulnerabilities in open-source libraries currently maintained commercially by HeroDevs.

  2. Automatically identifies and flags commercial libraries by HeroDevs in your inventory.

Getting it done

Remediation Suggestions for Libraries Maintained by HeroDevs

To review a vulnerability, follow these steps:

  1. Navigate to your Application or Project.

  2. Navigate to the selected application or project’s Dependencies.

  3. Go to the Findings tab.

  4. Click the vulnerability you wish to review.

image-20250418-173840.png

When a HeroDevs remediation option is available, this will be denoted in the Security Overview section of the Overview tab, as depicted above. That is the default view for any vulnerability.

Additional details about the remediation suggestion are available under the Remediation tab.

image-20250418-174638.png

Clicking the Learn More button on the right will take you to https://www.mend.io/herodevs-integration-lp/, for additional information about HeroDevs on the Mend.io website.

HeroDevs Libraries in your Inventory

Note: This feature requires a HeroDevs license, which can be acquired via HeroDevs.

To see the identified commercial libraries maintained by HeroDevs, follow these steps:

  1. Navigate to your application or project.

  2. Select SBOM from the left panel.

  3. Go to the Commercial tab.

image-20250418-172656.png
  • HeroDevs will be displayed under the License Alias column.

  • A link to https://herodevs.com will be displayed under the Home Page column.

Limitations

As of April 2025, only npm and Maven packages are supported. This means that libraries maintained by HeroDevs will only be identified as such in the Mend AppSec Platform if they are listed in the npm registry or Maven Central.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.